Purism Now Offers Laptops with Intel's 'Management Engine' Disabled

"San Francisco company Purism announced that they are now offering their Librem laptops with the Intel Management Engine disabled," writes Slashdot reader boudie2. Purism describes Management Engine as "a separate CPU that can run and control a computer even when powered off."

HardOCP reports that Management Engine "is widely despised by security professionals and privacy advocates because it relies on signed and secret Intel code, isn't easily alterable, isn't fully documented, and has been found to be vulnerable to exploitation... In short, it's a tiny potentially hackable computer in your computer that you cannot totally control, nor opt-out of, but it can totally control your system."

Purism writes: Disabling the Management Engine is no easy task, and it has taken security researchers years to find a way to properly and verifiably disable it. Purism, because it runs coreboot and maintains its own BIOS firmware update process, has been able to release and ship coreboot that disables the Management Engine from running, directly halting the ME CPU without the ability of recovery... "Disabling the Management Engine, long believed to be impossible, is now possible and available in all current Librem laptops. It is also available as a software update for previously shipped recent Librem laptops," says Todd Weaver, Founder & CEO of Purism.

Upgrades?

[goombah99]

Does this also mean they can "unlock" the soft-locked downgrades on the cheaper processor series to make them full strength?

So if the management engine isn't actually necessary what actually does it provide?

Is this new one open source? or have we met the new boss, same as the old boss?

What country is Purism based in or owned by?

Re:Upgrades?

[fph+il+quozientatore]

So if the management engine isn't actually necessary what actually does it provide?

Oh, honey. It's a backdoor by the NSA. They can remotely access your computer, no matter what is installed on it, and even if it's turned off. No, I'm not kidding and it's not a conspiracy theory.

Re:Upgrades?

[PolygamousRanchKid+]

So if the management engine isn't actually necessary what actually does it provide?

It provides an excellent opportunity for your government to get to know you better! Your wants, your needs . . . your seditious thoughts and deeds . . . whether you voted for President Zuckerberg or not . . .

What country is Purism based in or owned by?

Does it even matter any more . . . ? The British share their "intelligence" with the Americans, who usually just buy it from some "leaky" old German SED folks who are still working on the taxpayers' dime to undermine the evil capitalist system. A better question would be to ask which companies own which countries.

The Clintons sell stuff to Russia; Trump "makes business deals" with Russia, but in Putinist Russia Parlance, it looks like "Russia dealed him!"

Hey, the various leaders of the world are deeply divided on social and political issues, but they are united in one common goal . . . to keep an eye on, and control their populations.

I'm American, grew up there, and lived there until I graduated from college, but have been living and working in Europe since then. (It wasn't really planned; it just kinda sorta happened). On one business trip to scenic Austin, Texas, I drove by a car dealership and something unsettled me, but I couldn't determine what it was . . .

. . . until I realized that there were signs advertising "Pre-Owned Cars!" Um, wouldn't that be what we used to call, "Used Cars" . . . ? Isn't that what they really are . . . ? At any rate, why call this critter the "Intel Management Engine"? To be honest, Intel should call it, "The Intel Secret Backdoor To Your Computer, Allowing Access For Folks Who You Do Not Want!"

Re:Upgrades?

Despite Intel's claims, ME is a backdoor.

If it wasn't a backdoor they would let you completely remove it.

It's a dumpster fire of privacy issues, security problems and blatant government snooping.

Re:Upgrades?

[guruevi]

On your first question, usually the cheaper processors these days are actually different layouts, a long, long time ago this wasn't the case but then it was a case of binning, you could potentially get lucky but it was usually a more expensive model that got rejected but still ran on slower speeds with large portions of cache and other features disabled (eg. due to low yields on the wafer). These days production has gotten smaller, better and cheaper so yields are rarely a problem and even if they were, they probably wouldn't produce useful products anymore.

The management engine provides exactly that, management. It's intended for servers and enterprise systems. It's a form of baked-in IPMI and these days runs a version of MINIX. It can connect either directly or over VPN to your corporate environment and then you can remotely manage the machine, it can do security posture assessments (because it's not controlled by the OS, it can peer into hypervisors or compromised hosts), it can even emulate a serial port so you can connect to your host if you're running Linux/Unix-type systems.

Nothing about this is open source besides it being based on MINIX, to actually use it you have to pay Intel for their closed source software to be able to access the devices.

Purism is a computer technology company based in South San Francisco, California and registered as a social purpose corporation in the state of Washington.

Re:Upgrades?

A secure laptop should have verified boot because it addresses an attack model that has become more important after the Snowden revelations. We learned that:

  - NSA wants to keep their best exploits secret. For example, it uses more valuable exploits on less technically sophisticated targets who are less likely to discover them.
  - NSA goes to great lengths to achieve persistence, for example hard drive firmware attacks that expose the exploited code the first time a sector is read, at boot, but the original code from then on, when the system is scanned for malware or checksum mismatches.
  - NSA has many BIOS- and firmware-level attacks because it wants persistence even if the OS is wiped and replaced.
  - It's unrealistic to expect we will ever patch all the bugs the NSA knows about.

