Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Google Intel Operating Systems Open Source Software Unix Linux Technology

Google Working To Remove MINIX-Based ME From Intel Platforms (tomshardware.com) 180

An anonymous reader quotes a report from Tom's Hardware: Intel's Management Engine (ME) technology is built into almost all modern Intel CPUs. At the Embedded Linux Conference, a Google engineer named Ronald Minnich revealed that the ME is actually running its own entire MINIX OS and that Google is working on removing it. Due to MINIX's presence on every Intel system, the barebones Unix-like OS is the most widely deployed operating system in the world. Intel's ME technology is a hardware-level system within Intel CPUs that consists of closed-source firmware running on a dedicated microprocessor. There isn't much public knowledge of the workings of the ME, especially in its current state. It's not even clear where the hardware is physically located anymore.

What's concerning Google is the complexity of the ME. Public interest in the subject piqued earlier this year when a vulnerability was discovered in Intel's Active Management Technology (AMT), but that's just a software that runs on ME--ME is actually an entire OS. Minnich's presentation touched on his team's discovery that the OS in question is a closed version of the open-source MINIX OS. The real focus, though, is what's in it and the consequences. According the Minnich, that list includes web server capabilities, a file system, drivers for disk and USB access, and, possibly, some hardware DRM-related capabilities. It's not known if all this code is explicitly included for current or future ME capabilities, or if it's because Intel simply saw more potential value in keeping rather than removing it.

Google Working To Remove MINIX-Based ME From Intel Platforms

Comments Filter:
  • by squiggleslash ( 241428 ) on Thursday November 09, 2017 @06:43PM (#55522361) Homepage Journal

    ...has anyone figured out how to get a shell prompt in this MINUX system?

  • by alexhs ( 877055 ) on Thursday November 09, 2017 @06:52PM (#55522415) Homepage Journal

    Google Working To Remove MINIX-Based ME From Intel Platforms

    ... and replacing it with Android. "Just how much juicy monetizable user data could we get that way?"
    (I believe I'm joking, but I'm not completely sure...)

    • Seriously, and no joke, chromebooks disable the ME after boot.

      • by epine ( 68316 )

        Seriously, and no joke, Chromebooks disable the ME after boot.

        Do Chromebooks use the off switch, like most people do to turn their PC "off", or do Chromebooks actually unplug ME from the wall socket?

        I have more confidence in the second method.

        • For chromebooks where google can't use their own openbios-based stack,
          they use heavily modified firmware, where the ME part running on the micro-controller embed in the chipset is reduced to the base minimum necessary to get the chipset running.

          Among other, all the juicy bits that are targeted by ME-exploits (half-broken webserver serving as the user-interface, capability to reflash the UEFI/BIOS while the main Intel CPU isn't even powered, VNC-like server with USB-over-network extensions, etc.) are all rem

      • there is a "minSKU" available that Google and Apple use that has ME alive long enough to bring up the system, do the secure boot stuff then dies.

    • by Anonymous Coward

      I doubt it...Ron has long been a linuxBIOS/coreboot guy and he has always been very clear that true open hardware means you can build your firmware from source.

      I don't trust google at all any more but I'll gladly trust Ron to do it right....but maybe I trusted him a little more when he was a LANL or Sandia guy ;-) j/k Ron.

  • by iCEBaLM ( 34905 ) <icebalm&icebalm,com> on Thursday November 09, 2017 @06:54PM (#55522425)

    Due to MINIX's presence on every Intel system, the barebones Unix-like OS is the most widely deployed operating system in the world.

    Hrmm, so some of these intel systems would have linux on it, and linux would be on some AMD x86 systems, and intel ME isn't on Qualcomm/ARM chips in mobiles that android (linux) runs on, or any of these IoT devices. I'm willing to wager there are more mobile phones in the world than intel ME enabled PCs at this point.

    • by G00F ( 241765 ) on Thursday November 09, 2017 @07:10PM (#55522487) Homepage

      Hrmm, so some of these intel systems would have linux on it, and linux would be on some AMD x86 systems, and intel ME isn't on Qualcomm/ARM chips in mobiles that android (linux) runs on, or any of these IoT devices. I'm willing to wager there are more mobile phones in the world than intel ME enabled PCs at this point.

