Slashdot Mirror
MINIX: Intel's Hidden In-chip Operating System (zdnet.com)
Steven J. Vaughan-Nichols, writing for ZDNet: Matthew Garrett, the well-known Linux and security developer who works for Google, explained recently that, "Intel chipsets for some years have included a Management Engine [ME], a small microprocessor that runs independently of the main CPU and operating system. Various pieces of software run on the ME, ranging from code to handle media DRM to an implementation of a TPM. AMT [Active Management Technology] is another piece of software running on the ME." [...] At a presentation at Embedded Linux Conference Europe, Ronald Minnich, a Google software engineer reported that systems using Intel chips that have AMT, are running MINIX. So, what's it doing in Intel chips? A lot. These processors are running a closed-source variation of the open-source MINIX 3. We don't know exactly what version or how it's been modified since we don't have the source code. In addition, thanks to Minnich and his fellow researchers' work, MINIX is running on three separate x86 cores on modern chips. There, it's running: TCP/IP networking stacks (4 and 6), file systems, drivers (disk, net, USB, mouse), web servers. MINIX also has access to your passwords. It can also reimage your computer's firmware even if it's powered off. Let me repeat that. If your computer is "off" but still plugged in, MINIX can still potentially change your computer's fundamental settings. And, for even more fun, it "can implement self-modifying code that can persist across power cycles." So, if an exploit happens here, even if you unplug your server in one last desperate attempt to save it, the attack will still be there waiting for you when you plug it back in. How? MINIX can do all this because it runs at a fundamentally lower level. [...] According to Minnich, "there are big giant holes that people can drive exploits through." He continued, "Are you scared yet? If you're not scared yet, maybe I didn't explain it very well, because I sure am scared." Also read: Andrew S. Tanenbaum's (a professor of Computer Science at Vrije Universiteit) open letter to Intel.
Now I have to go change my pants
1) Do AMD processors have similar vulnerabilities or is this an Intel issue only?
2) Why isn't Intel being held responsible to fix this, either by action of lawmakers or through lawsuits for providing a faulty product?
3) Shouldn't Intel either have to patch the vulnerabilities or issue a recall?
Do AMD processors have any counterpart of this nonsense?
This stuff is overblown since these management engines are only ever active in a limited set of corporate environments where out-of-band management is a huge plus that actually improves security by not requiring your IT drone to physically access every system even if it's turned off.
Oh, and don't think your magical AMD saviours are any better. There a TrustZone processor that you have zero control over embedded in their products that does the exact same bad stuff.
AntiFA: An abbreviation for Anti First Amendment.
and we should worry about chinese and russian hackers...
Before the cloud, people used to put their own servers in server rooms. That's the interface to manage your machine from outside.
BSD wins again, tough luck Linux using, GPL commie loooosers, the BSD license is once again behind the worlds #1 operating system. Boo yeah!
I did, and apparently Minux is safe! :)
Because it is functioning as intended for its usage among authoritarian regimes (the US included thanks to Congress, the NSA, CIA, and domestic SigInt/PsyOps.)
The Clipper chip concept was never off the table its implementation just became less 'warrant and seize' and more 'illegal wiretap'.
Apparently, we have been having years of Minux desktop all this time and never knew.
Kids these days...
Andrew S. Tanenbaum is the original creator of MINIX, not just "a professor" at Vrije Universiteit.
We can always use a Raspberry Pi, right?
#DeleteFacebook
that's been around for decades? except they add more stuff to it and now it runs in a separate processor?
if my computer starts acting odd like it is being remote controlled i will first wipe the drive and do a clean install with a newer cleaner more secure operating system, and if this bad behavior still persists i will take a fucking 8 pound sledge hammer to it and turn it in to a pile of junk in short time
Politics is Treachery, Religion is Brainwashing
It's not in the OS...
I've been a MINIX user for a long time. I was introduced to it in college in my operating systems course by the Tannenbaum book. This in-chip weirdness is, uhm, bizarre. However, MINIX is still interesting. It's one of the few microkernel based Unix variants and it's innards are particularly clean and easy to hack on due to it's heritage as a teaching OS. I don't know what the hell Intel was thinking, but don't blame MINIX. Go install it and use this as an excuse to get your own hands dirty. :-)
Q35/45 both have it, although removable.
