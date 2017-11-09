Google Working To Remove MINIX-Based ME From Intel Platforms (tomshardware.com) 30
An anonymous reader quotes a report from Tom's Hardware: Intel's Management Engine (ME) technology is built into almost all modern Intel CPUs. At the Embedded Linux Conference, a Google engineer named Ronald Minnich revealed that the ME is actually running its own entire MINIX OS and that Google is working on removing it. Due to MINIX's presence on every Intel system, the barebones Unix-like OS is the most widely deployed operating system in the world. Intel's ME technology is a hardware-level system within Intel CPUs that consists of closed-source firmware running on a dedicated microprocessor. There isn't much public knowledge of the workings of the ME, especially in its current state. It's not even clear where the hardware is physically located anymore.
What's concerning Google is the complexity of the ME. Public interest in the subject piqued earlier this year when a vulnerability was discovered in Intel's Active Management Technology (AMT), but that's just a software that runs on ME--ME is actually an entire OS. Minnich's presentation touched on his team's discovery that the OS in question is a closed version of the open-source MINIX OS. The real focus, though, is what's in it and the consequences. According the Minnich, that list includes web server capabilities, a file system, drivers for disk and USB access, and, possibly, some hardware DRM-related capabilities. It's not known if all this code is explicitly included for current or future ME capabilities, or if it's because Intel simply saw more potential value in keeping rather than removing it.
... and replacing it with Android. "Just how much juicy monetizable user data could we get that way?"
(I believe I'm joking, but I'm not completely sure...)
Hrmm, so some of these intel systems would have linux on it, and linux would be on some AMD x86 systems, and intel ME isn't on Qualcomm/ARM chips in mobiles that android (linux) runs on, or any of these IoT devices. I'm willing to wager there are more mobile phones in the world than intel ME enabled PCs at this point.
Hrmm, so some of these intel systems would have linux on it, and linux would be on some AMD x86 systems, and intel ME isn't on Qualcomm/ARM chips in mobiles that android (linux) runs on, or any of these IoT devices. I'm willing to wager there are more mobile phones in the world than intel ME enabled PCs at this point.
On top of that, I'm willingto be there are more linux VM's than intel ME enabled CPU's.
Guys, can you at least get your facts straight before doing another FUD piece on the Intel ME?
1) The ME is not in the CPU, it's in the chipset, specificly it's loaded in the firmware of the firmware hub, and the "hidding processor" is in the chip we typically call the South Bridge.
2) It's OFF BY DEFAULT.
Go ahead and check it yourself:
INTEL-SA-00075 Detection and Mitigation Tool
https://downloadcenter.intel.com/download/26755
The remote management tools are off by default, but you still need the chip on to run the power management software on it, or the CPU turns off in 30 minutes.
And as it is a black box, it might be doing several other tasks while doing the power management.
It's the year of the Minix desktop!
"Intel's Management Engine (ME) technology is built into almost all modern Intel CPUs."
and
"Intel's ME technology is a hardware-level system within Intel CPUs that consists of closed-source firmware running on a dedicated microprocessor."
How can the IME be INSIDE the CPU, when it's widely known that it monitors packets coming from your ethernet connection EVEN IF YOUR COMPUTER IS POWERED OFF? If it's powered off, there is no power going
If ever notice that when thigns are powered off they are still using 1-10wats? Or that LED's are still lit or blinking?
This is the case with PC's, Microwaves, Dumb TV, VCR's, your name it.
PC's no longer have an on/off button. It's now a button that asks the CPU to shutdown. Power is not cut removed, and some parts stay powered on. Can't ask the CPU to power on, if there's no power for it to reconize the input.
Google might want to talk to Purism, who claim to have completely disabled Intel's ME in their secure Linux based laptops.
You should peruse this great website which talked about this three days ago...
During the week, Tanenbaum was trying to troll Linus and RMS by suggesting there were more MINIX installs than Linux and that was because Linus had chosen the GPL.
Due to MINIX's presence on every Intel system, the barebones Unix-like OS is the most widely deployed operating system in the world.
I seriously doubt this claim. Phones have outnumbered PCs for years, for one thing. And Linux is deployed maybe even in more TVs and routers than phones, and numerous other embedded systems, now increasingly including cars. Anybody with decent stats on this?
From everything I've read, this started before the smart phone craze, some where around 2007-2008. With that being said, they had a very good head start which may still allow them to claim the biggest installation base. Also don't forget all those "cloud" servers...
First, not all Intel systems that are capable of it actually have the management engine software. Second, the Intel PC motherboard probably does not hold the "largest number of systems" title, that might belong to Android phones. And anyway isn't the fact that MINIX with its BSD/MIT style licensing was used for the most user-hostile system in recent time an indictment of that license? You would not see GPL software used for this, for obvious reasons, and people who use GPL should be proud of that.