      On top of that, I'm willingto be there are more linux VM's than intel ME enabled CPU's.

    • by Anonymous Coward

      Which is enabled/disabled in the stage0 bootloader usually, with signing/hashing just like the Intel ME firmware.

      The only difference is that the TrustZone stuff runs on ARM cores and may run either on the primary cores, or a dedicated coprocessor depending on the design chosen by the downstream chip designer.

      Earlier versions of TrustZone as well as the ARM Java/JVM stuff (I forget what those extensions were called, but they were basically the predecessor to TrustZone) were completely proprietary, required e

    • intel ME isn't on Qualcomm/ARM chips in mobiles that android (linux) runs on, or any of these IoT devices. I'm willing to wager there are more mobile phones in the world than intel ME enabled PCs at this point.

      The correct mention would be :
      MINIX is the most widely deployed OS on desktops in the world.

      But indeed, the desktop themselves are completely dwarfed by the embed world, were Linux seems to be the king.

      and linux would be on some AMD x86 systems

      BTW, IPMI [wikipedia.org] is the industry standard for "lights-out management" (and Intel ME/AMT is the Intel proprietary "lights-out management").

      According to several presentation at conferences :
      - lots of IPMI implementation run actually Linux on their embed micro-controller.
      (Meaning that even in the server room/cluster/da

      • by jabuzz ( 182671 )

        Except that the IPMI on a server usually is plugged into a dedicated ethernet port all of it's own. Well at least all of mine are.

        Those ethernet ports are all highly segregated into a VLAN all of their own with very limited access to the outside world. They can hop to specific NTP servers and that's it. Everything else is contained within the VLAN itself.

        So while I expect the lights out management to be buggy and badly maintained (I have to keep a raft of ancient web browsers available on console server to

    • Due to MINIX's presence on every Intel system, the barebones Unix-like OS is the most widely deployed operating system in the world.

      Finally I can declare this is the year of Linux on desktop :)

  • by Anonymous Coward

    Guys, can you at least get your facts straight before doing another FUD piece on the Intel ME?

    1) The ME is not in the CPU, it's in the chipset, specificly it's loaded in the firmware of the firmware hub, and the "hidding processor" is in the chip we typically call the South Bridge.

    2) It's OFF BY DEFAULT.

    Go ahead and check it yourself:

    INTEL-SA-00075 Detection and Mitigation Tool
    https://downloadcenter.intel.com/download/26755

    • by Z80a ( 971949 ) on Thursday November 09, 2017 @07:43PM (#55522683)

      The remote management tools are off by default, but you still need the chip on to run the power management software on it, or the CPU turns off in 30 minutes.
      And as it is a black box, it might be doing several other tasks while doing the power management.

    • by Anonymous Coward on Thursday November 09, 2017 @08:01PM (#55522819)

      2) It's OFF BY DEFAULT.

      We don't believe Intel's claims. After the Edward Snowden revelations, after the way that an exploitable backdoor was hidden in the Dual_EC_DRBG standard [arstechnica.com], after news that Microsoft works to provide backdoors in its Windows operating system [archive.org], and after government officials have insisted that backdoors must be provided [theintercept.com], we just don't trust Intel. The ME has the potential to be the most perfect backdoor in almost every computer. And if the Intel ME is a backdoor, then most of our computers are vulnerable if anyone (anywhere in the world) learns how to exploit it.

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        we just don't trust Intel.

        Fair enough, but why would you trust Google?

        • Re: (Score:3, Interesting)

          by Anonymous Coward

          why would you trust Google?

          I don't trust Google. But it certainly is interesting news that Google doesn't trust Intel, either.

          • Just to square that circle, is there any reason at all for Intel to trust Google? Do they count the money, and remain prepared to spit?
      • I agree. Supposedly it's built into every Intel chipset, which means they spent money reserving the silicon and firmware real estate to have it there.

        Its existence is default, even in low-end chipsets aimed at the consumer market, but 99.99% of the time it's disabled and simply a total waste of money and resources. Honest!