X55 should not have it, as well as the 5xx0 LGA1366 chipsets. Only the later SoC PCH (Q55 or something?) is supposed to have a management engine onboard. All actual board designs had a non-Intel IPMI or IPKVM implementation if included.
Meaning you can get a dual hex core processor motherboard with up to 192 megs of registered DDR3 @ 1333 on it. Plenty fast enough for the majority of today's processing needs.
However 3,4,5 generations all had limited/broken IOMMU implementations (specifically XAPIC2 support) and no 64 bit BAR support for Intel Xeon Phi, Tesla, or GCN Radeon GPUs, meaning large scale heterogenous GPGPU clusters aren't possible on 'safe' hardware. Not a huge deal since Maxwell V2 and Vega both have signed firmware and management engines of their own, meaning only some older GPUs might be trustworthy depending on their errata and if the bios are truly replacable (AMD had signed segments prior to the current firmwares, which only have a single configurable range usable for changing overclocking settings... supposedly.)
In order to regain freedom, what is really needed is a crowdfunding effort to get the Adapteva Epiphany V available on an expansion card with glue logic for display, memory controllers, vbios/firmware, and PCIe bus access. Following that a RISC-V and/or J4 (The Hitachi SH clones) taped for a common CPU socket with a documented royalty free motherboard chipset reference design capable of supporting both current and future cpu arches that are made electrically compatible.
These three projects, even if not at the same level of performance as ARM or x86 processors, would make a huge shift in the computer industry, potentially giving back both the end-user security, as well as the market diversity people were used to during the x86 heydays of the late 80s through the late 90s.
Let's call this what it is: A variation of the "clipper chip" like the government tried to do years ago, except this is more powerful and way worse. It's a backdoor that can potentially operate at a level few not in certain government departments or Intel top level developers can access. Perhaps it's time to give Intel the cold shoulder. Need to confirm if AMD has this backdoor OS in it's processors or not. Wonder how China and Russia respond to this sort of thing? Will we ever see an end of this screwing the end user for corporate and/or government interests?
"Imagination is more important than knowledge" - Einstein
Minix, that's terrible. What I want to know is why they aren't running HURD.
To lazy to track this down. but I recall something about this Linux thing from Linus Torvalds in the mid 90s ;) lol
this was reported 4 years ago and I remember reading this article awhile back:
https://www.eteknix.com/expert...
"Imagination is more important than knowledge" - Einstein
That's what I'd like to know too.
#DeleteFacebook
This is a huge plot twist in a longstanding argument (monolithic x micro kernel). It had been widely believed Minix was all but dead, but it looks like Minix won against Linux in a way, even if used for evil. Mr. Torvalds is probably not very happy that Intel didn't choose his kernel for their evil deeds.
"I decided I could write something better than everything out there in two weeks. And I was right." - Linus Torvalds
To Access this, Just tell me ;) I will keep it to myself ;) Trust Me ;) Wink Wink
"running on three separate x86 cores on modern chips. There, it's running: TCP/IP networking stacks (4 and 6), file systems, drivers (disk, net, USB, mouse), web servers. MINIX also has access to your passwords."
I keep getting error messages in Windows 10 about the IME being unable to communicate with the "firmware" (aka BIOS). So, if the BIOS is not up to date (as per the manufacturer's lack of interest in these matters when the system is out of warranty) but the IME is, what kind of catastrophic outcome should I expect?
TFA claims the latest version runs on three separate x86 cores. Are these three in addition to the stated number of cores on the chip, or is it running on three cores that I paid for, and interfering with my use?
Just junk food for thought...
The clipper chip was a back-doored encryption device. It has nothing to do with the hardware level access that the ME has in an Intel based system.
If most MSWindows, Macs use Intel processors, then Minix is running on more computers than both making it the most popular OS. Then add in ARM android Linux, and other embedded computers, then this OS family is on 80%** of the computers in the world.
** AMD, old Macs and main frames are the only exceptions.
We have a couple facts here, and a whole bunch of conclusions.
The facts are that there is a general purpose OS running a microkernel in a management layer on unspecified Intel CPUs. This general purpose OS provides at least network accessible management interfaces.