Verified boot is very powerful in this scenario because, even if you don't know about a bug, it can stop that bug from permitting secret persistence. It drives persistence techniques into the open. For example, to attack ChromeOS and survive a reboot, they may need to install a malware extension, which can be audited from cloud side thus making everyone a technically-sophisticated target.

Intel breaks verified boot with their FSP blob. Verified boot starts with "read only" firmware which contains the verified boot key(*), checks the signature on the read-write firmware and jumps to it. But the processor must be fed the FSP blob before it runs the first instruction, so there's no way to check a signature on the FSP blob. A variety of CPU errata are fixable by updating the FSP blob, so it's prohibitively costly warranty exposure to leave the FSP blob un-updateable by linking it into the read-only firmware.

This undermines the defense ecosystem / attack recovery benefits described above. To get them, all state on the machine needs to fall in one of three categories:

  1. not verified but impossible to change without physical access (ex. "remove the developer screw" on Chrome OS, or the trivial solution of replacing the entire CPU with a backdoored one)
  2. auto-updateable, but verified by boot signature chain
  3. wipeable user data

The first verified-boot key in the chain is in bucket 1, and other keys are in bucket 2. But Intel FSP inserts step 0:

0. CPU and RAM bring-up code: auto-updatable and not verified by boot signature chain.

It undermines the entire purpose of verified boot.

Disabling the ME is not very convincing unless there is some verified-boot way to make sure it stays disabled. The hypothetical persistent attack would simply un-disable the ME, so part of the problem is that it's there at all for an an attack can turn it on: it's a perfect hardware rootkit that can surveil without detection. There is no verified-boot way to disable the ME because of the FSP, so this Purism promise is pretty close to snake oil. They have hand-wavily reduced the attack surface somewhat, so it's not worthless, but it's not enough to fundamentally unbreak Intel's platform security-wise.

AMD has a similar blob called PSP. Many ARM chips also have this problem. FWIH Rockchip does not, so currently I would suggest a Rockchip Chromebook over Purism if security is the goal.

(*) You may have heard verified boot uses TPM. This is to prevent rollback from a current patched version of the OS to an old exploitable version without wiping user data first. The TPM starts in "willing to roll back counter if asked" mode, but before the program running on the CPU exposes its full attack surface, it either wipes userdata or sets the TPM into "only willing to roll forward the counter" mode. The read-only firmware obviously cannot maintain state. The purpose of the TPM is to maintain state with rules, and in this case the "rule" is a fuse that's reset on each reboot.

Re:Upgrades?

No, it's in all Intel motherboards made in the last 7-10 years.

And the BIOS doesn't disable it. It just makes it unresponsive to YOU - all this has been documented.

For the Win!

[DaMattster]

I am in need of a new laptop now that my poor Lenovo T420 has completely died. I think I will go and buy one of these. Intel's Management Engine is spyware and exploitware and the fact that you cannot disable it is really and truly evil. AMD is no better.

Re:For the Win!

[Aighearach]

I recently bought a T560 and it doesn't have the parts of the Intel ecosystem that were accused of being "spyware," which is not the IME itself but the AMT (Active ManagenT).

Just take a look at Intel's CPU lineup; only the more expensive chips have it. You can get the upgraded CPU in most Thinkpads, but take a careful look at the specs and prices; the CPU with the Intel Management Engine costs a lot more and is only very slightly faster; most of the increased price is for the IME! It makes sense to buy it if you're in a corporate environment that buys the management software from Intel, but for regular users just choose the regular CPU and be happy.

The nonsense about being able to turn it on remotely requires it to actually have two parts installed, the IME and also the AMT module. The IME doesn't do anything without the AMT. People will present a bait-and-switch (and many of them are merely confused about the features, not even intentionally dishonest) where they talk about the IME being present in most Intel chipsets, but they when they start talking about the dangers they're talking mostly about the AMT which is the part that can actually be used remotely and isn't even installed on most systems.

Another part that people aren't understanding is that the AMT has to be turned on to be used. The remote stuff only works after it has been "activated" and also "provisioned." Provisioning is the step where it becomes able to listen to the network.

The reality is that you can't trust any hardware. It all comes out of factories you aren't allowed to inspect, it all runs proprietary microcode underneath the "registers" and "CPU instructions" that are presented to the programmer in a way that mimics older chips where the programmer directly accessed real registers using actual CPU instructions. Now those instructions are just an API. You don't know how it really works; you don't have access and it isn't publicly documented. There is more source code at a lower level than ASM, and nobody has access. Even if you buy an open source CPU, it is manufactured in facility controlled by others and is made up of proprietary logic gates and hidden microcode.

If there was an alternative, the IME concerns would be more valid than they are. This is scary mostly to ignorant people who think they otherwise would know what the CPU is doing. If you understand the way this technology really works, then the dangers in IME are present in all integrated circuits, all the time! Possibly excepting "new old stock" of ancient microcontrollers.

