1. 76

Intel CPUs running Intel’s Management System run MINIX under Ring -3 (which has full access to everything on the computer, and which users don’t have access to). Includes a full networking stack, file systems, drivers, and even a web server.

  1. 20

    “That’s right. A web server. Your CPU has a secret web server that you are not allowed to access, and, apparently, Intel does not want you to know about.” Rejoice!

    1. 1

      The letter from Andrew S. Tanenbaum is interesting too:

      Apparently an older version of MINIX was used. Older versions were primarily for education and newer ones were for high availability. Military-grade security was never a goal.

    2. 19

      [Citation most definitely needed], I’d imagine appliances running some form of Linux are way more prevalent numerically than hardware from Intel.

      1. 10

        Especially if you take into account all the mobile devices running Android (Linux) on an ARM chipset. I doubt that there’re more CPUs in the cloud than on the edge mobile devices.


        1. 4

          Not to mention that the CPUs in the cloud probably run Linux anyways, so they would each just add 1 to Minix and 1 to Linux.

        2. 3

          I’d actually really like to see some numbers on that.

          1. 2

            Isn’t some weird java card OS used in SIM cards? That would probably win as far as units shipped (all phones since the 90s?).

          2. 17

            “This means MINIX (specifically a version of MINIX 3) is in all likelihood the most popular OS shipping today on modern Intel-based computers (desktops, laptops and servers)”. Aside from the catchy “in the world” title this could be true.

            1. 11

              The most important question now is; can we port DOOM to it.

              1. 2

                Based on this note: http://www.cs.vu.nl/~ast/intel/ Sadly maybe not, as it looks like floating point was disabled. Unless there is a DOOM variant out there running without floats? I remember needing a math coprocessor to run the original version, back in ’93

                1. 4

                  Shouldn’t be much of a roadblock, DOOM has been ported to systems with softfloat (software emulated float)

              2. 7

                While we’re on the subject, I had this in my queue for a while but didn’t get to watch it until now. https://www.youtube.com/watch?v=aiMNbjzYMXo

                1. 5

                  A very good technical description of the Intel Management Engine: http://blog.ptsecurity.com/2017/08/disabling-intel-me.html

                  1. 4

                    Why are we just knowing this. Networking, drivers and web servers, basically a bunch of vector attacks to gain control over the CPU which has lower ring than Ring 0. Could we assume that people (NSA, white/black hackers, etc) with this knowledge are already taking advantage of this?

                    1. 11

                      Everybody who read the manual knew about this (except maybe the fact it’s minix based). https://www.intel.com/content/www/us/en/architecture-and-technology/intel-active-management-technology.html

                      1. 1

                        I beg to differ. For the record, not even Tanenbaum knew about it. That is, of course, until he read this link

                        1. 1

                          except maybe the fact it’s minix based

                          That’s what the thread is about. I agree on the other point as I hated arguing about Intel randomness instructions and such when the manual said it was backdoored in another way.

                        2. 4

                          Minix wasn’t being used until the ME transitioned to an x86 core, which happened with Skylake.

                        3. 2

                          At the same time on the MINIX3 home page: “Unfortunately, the MINIXCon 2017 conference had to be cancelled due to the small number of talks submitted”

                          “The most popular OS” is not the the right concept, “The most installed OS” is better.

                          1. 0

                            MIT licence is sooo cool, multi billionaires company have work for free

                            1. 2

                              You have made variations of this comment several times, now. What is your solution? A license that says “If you have over x American dollars, you must pay y to use this software?

                              1. 1

                                There’s always dual licensing with the GPL and a commercial license.

                                1. 2

                                  If it’s dual-licensed under GPL and commercial (whatever that means) then one can always use the former. GPL does not forbid, but actually encourages, charging money for the software and the end product being commercial.

                                  1. 1

                                    If they change it and distribute the changes, they have to release the source to the changes. Or pay for right not to. Project maintainers might get something useful out of it. They won’t if it’s permissively licensed in vast majority of cases where a change is made and distributed.

                                    1. 2

                                      Here, however, no one cares about getting anything useful or anything at all for that matter. People who permissively license their software actually care about the software being useful to everyone.

                                      In either case, money has nothing to do with it.

                                      1. 1

                                        Good point. Yeah, that be the case here.

                                2. 1

                                  Solution to what? What is the problem here?

                                3. 2

                                  It’s BSD license to be precise. It’s also great that you can incorporate code covered by such a license in a proprietary or copyleft-licensed software - the reverse is not true.

                                  As an author you have the freedom to chose a license that suits you and the project :^)

                                4. 1

                                  Reminds me of A/ROSE, at least in spirit.

                                  Apple created a “super expansion card” that could be slotted into NuBus Macs. The card had enough horsepower that it could be turned into just about any kind of peripheral with minimal additional engineering. The card ran a small operating system called A/ROSE that ran independently of the main OS.

                                  1. 1

                                    Interesting to see. Minix is nice code - or was back in the day when I looked at it.

                                    Outside of Intel, I wonder how it stacks up in the embedded space.