diff options
author | P. J. McDermott <pj@pehjota.net> | 2015-09-13 17:45:51 (EDT) |
---|---|---|
committer | P. J. McDermott <pj@pehjota.net> | 2015-09-13 17:45:51 (EDT) |
commit | 28f81f4c1af196262bad8f388491eb328db70e41 (patch) | |
tree | 479e4ec3bfedfe5862035669da533f5cf8059900 | |
parent | 16958b8afff8c8800a6e52ceed76e4d2071ef4d7 (diff) | |
download | libreboot.org-feature/faq-intel-me-rewrite.zip libreboot.org-feature/faq-intel-me-rewrite.tar.gz libreboot.org-feature/faq-intel-me-rewrite.tar.bz2 |
FAQ: Rewrite Intel ME sectionfeature/faq-intel-me-rewrite
Explain in greater detail the ME, its introduction and versions, its
hardware architecture, and and its firmware structure and application
modules.
-rw-r--r-- | site/faq/index.php | 173 |
1 files changed, 136 insertions, 37 deletions
diff --git a/site/faq/index.php b/site/faq/index.php index b445db2..4f11c3e 100644 --- a/site/faq/index.php +++ b/site/faq/index.php @@ -119,43 +119,142 @@ </p> <h3 id="intelme">Intel Management Engine (ME) <span class="ref">(<a href="#intelme">#intelme</a>)</span></h3> <p> - The ME is a separate microcontroller that exists in all Intel systems past the year ~2006, running its own embedded (and proprietary) operating system, referred to as the ME <i>firmware</i> in this article. It provides remote access capabilities, - independently from the running operating system on the main CPU, with full access to RAM, and full networking support. <i>With a functioning ME, your system - is left wide open for attack. It can also phone home to Intel.</i> It also handles the - TPM, AMT (<a href="https://www.fsf.org/blogs/community/active-management-technology">Active Management Technology</a>), <a href="https://mjg59.dreamwidth.org/33981.html">Boot Guard</a> and various <a href="https://defectivebydesign.org/what_is_drm_digital_restrictions_management">DRM</a> mechanisms. - The ME also performs some basic hardware initialization and power management, on recent systems. - </p> - <p> - The ME firmware is <i>cryptographically signed</i>, which means that you cannot run a modified version of it. You also can't boot without it. - On some older systems (based on ICH8 and ICH9), it's possible to remove the ME <i>firmware</i> and still have a functioning system, where - the ME itself is permanently deactivated. For instance, libreboot supports several ICH9 based - laptops (e.g. <a href="../docs/install/x200_external.html">Libreboot X200</a> and <a href="../docs/install/t400_external.html">Libreboot T400</a>); see <a href="../docs/hcl/gm45_remove_me.html">../docs/hcl/gm45_remove_me.html</a>. - On later systems (basically anything produced since 2010), this is not possible. - </p> - <p> - All modern Intel systems built after around the year 2008/2009 (after ICH9) require this proprietary firmware, and - will not boot without it (or will shut down after 30 minutes). Replacing it is impossible, unless you are Intel (only they have the private - key, necessary for signing the firmware). The Management Engine is covered on a lot of websites - (e.g. <a href="http://me.bios.io/Main_Page">me.bios.io</a>, <a href="http://io.smashthestack.org/me/">smashthestack.org</a>, - the <a href="http://www.coreboot.org/Intel_Management_Engine">coreboot wiki</a>, <a href="https://en.wikipedia.org/wiki/Intel_Active_Management_Technology">wikipedia</a>, <a href="https://www.fsf.org/blogs/community/active-management-technology">FSF blog</a>) and - a book titled <i><a href="https://www.apress.com/9781430265719">Platform Embedded Security Technology Revealed</a></i> (PESTR), published by Apress (ISBN 9781430265719). - </p> - <p> - The Management Engine is an <i>ARC</i> microcontroller. The firmware is based - on <a href="http://rtos.com/products/threadx/ARC">ThreadX RTOS</a>, a proprietary embedded operating system. - Manufacturers (not just Intel) can pay for a (proprietary) license - providing access to the source code, but they are not allowed to share it with anyone. In other words, even - if Intel wanted to release the source code for this blob, they could not do so. Even if they did, the ME - firmware is cryptographically signed, where the signature is verified at boot time. If you try to use your own modified - version of the ME firmware, it will be rejected by the ARC and your system will not boot. In other words, - the ME firmware is <i><a href="https://www.gnu.org/proprietary/proprietary-tyrants.html">tivoized</a></i>. - </p> - <p> - <b><i> - The Management Engine is a giant backdoor, allowing full access to your entire system for malicious adversaries. You don't have any privacy - at all on systems that have this. - The libreboot project strongly recommends that you avoid it entirely, and this means avoiding all recent generations of Intel hardware. - </i></b> + Introduced in June 2006 in Intel's 965 Express Chipset Family of (Graphics and) + Memory Controller Hubs, or (G)MCHs, and the ICH8 I/O Controller Family, the + Intel Management Engine (ME) is a separate computing environment physically + located in the (G)MCH chip. In Q3 2009, the first generation of Intel Core + i3/i5/i7 (Nehalem) CPUs and the 5 Series Chipset family of Platform Controller + Hubs, or PCHs, brought a more tightly integrated ME (now at version 6.0) inside + the PCH chip, which itself replaced the ICH. Thus, the ME is <em>present on all + Intel desktop, mobile (laptop), and server systems since mid 2006</em>. + </p> + <p> + The ME consists of an ARC processor core (replaced with other processor cores in + later generations of the ME), code and data caches, a timer, and a secure + internal bus to which additional devices are connected, including a cryptography + engine, internal ROM and RAM, memory controllers, and a <em>direct memory access + (DMA) engine</em> to access the host operating system's memory as well as to + reserve a region of protected external memory to supplement the ME's limited + internal RAM. The ME also has <em>network access</em> with its own MAC address + through an Intel Gigabit Ethernet Controller. Its boot program, stored on the + internal ROM, loads a firmware "manifest" from the PC's SPI flash chip. This + manifest is <em>signed with a strong cryptographic key</em>, which