Steven J. Vaughan-Nichols, ZDNet:
…“Intel chipsets for some years have included a Management Engine [ME], a small microprocessor that runs independently of the main CPU and operating system. Various pieces of software run on the ME, ranging from code to handle media DRM to an implementation of a TPM. AMT [Active Management Technology] is another piece of software running on the ME.”
In May, we found out that AMT had a major security flaw, which had been in there for nine – count ‘em – nine years.
…Minnich found that what’s going on within the chip is even more troubling. At a presentation at Embedded Linux Conference Europe, he reported that systems using Intel chips that have AMT, are running MINIX.
If you learned about operating systems in the late ’80s and early ’90s, you knew MINIX as Andrew S Tanenbaum’s educational Unix-like operating system. It was used to teach operating system principles. Today, it’s best known as the OS that inspired Linus Torvalds to create Linux.
So, what’s it doing in Intel chips? A lot. These processors are running a closed-source variation of the open-source MINIX 3. We don’t know exactly what version or how it’s been modified since we don’t have the source code.
What does this mean? With this closed source variant of MINIX present:
- Operating systems have no final control of the x86 platform
- There are at least 2.5 OS kernels (i.e., MINIX and UEFI) between the hardware and the operating system
- These hardware systems are proprietary and exploit-friendly
- These exploits can persist (i.e., be written to FLASH)
Minnich and crew found that MINIX is running:
- TCP/IP networking stacks
- File systems
- Web servers
Back to Vaughan-Nichols:
MINIX also has access to your passwords. It can also reimage your computer’s firmware even if it’s powered off. Let me repeat that. If your computer is “off” but still plugged in, MINIX can still potentially change your computer’s fundamental settings.
And, for even more fun, it “can implement self-modifying code that can persist across power cycles”. So, if an exploit happens here, even if you unplug your server in one last desperate attempt to save it, the attack will still be there waiting for you when you plug it back in.
So, run to AMD-based systems?
What’s the solution? Well, it’s not “Switch to AMD chips”. Once, AMD chips didn’t have this kind of mystery code hidden inside it, but even the latest Ryzen processors are not totally open. They include the AMD platform security process and that’s also a mysterious black box.
Minnich makes the following proposals:
- Make firmware less capable of doing harm
- Make its actions more visible
- Remove as many runtime components as possible
- In particular, take away its web server and IP stack
- Remove the UEFI IP stack and other drivers
- Remove ME/UEFI self-reflash capability
- Let Linux manage flash updates
If you’ve been paying attention the past few years, much of this is not new, but, thanks to the hard work of numerous parties, this issue is finally getting the attention it deserves.
Has a Purism laptop ever looked better?