        I don't buy it.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      2) If the ME isn't running or is running incorrectly, the platform will not power on. It may be completely unreachable from the network in some implementations, but it is the arbiter of whether the system will turn on or not. It's easier to describe it as 'disabled', but it certainly is running.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      It is not in the CPU, but that hardly makes a real difference. I'm not sure why people are getting all pedantic about whether it is in the CPU or in some part that is always paired with the CPU to run. The ME seems to be able to make out-of-band requests to the CPU to do potentially anything (including read memory locations). Sure it may not be able to be super high performance over DMI compared to being on CPU, but it's plenty good enough to be worried about it.

    • Yea nope. Read the previous slashdot article on this. Minix is running even with your desktop pc powered down. Which makes this doubly pernicious for even those just casually concerned with security.

    • by Anonymous Coward

      Trust is so easy to loose and so hard to regain, they have some history of making shaddy things, remember their compilers tampering code to run bad on non-Intel processors? or that time when they shipped "Windows vista ready" GPUs that weren't (Microsoft had to lower their requirements)
      https://www.theinquirer.net/inquirer/news/1558372/intel-caught-dodgy-gpu-drivers
      Or all those laughs accounting had when the Pentium's FDIV bug appeared.
      Well, sometimes they fix problems fast: https://www.pcworld.com/article/2

    • by ccr ( 168366 )

      Actually some sources say that it has been in the "North Bridge", e.g. what has been known as "Platform Controller Hub" ( https://en.wikipedia.org/wiki/... [wikipedia.org] ) for some time. For example, see ME references in https://www.intel.com/content/... [intel.com]

      However, it is stated in the above Wikipedia article: "Beginning with ultra-low-power Broadwells and continuing with mobile Skylake processors, Intel incorporated the clock, PCI controller, and southbridge IO controllers into the CPU package, eliminating the PCH for a sys

  • by Anonymous Coward on Thursday November 09, 2017 @06:57PM (#55522439)

    Tanenbaum gets the last laugh over Torvalds.

    • Tanenbaum gets the last laugh over Torvalds.

      Yes. We should put Andy in the hall of fame with the guy who invented stock derivatives. He wasn't responsible for the way others used it, either. :-)

      Insert your story of unwitting engineers facilitating people who do really bad stuff here.

  • by viperidaenz ( 2515578 ) on Thursday November 09, 2017 @07:00PM (#55522449)

    It's the year of the Minix desktop!

  • This doesn't line up with what I have heard over the past few months:

    "Intel's Management Engine (ME) technology is built into almost all modern Intel CPUs."
    and
    "Intel's ME technology is a hardware-level system within Intel CPUs that consists of closed-source firmware running on a dedicated microprocessor."

    How can the IME be INSIDE the CPU, when it's widely known that it monitors packets coming from your ethernet connection EVEN IF YOUR COMPUTER IS POWERED OFF? If it's powered off, there is no power going
  • by Checkered Daemon ( 20214 ) on Thursday November 09, 2017 @07:08PM (#55522475)

    Google might want to talk to Purism, who claim to have completely disabled Intel's ME in their secure Linux based laptops.

  • You should peruse this great website which talked about this three days ago...
    https://tech.slashdot.org/stor... [slashdot.org]

  • Cue the skeptics (Score:5, Insightful)

    by Anonymous Coward on Thursday November 09, 2017 @07:18PM (#55522523)

    It seems like just a day ago, there was a Slashdot posting about this [slashdot.org], and several highy-rated comments amounting to "naw man, there's no way this could be a problem!" [slashdot.org]

    So with all the verifiable, proven news of backdoors being built-in to software and hardware over the past decade, and all the news of vulnerabilities in software and hardware that compromise systems, people say "nah, not a problem, see, you can turn it off" about this "computer in my computer." Really? It's off?

    I'm not seeing reports saying "The Intel ME is off by default in consumer devices, and this is verified by researchers." In fact, I'm seeing the opposite, which says that the Intel ME is always on. Do we have any proof that the "off switch" in BIOS actually makes this feature unexploitable? Because, really, that's what I want: I want this feature to be unexploitable, and the only way I can be sure of that is for it to be disabled, for real, because I don't need this feature.

    So yeah, please forgive us all if we are just a BIT skeptical about Intel ME. Forgive us if we're skeptical of spokespersons at Intel saying "There's no problem with this feature."