The conclusions are this general purpose OS is infinitely exploitable to steal all your top secret information and redirect all you web requests to the mind control platform of the month.
This Minnich character (I enjoyed that similarity, Minnich/Minix) then jumps to a call to neuter everything below the user installed OS including UEFI. He then juts off on a side tangent and says trust me (He is a Google engineer) to always install good safe firmware on your Chromebook. That was a nice subtle bit of astroturfing there. He also blames Minix for slow boot time on an Open Compute server, not sure where minix plays into that or what axe he is grinding.
Let's look at it a little more objectively. Why do these processor companies keep putting general purpose OSs at a level which was traditionally all hardware/firmware, and why do systems makers use an accesible programming layer to configure hardware like UEFI? Well, whe we were running 386s and 486s we really were running microprocessors. Hardware was relatively static, device support was locked at time of manufacture, processors did processing (with maybe a coprocessor for math) and accessory cards did a single function each. In that time frame supers, like the first Crays, couldn't even boot themselves. They used a completely separate computer to boot and for time scheduling and such. Now today, we have computers which are powerful on the level of the early supers. Our processing no longer all happens on the CPU, but also in the GPU(s) and other pieces in the system. We no longer have external memory and bus controllers, they are built into the processor or the mandatory northbridge, and are much more capable and adaptive. There are hosts of sensors built into modern processors. All of these pieces need to be managed. There is an absolute necessity for a relatively capable computer in there to manage all these pieces.
It used to be done with static logic arrays, controlled by registers, and we called it BIOS, and it had a little interface that could usurp the monitor output and keybpoard and chirp the speaker, later got so fancy it could hijack a mouse on some systems. It was very limited, in fact, on the earliest PCs it didn't have a UI at all, it had dip switches or jumpers on the system board.
Now with the advent of negotiated buses (even memory buses, back in the day I never would have conceived of a CPU being able to ask a memory module what capabilities it possessed and automatically configure timing parameters to best talk to it) the management processor has a lot to do. On high end machines they even do this negotiation on the fly with the advent of hot plug PCI buses and on the fly memory error compensation. By the nature of the beast this management engine has to be able to see all the data buses, otherwise every single connection interface would need an out of band management channel.
I suppose you could make this management engine like a FPGA, configure it once and burn your bridges, no further interraction possible, but then what happens when you need to add or change something?
Likewise it often doesn't need a network interface, but if it doesn't have one then we have to do wake on LAN with yet another baby management computer. How about physical intrusion detection? again, not often needed, but sometimes...
Basically what a general purpose OS in the management layer does is give nearly infinite flexibility. This technology is a big part of the reason so much of our stuff just works.
Now, I am not really a drink the cool-aid from the benevolent overlords kind of guy, I am not at all in favor of secret OSs underpinning our hardware without our knowledge, but let's not throw out the baby too. That capability is in most cases useful
"Proximity to wonder has blunted our perception and appreciation of it" --Tim Hartnell in 'Exploring ARTIFICIAL INTELLI
Thank you for saying that it's off by default - everyone seems to just gloss over that one. More than that, there are only two ways to enable it:
- using a keyboard shortcut during BIOS POST (physical access, the machine is already owned in any number of ways including just taking the drive out, why bother with AMT?)
or
- enable it remotely through arbitrary privileged code execution on the machine (it's owned already) AND you have a certificate issued by a trusted CA specifically for AMT provisioning (costs money), and that certificate's domain matches the one being given out by DHCP at the time of provisioning (meaning the network is owned too). If you already own the machine to the point of executing whatever you like with admin-level permissions, and you own the network to the point of changing DHCP options, why bother with AMT?
For someone to get anywhere with AMT / vPro, they would already have exploited far easier routes to getting anything they could get through AMT / vPro. This is the reason we have seen exactly zero articles about people being exploited in the wild through AMT / vPro - anyone that knows what it actually is, and what it takes to run it, knows there are far easier ways in, and those easier ways are a predicate to using AMT to do whatever they could already do.
It's extremely useful, to those of us who turn it on, because it replaces a $1,000 IP KVM. I don't care to drive an hour and half to the datacenter and an hour and a half back because somebody typoed a firewall or network setting. Much easier to just fix it remotely using IPMI or IME or whatever your vendor calls it this week.
If you don't need remote access to a crashed machine, don't turn it on.
