Intel Management Engine: Congratulations, Dr Tannebaum!

All off topic discussions go here. Everything from the funny thing your cat did to your favorite tv shows. Non-programming computer questions are ok too.
Post Reply
User avatar
Schol-R-LEA
Member
Member
Posts: 1925
Joined: Fri Oct 27, 2006 9:42 am
Location: Athens, GA, USA

Intel Management Engine: Congratulations, Dr Tannebaum!

Post by Schol-R-LEA »

What are you doing, Intel? Go home, Intel, you're drunk!

Minix v3.0. Hidden inside Intel Management Engine, and running on a hidden CPU core. Meaning it is part of the hardware of almost every x86-64 processor made since 2005. Including a running http server, for... reasons?

Oh, and apparently AMD copied the approach in their own Management Engine equivalent, up to and including the Minix kernel to run it.

And it was only figured out because of a security vulnerability that exposed it. Google is talking of dropping the use of x86 entirely because the vulnerability is likely to be irremediable since it is occurring in otherwise inaccessible hardware.

Seriously? Is this a joke or something? Am I misunderstanding what they are saying? No, really, please tell me that this isn't as crazy as this is sounding to me right now!

Comments? Corrections? Antidotes for the mind-altering drugs which someone apparently has been dosed with?

(No comments on whom - it could be Intel, it could be the people reporting on it, it could be both, it could be me only imagining I am reading this for all I know. Honestly, this sounds like something The Onion's editors would have rejected as too implausible.)
Rev. First Speaker Schol-R-LEA;2 LCF ELF JAM POEE KoR KCO PPWMTF
Ordo OS Project
Lisp programmers tend to seem very odd to outsiders, just like anyone else who has had a religious experience they can't quite explain to others.
User avatar
~
Member
Member
Posts: 1228
Joined: Tue Mar 06, 2007 11:17 am
Libera.chat IRC: ArcheFire

Re: Intel Management Engine: Congratulations, Dr Tannebaum!

Post by ~ »

The best antidote would be to implement a fully open CPU-motherboard-peripherals-OS implemetation of the standard x86 PC for 16, 32 and 64-bit architectures, with BIOS and UEFI on top of BIOS as an optional module. It will easily clear out any confusion/privacy-compromising elements, specially reimplementing the x86 CPU as an open source hardware device, then network, sound, video, TV/radio, and the rest.
mattias
Posts: 1
Joined: Sat Oct 28, 2017 6:17 am

Re: Intel Management Engine: Congratulations, Dr Tannebaum!

Post by mattias »

If you want to get rid of it completely you have to drop all the way back to a core2duo :'(

At least it's an excuse to buy a Thinkpad.
User avatar
Brendan
Member
Member
Posts: 8561
Joined: Sat Jan 15, 2005 12:00 am
Location: At his keyboard!
Contact:

Re: Intel Management Engine: Congratulations, Dr Tannebaum!

Post by Brendan »

Hi,
Schol-R-LEA wrote:Comments? Corrections? Antidotes for the mind-altering drugs which someone apparently has been dosed with?
What some people (e.g. attention seekers like EFF) don't say is why this exists in the first place.

The main point of the management engine is to allow the computer's manufacturer to do automated testing and pre-configuration (e.g. setting firmware for the locale the computer will be sold in); and automated and remote configuration/management by the end user. For example, with the right software, an administrator at large company can have untrained labourers plug 100 new computers in at a remote site; then (via. remote networking) turn each computer on, redirect keyboard/video over the network, flash the BIOS, change BIOS setting, install an OS, etc.

Of course for small home/office (excluding the "small branch office for national company with IT department at head office" scenarios that have become very common) this sort of technology is completely unnecessary; and I'd suspect that the only reason it's included is because it's cheaper to include it in all computers than it is to design different chipsets and motherboards for different markets.

Also note that in theory it would be possible to implement (almost all of?) these features in pure silicon, with no little embedded CPU and no software at all; but this wouldn't make any difference for security risks and would just make hardware more expensive and less flexible.

The other thing to consider is that it's also used to increase security (e.g. things like checking firmware's signature before firmware is started to guard against root-kits in firmware); so even if you have no need for remote configuration/management you'd still have to weigh up the risk of having a management engine against the risk of not having a management engine. Unless you actually know how many vulnerabilities the ME prevents you can't say "removing ME will improve security" because its removal could just make everything far more vulnerable.

Note 1: For me specifically; I wish ME (and SMM and ACPI) never existed. With the right software; it wouldn't be that hard to replace most of the functionality provided by ME with a combination of wake-on-LAN and network boot (where admin asks DHCP server to tell the computer to download/boot "management tools" then sends the magic "wake on LAN" packet to the client; and once booted those tools can include the ability to update firmware, change BIOS settings, install an OS, etc). Of course most OSs already support remote desktop, so (if the OS is setup for that) you shouldn't need ME after an OS boots.