Excellent

[gweihir]

It is time to regard the ME (and the AMD equivalent) as what they are: Hardware back-doors. I would like to see more research into breaking into them, disabling them and eventually also reprogramming them. Until the CPU manufacturers hand out full documentation and a reliable way to disable, they must be regarded as malicious attackers in any scenario where security matters.

In the end, this is a good thing however. With a bit of luck, nobody will get away with hidden undocumented hardware in the not so distant future.

Re:Mitigation

[fph+il+quozientatore]

The ME has full access to RAM, at all time. What tells you they haven't saved your encryption key the last time you used it?

We need software freedom. Always.

[jbn-o]

We already knew from their announcement that they were backdoors, and the Intel ME security problems confirmed this. In addition to documentation on how to use and disable the system, we also need software freedom—controlling our own computers requires the freedom to run, inspect, share, and modify the software, and exclusive control over any encryption keys used so we can decide who else gets to control the hardware with us. Until we have software freedom these devices are not good at all, they are a clear threat to our ability to exclusively control our own computers.

This is also why computers with other architectures are so interesting and important. As far as we know POWER, PPC, and other architectures either don't have backdoors built into the hardware or the comparable hardware comes with user-revocable keys and respect for our software freedom. This is a good time to get away from Intel/AMD systems. They're not trustworthy.

Re:Fuck these Intel chips. Buy from AMD.

[markdavis]

>>AMD has similar features in theirs as well.

>Do you have any evidence of this? I'd like to learn more about that
A link or two would be nice.

Platform Security Processor (PSP); it is exactly the same as Intel's backdoor- hardware based, secret, non-controllable.

https://hothardware.com/news/a...

https://www.techpowerup.com/23...

https://libreboot.org/amd-libr...

https://en.wikipedia.org/wiki/...

Obligatory:Intel CPU Backdoor Report (May 5 2017)

All Intel did was added another hidden switch only they know how to switch on, like a unique wifi signal or magic packet on the onboard nic.

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."

"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."

"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."

"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide [github.io] using the me_cleaner [github.com] script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection [win-raid.com] and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked with the engineering department and they confirmed it.

Long version:

Re:Sigh.

[gamorck]

"Preorder from $1,199"

For a Core M, Intel HD Graphics, 8GB, 11.6" laptop.

That's some pricey freedom.

They don't even have a model with an Ethernet port (which makes me question what disabling the ME actually does anyway, because isn't the ME for things like OOB access?).

Sorry, but - as always - I have to live in the real world rather than some scene out of Hackers. And if I really valued my freedom and genuinely thought things like this were the threat, I wouldn't be using any of these machines, no matter the cost.

They don't include an ethernet port on the machines because there is no compatible hardware they can install on their devices which can be operated within Linux without requiring use of a firmware blob. As a Purism Librem 15v3 owner, I'm not quite as hardcore as Purism themselves are, so I am willing to use firmware blobs for specific devices. So instead of PureOS I run Arch. I have also replaced the 100% libre Atheros wifi hardware with an Intel module because the Atheros module had les than great performance (plus doesn't support 802.11ac). As for ethernet, I have a USB3/Ethernet dongle that I use for that purpose. Having said all that, I have used Purism's update to completely disable Intel ME on my laptop and everything is working without a hitch. I don't trust Intel ME. I'm willing to trust tiny firmware blobs for specific devices in specific cases. I'm not willing to trust an entirely seperate and unauditable system that operates independently and secretly. No sir. IME is a cancer (and PSP by extension) on modern day computing.

To those that claim that you can disable and remove Intel ME on other laptops, so this really isn't a big deal or particularly notable. You are telling half truths. For older hardware that is certainly true. For Skylake level hardware there are no other devices that that had have or currently can have the Intel ME removed/neutralized/disabled. me_cleaner doesn't support Skylake level systems yet. In fact the Purism update process makes use of a forked version of the me_cleaner which contains changes Purism has made to accomodate their Skylake hardware. They plan on switching back to me_cleaner once all of their patches are accepted in the upstream project.

But hey, don't take my word for it. Cruise the blogs and forums on Purism's website if you want to learn more. Don't take my word for it. Don't take anybody's word for it. Especially not Intels much less AMDs.

Re:Who is their real customer?

[swilver]

There is also the group that doesn't want to be treated like criminals.

No need to be paranoid to watch over your privacy. Frankly, it is nothing short of amazing how much stuff already happens behind your back and is innocently sending data back home... any application that can send data, can set up a reverse tunnel to do whatever it likes.

Therefore I went back to the way internet was accessed before the turn of century: you access it by proxy (socks5 or otherwise), and if you donot know the proxy, then no internet for you. The amount of stuff that gets blocked this way is amazing, and what's more amazing, there's is no complaining... just sneakily use the internet, but if it is not there, let's not alert the user about it.

Packet filtering?

[nyet]

Why not just filter all IME frames at the ethernet switch level?

Oh reeeeeeeeeeally...

[JustAnotherOldGuy]

"Purism Now Offers Laptops with Intel's 'Management Engine' Disabled"

Or is that just what they want you to believe, hmmm? (cue the paranoia music...)