    • Re: (Score:2, Insightful)

      by thegarbz ( 1787294 )

      ME is always on, but it has many functions that do not involve any kind of remote access. By contrast the remote functions are disabled.

      Now really? Are they? Well until someone can prove to me that there's some way of getting a TCP packet to fly through the internet and into an ethernet port without a second IP address, without additional MAC address, and which doesn't appear to respond to any normally routable packet on any port, I really don't care how off or on it is.

      As the old adage goes: If someone has

  • by DaMattster ( 977781 ) on Thursday November 09, 2017 @07:20PM (#55522529)
    This may be worth 0.02 or less but I believe the vulnerabilities can be mitigated somewhat by using disk encryption. I store all of my data on virtual encrypted file system with a hardware decryption key. When I am done with the filesystem, I just unmount it and remove the USB thumb drive that acts as the decryption key. Yes, it's a pain in the ass and yes, it really only works on desktops. It is a little impractical to do this on a server. It would be good for Google to find a way to stop this Intel menace.
    • Re:My thoughts (Score:5, Interesting)

      by arth1 ( 260657 ) on Thursday November 09, 2017 @07:57PM (#55522797) Homepage Journal

      This may be worth 0.02 or less but I believe the vulnerabilities can be mitigated somewhat by using disk encryption.

      And what do you use to encrypt and decrypt that data, so it never passes through the CPU or south bridge?

    • The ME has DMA access to memory and disks and can open a network socket the main computer won't even be aware of. Any protection scheme on the computer can easily be subverted by the ME because it has ring 0 access to everything in the CPU such as, the kernel, the RAM, the disks and the network port. All communication to the CPU goes through the ME first. So when your computer decrypts that drive the ME can intercept and record the decryption key, it's also fully capable of decrypting the disk itself.

      Now do

      • The ME has DMA access to memory and disks and can open a network socket the main computer won't even be aware of. Any protection scheme on the computer can easily be subverted by the ME because it has ring 0 access to everything in the CPU such as, the kernel, the RAM, the disks and the network port. All communication to the CPU goes through the ME first. So when your computer decrypts that drive the ME can intercept and record the decryption key, it's also fully capable of decrypting the disk itself.

        Now do you realize why people are so scared of it?

        I had no idea that the vulnerability ran that deep! This is bad

  • Intel's ME being based on MINIX [ptsecurity.com] is quite old news. Or at least, based on the summary. Is there anything new in the talk that should have been in the summary / writeup?
    • During the week, Tanenbaum was trying to troll Linus and RMS by suggesting there were more MINIX installs than Linux and that was because Linus had chosen the GPL.

      • Re: (Score:2, Insightful)

        by boudie2 ( 1134233 )
        If Tannenbaum had licensed Minix as GPL instead of BSD, Intel couldn't have done this.
  • by Tough Love ( 215404 ) on Thursday November 09, 2017 @07:21PM (#55522539)

    Due to MINIX's presence on every Intel system, the barebones Unix-like OS is the most widely deployed operating system in the world.

    I seriously doubt this claim. Phones have outnumbered PCs for years, for one thing. And Linux is deployed maybe even in more TVs and routers than phones, and numerous other embedded systems, now increasingly including cars. Anybody with decent stats on this?

    • From everything I've read, this started before the smart phone craze, some where around 2007-2008. With that being said, they had a very good head start which may still allow them to claim the biggest installation base. Also don't forget all those "cloud" servers...

      • From everything I've read, this started before the smart phone craze, some where around 2007-2008. With that being said, they had a very good head start which may still allow them to claim the biggest installation base.

        Most of those PCs are in landfill today. I guess somebody just pulled the claim out of their ass.

