1. 29

Intel Management Engine is a proprietary technology that consists of a microcontroller integrated into the Platform Controller Hub (PCH) chip and a set of built-in peripherals. The PCH carries almost all communication between the processor and external devices; therefore Intel ME has access to almost all data on the computer. The ability to execute third-party code on Intel ME would allow for a complete compromise of the platform. … our research team (Dmitry Sklyarov, Mark Ermolov, and Maxim Goryachy) managed to recover these tables and created a utility for unpacking images.

  1.  

  2. 4

    The thing that jumped out at me most was the conclusion that Intel’s ME firmware is based on Minix…

    1. 3

      Yeah, it’s kind of fascinating. A full OS running on the CPU. I think there’s a lot more to be discovered here.

    2. 3

      I repost my take on “High-Assurance Platform” disabling it after studying that field a long time, including stuff on HAP. A few on HN wondered about that esp thinking they just started worrying about it.

      “Historically, high-assurance security used a mix of commodity and custom hardware. SCOMP had IO/MMU. LOCK had type enforcement at memory & storage level. Congress mandated use of commercial off-the-shelf which forced ports to insecure architectures. Aesec’s GEMSOS, one of first security kernels, did some kind of custom firmware when ported to x86. Paul Karger, one of INFOSEC’s founders, decided on VMM’s for easier security & legacy compatibility with modifications to PALcode during implementation. Many products, like INTEGRITY-178B, targeted PowerPC to get better hardware with cross-selling to aerospace. General Dynamics with NSA modified Intel stuff with misnamed HAP (Linux + VMware aint high assurance!). Others are doing custom CPU’s and firmware designed for security whereas Joshua Edmison made attachment that reuses high-performing CPU’s main components.

      So, there’s a long history in high-assurance security of securing each layer. Mainstream security ignored it as usual until recently focusing on that stuff. Many smart folks among them are trying to secure software on backdoored CPU’s while others (eg Raptor POWER, Cambridge CHERI) are trying to give us non-backdoored systems. At one point, I knew most of the latter since so few are working on that angle. Rarely fix root cause over tactical mitigations.”

      Here’s the main product that came out of it if anyone wants to try to buy it to reverse engineers the HAP parts or just assess it in general:

      https://gdmissionsystems.com/cyber/products/trusted-computing-cross-domain/trusted-multilevel-computing-solution

      You know the HAP people are full of shit when NSA’s IAD is simultaneously pushing separation kernels as a solution to insecurity of things like Linux and VMware. Of course, that ultimately failed due to commodity hardware being too complex. The separation kernels worked in terms of being strongest security achieved. The hardware just screwed that up. I’ll post another paper Tuesday on a weaker, but useful, concept one group was doing as a result.