Generally no, arm chips don't have remote management built in. If you have an arm server, you'd do it the "old-fashioned" way, with the remote management processor being on the motherboard. The remote management processor on a mother board for older Intel or AMD CPUs may itself be an ARM cpu in many instances.
Not even a mention of the fact that it is used to spy on users...
First prove your claim and maybe he would address it.
2017 is the year of MINIX on the desktop! All of the desktops...
- For the complete works of Shakespeare: cat
IME can turn the machine on remotely only if there's power to the PSU.
Give me a break. MINIX provides nothing that enables this.
If the ME can image the drive remotely it can certainly change /etc/ssh/sshd_config and /root/.ssh/authorized_keys with a small driver (ext2, etc.). GRUB is way tinier and can handle basic ext2 stuff.
It doesn't matter if the ME is only listening to the LAN. Give a decent blackhat a week and you'll have a package that deploys to an ad network which exploits the browser, then exploits the router, then exploits the ME and opens a remote C&C channel on the next reboot. If you need it quick, poison pid 0 via memory injection and the admin will reboot the server quickly when it 'oddly misbehaves'.
"Cosmic rays" are so 2013...
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
"What's the solution? Well, it's not "Switch to AMD chips". Once, AMD chips didn't have this kind of mystery code hidden inside it, but even the latest Ryzen processors are not totally open." Directly from the article.
Sent from my TARDIS
IPMI has been a thing since the late 90's and similar proprietary systems existed long before that. ok, so now it's on-chip, but that doesn't change the fact that you should know about what traffic is on your LAN.
Someone doesn't know the difference between a board and a chip. A Qualcomm cellular modem with it's baseband processor, such as the famous MDM9600, may be on the opposite end of the circuit board from the CPU. Did you not even read the SUBJECT LINE of my post before spouting off with your stupidity?
Most ARM processors are in fact NOT in smartphones, so there no baseband processor in the device at all. Your car has several ARM processors, your TV probably has one, etc. In total, 86 BILLION ARM processors have been sold.
You might also note the baseband processor is not a remote management interface. The baseband processor cannot access the storage of the device, for example. (Though in one instance the main CPU, which can access the storage, had a backdoor which accepted commands over the modem).
Due to a 'bug' in the code, you can access the AMT with a zero length password. The ME cannot be completely removed, but due to a request from the NSA, it can be disabled with a secret kill switch.
There are so many red flags which would make any Intel x86 CPU suspect that this IME/AMT is indeed a backdoor.
i. Difficult to disable and not even listed in BIOS of old systems build before 2011. (Don't believe the disinformation campaign of some posts here that it can easily be turned off in BIOS)
ii. Very sparse documentation from Intel about this unknown feature.
iii. CPU and whole machine shutsdown after 30 minutes of IME/AMT is tinkered (or disabled via hardware hacks).
iv. Included even in home use versions. Should've only been included in Enterprise where an IT admin requires it.
v. Designed to be very difficult to reverse engineer because it (IME firmware) uses different CPU.
Now if this IME/AMT is NOT a backdoor, there should be complete documentation for everybody, and it should be easy to disable or turn off if not easy to unsolder from the MoBo. But NO, all the above proof just confirms this is a backdoor. Note that this feature can be used as killswitch on your PC/laptops so Intel and M$ can sell you a new one. This is a sick greedy world we're in.
This is good, if resources on our planet is infinite. But sadly, the rare metals in CPU and other electronic parts are not infinite on the crusts of the earth.
For someone to get anywhere with AMT / vPro, they would already have exploited far easier routes to getting anything they could get through AMT / vPro. This is the reason we have seen exactly zero articles about people being exploited in the wild through AMT / vPro
NSA shill detected.
The hijacking flaw that lurked in Intel chips is worse than anyone thought
A query of the Shodan security search engine found over 8,500 systems with the AMT interface exposed to the Internet, with over 2,000 in the United States alone.
Well killed them on Intel according to their FAQ
https://libreboot.org/faq.html...
Anyone who bought a thinkpad laptop with an i5 or better has it on by default. You seriously think it's impossible for anyone other than a business to buy such a laptop?
The shilling here is on overdrive. I first noticed it with Assange and Snowden threads, now it's all over the place.