    • by Zocalo ( 252965 )
      While I think it's probably started to get pretty close, I suspect that *NIX (there is lots of BSD in the embedded space) hasn't quite knocked some of the more popular RTOSs - like QNX or VxWorks out of the park for embedded systems just yet either, and it gets even more messy if you take into account that many RTOSs are actually derived from *NIX OSs. There are an *awful* lot of home, office, and industrial appliances running something like QNX/VxWorks behind the scenes, and you typically have far more of
      • You are right that there are more RTOS computers out there than the sum of all general purpose computers, including personal, handset and data center. However, you are most probably not right that any one RTOS covers more devices than Linux does. Hell, I strongly suspect that my thermostat is running Linux, judging by the web connectivity options it has. And Wind River, one of the biggest vendors in the RTOS space, has been offering https://www.windriver.com/prod... [windriver.com]>its own flavor of Linux for years. Plu

        • Except it seems more like a hack, than proper design. We tried really hard with 2.4 and 2.6 kernels, and could not come near the vxworks performance for a wireless BS/CPE. The 2.4 worked better. The 2.6 was faster, but crashed a lot and didn't make it out of development. Mind you, I hated vxworks and Wind River, but they could charge like a mofo because they knew they had better OS.
          • What is "it", PREEMPT_RT or Xenomai? Not doubting your report, but 2.4 and 2.6 are both ancient.

          • We tried really hard with 2.4 and 2.6 kernels, and could not come near the vxworks performance for a wireless BS/CPE.

            By the way, Linux seems to work out fine for these guys [saankhyalabs.com] and you already know the license cost.

  • by Bruce Perens ( 3872 ) <bruce@perens.com> on Thursday November 09, 2017 @07:39PM (#55522665) Homepage Journal

    First, not all Intel systems that are capable of it actually have the management engine software. Second, the Intel PC motherboard probably does not hold the "largest number of systems" title, that might belong to Android phones. And anyway isn't the fact that MINIX with its BSD/MIT style licensing was used for the most user-hostile system in recent time an indictment of that license? You would not see GPL software used for this, for obvious reasons, and people who use GPL should be proud of that.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      The idea that a GPLed operating system wouldn't be used for this doesn't make sense. There is nothing preventing a company like Intel from using a minimal GPLed OS for this task. In fact, companies have used GPLed kernels, like Linux, in the past for locked down or embedded devices. Just look at the TiVo issue.

      So not only can you use a GPLed kernel for this sort of thing, people have, GPL advocates have nothing to be proud of in this instance because there is nothing in the license which prevents a company

      • If the OS were GPL'ed, then the source code would have to be made available upon request. Making the source code available would mitigate much of the concern that the OS is not trustworthy, as in principle third parties could look for flaws and undocumented features.
        • by Bruce Perens ( 3872 ) <bruce@perens.com> on Thursday November 09, 2017 @08:20PM (#55522913) Homepage Journal

          If the OS were GPL'ed, then the source code would have to be made available upon request. Making the source code available would mitigate much of the concern that the OS is not trustworthy, as in principle third parties could look for flaws and undocumented features.

          Sure, the GPL would be better than what there is now. But I think even that would not be good enough. GPL source code would be the start of making a system that users could trust. Besides that, there would have to be an explicit way to turn it off that could be confirmed to work reliably, and I would prefer a way to permanently remove it from the system with confirmation that worked too.

          There would be a lot of concern related to the overall security of that system (researchers tell us there are Minix bugs they will be reporting) and what that system is capable of doing for anyone but its owner.

          I am not sure I would want anything other than a very minimal system written in some sort of functional language that could be proven correct (and we know how expensive that is to write).

          Overall, I think I'd rather just have it out of my system.

        • The source code isn't worth much if you can't use it to rebuild and install the whole system.

          For most android phones and wireless routers the "gpl source code" usually consist of some old / incomplete tarred archive of the linux source code which does NOT correspond to the kernel installed on the device; for many drivers, the source files are a mix of magic numbers and binary arrays; and no change logs or version history are ever provided.

          The fact that they're able to pull this shit without anybody crying f

        • Intel actually asked Tennenbaum to make Minix changes for them as part of the project. They very well may be running stock Minix.
        • While this is true, it would be easy for Intel to create a hybrid licensed OS comprising of the Linux kernel and a BSD userland, and just to release source for the Kernel. As all the "interesting stuff" would be userland, there'd be absolutely nothing useful we'd glean from examining the kernel source code.
      • What Tivo did is find and exploit a bug in the GPL 2 which was fixed in the next version to prevent that exploit.