Note 2: I'm already sick of hearing the incredibly idiotic "Minix 3 in ME" hype. At best, it's probably less than a few thousand lines of code taken from the Minix micro-kernel, without a single scrap of the entire Minix user-space (which includes drivers and services and everything else that is necessary to turn a bare micro-kernel into an actual OS).


Cheers,

Brendan
For all things; perfection is, and will always remain, impossible to achieve in practice. However; by striving for perfection we create things that are as perfect as practically possible. Let the pursuit of perfection be our guide.
Korona
Member
Member
Posts: 1000
Joined: Thu May 17, 2007 1:27 pm
Contact:

Re: Intel Management Engine: Congratulations, Dr Tannebaum!

Post by Korona »

Brendan wrote:Note 1: For me specifically; I wish ME (and SMM and ACPI) never existed. With the right software; it wouldn't be that hard to replace most of the functionality provided by ME with a combination of wake-on-LAN and network boot (where admin asks DHCP server to tell the computer to download/boot "management tools" then sends the magic "wake on LAN" packet to the client; and once booted those tools can include the ability to update firmware, change BIOS settings, install an OS, etc). Of course most OSs already support remote desktop, so (if the OS is setup for that) you shouldn't need ME after an OS boots.
I think the niche of management engine is not really remote administration (that is better done using ssh) but remote crash diagnosis and recovery. At least, that is what IPMI is used for at my workplace. IPMI provides access to stuff like the BIOS and the actual VGA output even before the OS boots. If the OS crashes or freezes, wake-over-LAN will not help you to reboot it. I've encountered multiple situations where the OS was still running but not responding to ssh (e.g. because some OOM killer decided to kill critical processes or they crashed for some reasons or because the network connection to storage servers became unreliable). IPMI often still enables you find out what is going wrong without attaching a physical monitor to the node.

Of course, all this can be implemented more sanely than it is done by Intel: Put it on a separate chip that has access to the physical VGA output lines but does not have access to DMA. Attach a separate ethernet subnet to this chip and put it behind a physical firewall. I think this is also what vendors of more sophisticated management engines do, but of course that is much more expensive.
managarm: Microkernel-based OS capable of running a Wayland desktop (Discord: https://discord.gg/7WB6Ur3). My OS-dev projects: [mlibc: Portable C library for managarm, qword, Linux, Sigma, ...] [LAI: AML interpreter] [xbstrap: Build system for OS distributions].
OSwhatever
Member
Member
Posts: 595
Joined: Mon Jul 05, 2010 4:15 pm

Re: Intel Management Engine: Congratulations, Dr Tannebaum!

Post by OSwhatever »

The previous version of Intel AMT used an ARC processor together with ThreadX RTOS. I wonder what made them change to Intel x86 with MINIX? Was it because Intel wanted to use their own processor IPs as much as possible?
User avatar
Kazinsal
Member
Member
Posts: 559
Joined: Wed Jul 13, 2011 7:38 pm
Libera.chat IRC: Kazinsal
Location: Vancouver
Contact:

Re: Intel Management Engine: Congratulations, Dr Tannebaum!

Post by Kazinsal »

Congratulations? I guess.

I feel like Tanenbaum is playing with himself here over the fact that someone actually used Minix for something other than an example of why you don't try to slander Linus Torvalds when all you have is your academia and no real world usage.

No one really cares about Minix anymore and the people who would probably are likely at the point of shrieking about how Tanenbaum is an anti-free dictator for dropping something like this in response to Intel using Minix in ME, because grrr Intel ME evil grrr I use a tenth-the-performance-per-watt "free" laptop produced in the People's Republic of China connected to a wireless network that has a path back to the internet

Maybe I just like the Intel ME because insufferable GNU-ites freak out about it.
User avatar
Schol-R-LEA
Member
Member
Posts: 1925
Joined: Fri Oct 27, 2006 9:42 am
Location: Athens, GA, USA

Re: Intel Management Engine: Congratulations, Dr Tannebaum!

Post by Schol-R-LEA »

What are you talking about? The 'congratulations' part was just a joke over the 'Minix is in every PC!11!!!1!1!' thing (which, as Brendan points out, isn't really the case - thank you for the clarification, Brendan, the sources I'd seen were very misleading about that part). Tannenbaum had nothing to do with that. AFAIK, Tannenbaum himself hasn't responded to this publicly, and may not even be aware of it.

EDIT: he has responded now.. Apparently, he was surprised to hear about it. Also, it sounds as if he was trying to make it a commercial system a few years ago after all, contrary to what I said later in this post.

In fact, part of the freak-out over this is because Intel doesn't seem to have told him about their use of his code - though given the fact that it is under the BSD license (since 2000, according to Wicked-Pedo), they probably didn't really need to.

Besides, the argument with Torvalds back in 1992 was over the kernel model, not licensing. He certainly never had a beef with Linux getting big - he had a beef with it being a nasty grotty impure monolithic kernel rather than an ivory-tower micro-kernel, and that fight is now over 25 years in the past, something both of them have moved on from long since.

