Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Working To Remove MINIX-Based ME From Intel Platforms (tomshardware.com)

Posted by BeauHD on from the repeal-and-replace dept.

An anonymous reader quotes a report from Tom's Hardware: Intel's Management Engine (ME) technology is built into almost all modern Intel CPUs. At the Embedded Linux Conference, a Google engineer named Ronald Minnich revealed that the ME is actually running its own entire MINIX OS and that Google is working on removing it. Due to MINIX's presence on every Intel system, the barebones Unix-like OS is the most widely deployed operating system in the world. Intel's ME technology is a hardware-level system within Intel CPUs that consists of closed-source firmware running on a dedicated microprocessor. There isn't much public knowledge of the workings of the ME, especially in its current state. It's not even clear where the hardware is physically located anymore.

What's concerning Google is the complexity of the ME. Public interest in the subject piqued earlier this year when a vulnerability was discovered in Intel's Active Management Technology (AMT), but that's just a software that runs on ME--ME is actually an entire OS. Minnich's presentation touched on his team's discovery that the OS in question is a closed version of the open-source MINIX OS. The real focus, though, is what's in it and the consequences. According the Minnich, that list includes web server capabilities, a file system, drivers for disk and USB access, and, possibly, some hardware DRM-related capabilities. It's not known if all this code is explicitly included for current or future ME capabilities, or if it's because Intel simply saw more potential value in keeping rather than removing it.

9 of 181 comments (clear)

  1. Obvious question by squiggleslash · · Score: 5, Funny

    ...has anyone figured out how to get a shell prompt in this MINUX system?

    --
    You are not alone. This is not normal. None of this is normal.
    1. Re:Obvious question by complete+loony · · Score: 5, Interesting

      What about JTAG?

      --
      09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
    2. Re:Obvious question by slickwillie · · Score: 5, Funny

      I think a more obvious question is what are the odds that a guy named "Minnich" discovered "Minix" running on the CPUs?

    3. Re:Obvious question by mentil · · Score: 5, Funny

      Minimal

      --
      Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
  2. More instances of MINIX than Linux! by Anonymous Coward · · Score: 5, Funny

    Tanenbaum gets the last laugh over Torvalds.

  3. Cue the skeptics by Anonymous Coward · · Score: 5, Insightful

    It seems like just a day ago, there was a Slashdot posting about this, and several highy-rated comments amounting to "naw man, there's no way this could be a problem!"

    So with all the verifiable, proven news of backdoors being built-in to software and hardware over the past decade, and all the news of vulnerabilities in software and hardware that compromise systems, people say "nah, not a problem, see, you can turn it off" about this "computer in my computer." Really? It's off?

    I'm not seeing reports saying "The Intel ME is off by default in consumer devices, and this is verified by researchers." In fact, I'm seeing the opposite, which says that the Intel ME is always on. Do we have any proof that the "off switch" in BIOS actually makes this feature unexploitable? Because, really, that's what I want: I want this feature to be unexploitable, and the only way I can be sure of that is for it to be disabled, for real, because I don't need this feature.

    So yeah, please forgive us all if we are just a BIT skeptical about Intel ME. Forgive us if we're skeptical of spokespersons at Intel saying "There's no problem with this feature."

  4. Re:It's in the SouthBridge not CPU dammit by Z80a · · Score: 5, Insightful

    The remote management tools are off by default, but you still need the chip on to run the power management software on it, or the CPU turns off in 30 minutes.
    And as it is a black box, it might be doing several other tasks while doing the power management.

  5. Re:It's in the SouthBridge not CPU dammit by Anonymous Coward · · Score: 5, Insightful

    2) It's OFF BY DEFAULT.

    We don't believe Intel's claims. After the Edward Snowden revelations, after the way that an exploitable backdoor was hidden in the Dual_EC_DRBG standard, after news that Microsoft works to provide backdoors in its Windows operating system, and after government officials have insisted that backdoors must be provided, we just don't trust Intel. The ME has the potential to be the most perfect backdoor in almost every computer. And if the Intel ME is a backdoor, then most of our computers are vulnerable if anyone (anywhere in the world) learns how to exploit it.

  6. EFF analysis by Craggles · · Score: 5, Informative

    https://www.eff.org/deeplinks/...