  • by Anonymous Coward on Thursday November 09, 2017 @07:47PM (#55522717)

    See subject: Stop it's ability to send info. outward via router port filtering ala ports 16992-16995 that Intel AMT/ME uses so filter those ports in a modem/router external to OS/PC. Intel ME/AMT operates from your mobo but has NO CONTROL OF YOUR MODEM/ROUTER!

    (This stops it cold talking in/out permanently OR being able to remotely 'patch' it to use other ports by Intel OR malicious actors/malware makers etc.!)

    Additionally, once you disable the AMT engine's software interface (ez via software these articles note)? A malware to 'repatch' this = impossible (bios updaters require it in usermode ware, e.g. ASUS).

    (I only allow 80, 8080 & 443 in/out here on a SINGLE stand-alone system (no home LAN but TCP/IP connected online in BOTH my modem or router port filters or software firewalls))

    HOWEVER - Be CERTAIN your modem/router's internal ware is "solid" as well (turn off things like UPnP etc. & CHECK router/modem HAS NO KNOWN BACKDOOR EXPLOITS (tons do unfortunately)) - get it patched ASAP if it's KNOWN exploited & TONS of routers, ARE https://it.slashdot.org/comments.pl?sid=9995967&cid=53488785/ [slashdot.org]

    * GOOD ROUTERS/MODEMS HAVE PORT FILTERING OPTIONS (crappy ones do not)!

    APK

    P.S.=> Good luck - it's the BEST EASIEST & CHEAPEST DEFENSE using what you already have (hopefully, again as not ALL modems have port filtering but most do & certainly GOOD ONES DO) vs. this threat by stopping it being able to communicate in/out period, from OUTSIDE of the INTEL chipset external to it via a router/firewall hardware... apk

    • by Anonymous Coward
      Better check that that router doesn't have an Intel chipset while you're at it. Oh, and given that what was just disclosed is that there is a lot more stuff in the ME than AMT, even a web server with unknown triggers, I guess you better close the rest of those ports. Hmmmm. Whoops.
    • by Anonymous Coward

      UPDATE: Ports 623-625 also filter them - JUST picked that up today (new information apparently, maybe for versions past 5-11.6 Intel AMT/ME have).

      APK

      P.S.=> An unidentifiable ac (probably a troll harassing me as usual) noted it uses port 80 in his reply to my original post (maybe in the usermode software interface, that's easily removed, but I have not seen news of it being in the MINIX on motherboard chip portion)... apk

    • This works fine if you have a desktop machine or server that never moves. It's a useless mitigation for laptop users who can't always use networks that they fully control
    • Can't I just use a hosts file to fix the problem?

  • Irony.
  • Google is just as or more evil than... Wait. You know what? Fuck attempting to say something clever. I've always been on board with Open Source, yet I have always had my limits on the philosophy. It always seemed to me that the hard line Open Source philosophy wanted hold things back. I get it now. Not just because of this. Hold up and hold back. We are irresponsible with technology and ultimately we are holding back and damaging our species. If a hard line stance on Open Source means holding technology bac
  • by Anonymous Coward

    Intel is running their software on your CPU, using electricity
    which you pay for. If they do not compensate for that, they are essentially
    stealing money from you, which is an offense for which they can be held liable in court.

    I propose everbody with such a CPU starts sending Intel invoices.
    If they do not compensate, a class action law-suit should be started.

  • hardware built into every PC? Are they going to somehow overwrite the Minix OS? Any side effects?

    • I'm wondering, where is this OS resident? As a software, I mean. I think it would not be practical to have it on an immutable ROM, maybe the chipset has a flash memory inside, and maybe they can find a way to access it?
    • by Zocalo ( 252965 )
      Google apparently custom builds their core systems (or more likely gets a third party to build systems to their specs), including the use of their own motherboard designs. That affords them a lot more latitude to design the IME out of the system and implement alternatives that they control - using proprietary silicon if need be - than it would if they were buying pre-built systems off the shelf and trying to turn the IME off after the fact. I wouldn't count on any potential Google solution being a fix for
  • Are AMD CPUs clear of it?
    Has someone got it onto RISC chips?
    Has the NSA or other criminals got their hooks into it?
    Can it be "zapped" with some xrays like cancer patients?

Basic unit of Laryngitis = The Hoarsepower

Working...