More to the point, he never wanted Minix to be in regular use - it is meant as a student model and a research tool, not practical system. It is a kinda-sorta practical system, and a lot more compete than, say, NACHOS or Xinu (in the late 1980s, I had first edition copies of both the Minix book and the Xinu book - the latter was the version for the LSI-11, as this was before the PC version was published), but it is still designed mainly to be easily understood. I don't know if he's planning a fourth edition, as the third is now twelve years old, but if he does, it will be in support of his textbook, which is why it exists in the first place. If he has any reaction beyond, "huh, that's weird, why did they do that?", it will probably be, "But, but, but... it's supposed to be a demonstrator, not an industrial-strength system, it's not up to doing something like that!"
Rev. First Speaker Schol-R-LEA;2 LCF ELF JAM POEE KoR KCO PPWMTF
Ordo OS Project
Lisp programmers tend to seem very odd to outsiders, just like anyone else who has had a religious experience they can't quite explain to others.
User avatar
Schol-R-LEA
Member
Member
Posts: 1925
Joined: Fri Oct 27, 2006 9:42 am
Location: Athens, GA, USA

Re: Intel Management Engine: Congratulations, Dr Tannebaum!

Post by Schol-R-LEA »

http://www.zdnet.com/article/minixs-cre ... -using-it/

I added a note about this response to my previous post as well.
Rev. First Speaker Schol-R-LEA;2 LCF ELF JAM POEE KoR KCO PPWMTF
Ordo OS Project
Lisp programmers tend to seem very odd to outsiders, just like anyone else who has had a religious experience they can't quite explain to others.
simeonz
Member
Member
Posts: 360
Joined: Fri Aug 19, 2016 10:28 pm

Re: Intel Management Engine: Congratulations, Dr Tannebaum!

Post by simeonz »

This post and the vulnerability announcements have slipped my attention.

How is this not a hot problem? Some unknown amount of consumer line motherboards were shipped with AMT, Intel's tools red flag virtually anything (including my mobo), and while a fix has been distributed to the OEMs, not all models received updates in the end. You could flash firmware with unsupported images, but I myself am unwilling to take the chance of using stuff originating from third party websites. Should one trust the Intel detection tools or the matherboard vendor, which claims that the problem does not affect their consumer line? And are thousands of PCs sitting ducks at the firmware level at the moment?
User avatar
Solar
Member
Member
Posts: 7615
Joined: Thu Nov 16, 2006 12:01 pm
Location: Germany
Contact:

Re: Intel Management Engine: Congratulations, Dr Tannebaum!

Post by Solar »

I think you underestimate the ambient threat level, significantly. Vulnerabilities like this exist in in the hundreds, if not thousands... and barely anybody really cares, because, what's the alternative? Tossing tens of thousands of boxes to the bin?
Every good solution is obvious once you've found it.
simeonz
Member
Member
Posts: 360
Joined: Fri Aug 19, 2016 10:28 pm

Re: Intel Management Engine: Congratulations, Dr Tannebaum!

Post by simeonz »

Solar wrote:I think you underestimate the ambient threat level, significantly. Vulnerabilities like this exist in in the hundreds, if not thousands... and barely anybody really cares, because, what's the alternative? Tossing tens of thousands of boxes to the bin?
Why have security updates at all then? Why worry about Meltdown and Spectre. The ME offers more far more system access.

BMCs are not something new, but you cannot slip hardware with BMC without the clearly expressed demand of the customer base. I mean, is there any need for my motherboard to have a coprocessor running a full blown OS, just so that it can do power management. Intel has decided to have the management communication pass out-of-band on the standard ethernet port, which seems a very volatile design to me. That combined with the fact that the security exploits need to be discovered by independent research teams in the undisclosed package, rectified by Intel, distributed to the OEMs, then manually applied by the user.

So far, just a few vulnerabilities have been discovered (a couple I saw). Knowing how many vulnerabilities are there in any reasonably sized piece of system software, it is likely that most of them are still unknown. This makes me feel that most machines with those chipsets are as secure as a public library computer.
User avatar
Ycep
Member
Member
Posts: 401
Joined: Mon Dec 28, 2015 11:11 am

Re: Intel Management Engine: Congratulations, Dr Tannebaum!

Post by Ycep »

I didn't read the rest of thread, but anyway...
reasons?
Well, personally I think it goes like this:
You see, Intel is a corporation. Corporations love money. What can governments do for their good? Reduce taxes/Give money.
And it seems that for electronic-technology corporations they choose to give money but under one condition: Integrate surveillance spyware in their products.
And it's not only Intel.
"Google is free."
Right, free but under one another condition:Track everything you do with their products. E-mails, Cloud storage, Search, Google location service in Android phones.
"I'm afraid for my privacy so I use Tor browser and Qubes OS"
In fact if you didn't know Tor and all that internet privacy bullshit was made by U.S. government. Just because you sold/bought drugs on Silkroad or watched some pedo porn and they didn't done to you anything yet that does not mean they do not know you did.
Post Reply