There is growing unrest concerning the scope and potential for mischief arising from the deployment of modern processors packing Intel’s Management Engine. Back in May the EFF published an article about how, since 2008, most of Intel’s chipsets have come packing “a tiny homunculus computer called the ‘Management Engine’ (ME)”. This CPU master controller system has direct access to system memory, the screen, keyboard, and network, it was reported. Intel boasts of AMT (Active Management Technology) as an enterprise feature and it has been enabled on Core vPro and Xeon processors for years.
Earlier in the same month there was a security scare story about Intel AMT equipped processors which allowed "an unprivileged attacker to gain control of the manageability features provided by these products". Intel subsequently published a firmware fix to block the dangerous remote access issue but it wasn’t made available to everyone as the vulnerability was nine years in standing. Some hardware is simply so old it is no longer supported, or the maker has gone bust etc.
A recent article published by Network World, via TechPowerUp, has now revealed that the OS behind Intel’s ME is MINIX 3. MINIX is a Unix-like OS developed by Andrew Tanenbaum as an educational tool and it is extremely compact yet powerful.
On your Intel CPU with AMT, MINIX is said to be running in Ring -3 on its own CPU/ROM/RAM within the Intel SoC. You have no access to Ring -3, the lowest ‘Ring’ you have any access to is Ring 0: the OS kernel level. However most applications you will use are Ring 3 (that’s positive 3). Importantly, the following features are available to the MINIX 3 OS which operates at such a low level:
- Full networking stack
- File systems
- Many drivers (including USB, networking, etc.)
- A web server
Understandably, security minded individuals and organisations don’t want to deal with a Ring -3 level potential security hole which and is left to Intel and hardware partners to maintain via BIOS updates.
For individuals, Purism has been working to develop Linux PCs with the Intel Management Engine disabled. Purism has started to ship its secure ‘Librem’ laptop products which don’t use Intel AMT.
In other news, organisations like Google also want to remove (PDF) the MINIX OS from server machine CPUs - due to security concerns. As Network World emphasises, Intel should consider removing the feature or make it easy to disable - otherwise huge customers like Google might decide on a different CPU supplier or architecture.