differs + between versions of the ME firmware. If the manifest isn't signed by a specific + Intel key, the boot ROM won't load and execute the firmware and the ME processor + core will be halted. + </p> + <p> + The ME firmware is compressed and consists of modules that are listed in the + manifest along with secure cryptographic hashes of their contents. One module + is the operating system kernel, which is based on a <em>proprietary real-time + operating system (RTOS) kernel</em> called "ThreadX". The developer, Express + Logic, sells licenses and source code for ThreadX. Customers such as Intel are + forbidden from disclosing or sublicensing the ThreadX source code. Another + module is the Dynamic Application Loader (DAL), which consists of a <em>Java + virtual machine</em> and set of pre-installed Java classes for cryptography, + secure storage, etc. The DAL module can load and execute additional ME modules + from the PC's HDD or SSD. The ME firmware also includes a number of native + application modules within its flash memory space, including Intel Active + Management Technology (AMT), an implementation of a Trusted Platform Module + (TPM), Intel Boot Guard, and audio and video DRM systems. + </p> + <p> + The <a href="https://www.fsf.org/blogs/community/active-management-technology"> + Active Management Technology (AMT)</a> application, part of the Intel "vPro" + brand, is a Web server and application code that enables remote users to power + on, power off, view information about, and otherwise manage the PC. It can + be <em>used remotely even while the PC is powered off</em> (via Wake-on-Lan). + Traffic is encrypted using SSL/TLS libraries, but recall that all of the major + SSL/TLS implementations have had highly publicized vulnerabilities. The AMT + application itself has <em><a + href="https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Known_vulnerabilities_and_exploits"> + known vulnerabilities</a></em>, which have been exploited to develop rootkits + and keyloggers and covertly gain encrypted access to the management features of + a PC. Remember that the ME has full access to the PC's RAM. This means that an + attacker exploiting any of these vulnerabilities may gain access to everything + on the PC as it runs: all open files, all running applications, all keys + pressed, and more. + </p> + <p> + <a href="https://mjg59.dreamwidth.org/33981.html">Intel Boot Guard</a> is an ME + application introduced in Q2 2013 with ME firmware version 9.0 on 4th Generation + Intel Core i3/i5/i7 (Haswell) CPUs. It allows a PC OEM to generate an + asymmetric cryptographic keypair, install the public key in the CPU, and prevent + the CPU from executing boot firmware that isn't signed with their private key. + This means that <em>coreboot and libreboot are impossible to port</em> to such + PCs, without the OEM's private signing key. Note that systems assembled from + separately purchased mainboard and CPU parts are unaffected, since the vendor of + the mainboard (on which the boot firmware is stored) can't possibly affect the + public key stored on the CPU. + </p> + <p> + ME firmware versions 4.0 and later (Intel 4 Series and later chipsets) include + an ME application for <em>audio and video <a + href="https://defectivebydesign.org/what_is_drm_digital_restrictions_management"> + DRM</a></em> called "Protected Audio Video Path" (PAVP). The ME receives from + the host operating system an encrypted media stream and encrypted key, decrypts + the key, and sends the encrypted media decrypted key to the GPU, which then + decrypts the media. PAVP is also used by another ME application to draw an + authentication PIN pad directly onto the screen. In this usage, the PAVP + application directly controls the graphics that appear on the PC's screen in a + way that the host OS cannot detect. ME firmware version 7.0 on PCHs with 2nd + Generation Intel Core i3/i5/i7 (Sandy Bridge) CPUs replaces PAVP with a similar + DRM application called "Intel Insider". Like the AMT application, these DRM + applications, which in themselves are defective by design, demonstrate the + omnipotent capabilities of the ME: this hardware and its proprietary firmware + can access and control everything that is in RAM and even <em>everything that is + shown on the screen</em>. + </p> + <p> + The Intel Management Engine with its proprietary firmware has complete access to + and control over the PC: it can power on or shut down the PC, read all open + files, examine all running applications, track all keys pressed and mouse + movements, and even capture or display images on the screen. And it has a + network interface that is demonstrably unsecure, which can allow an attacker on + the network to inject rootkits that completely compromise the PC and can report + to the attacker all activities performed on the PC. It is a threat to freedom, + security, and privacy that can't be ignored. + </p> + <p> + Before version 6.0 (that is, on systems from 2008/2009 and earlier), the ME can + be disabled by setting a couple of values in the SPI flash memory. The ME + firmware can then be removed entirely from the flash memory space. libreboot <a + href="../docs/hcl/gm45_remove_me.html">does this</a> on the Intel 4 Series + systems that it supports, such as the <a + href="../docs/install/x200_external.html">Libreboot X200</a> and <a + href="../docs/install/t400_external.html">Libreboot T400</a>. ME firmware + versions 6.0 and later, which are found on all systems with an Intel Core + i3/i5/i7 CPU and a PCH, include "ME Ingition" firmware that performs some + hardware initialization and power management. If the ME's boot ROM does not + find in the SPI flash memory an ME firmware manifest with a valid Intel + signature, the whole PC will shut down after 30 minutes. + </p> + <p> + Due to the signature verification, developing free replacement firmware for the + ME is basically impossible. The only entity capable of replacing the ME + firmware is Intel. As previously stated, the ME firmware includes proprietary + code licensed from third parties, so Intel couldn't release the source code even + if they wanted to. And even if they developed completely new ME firmware + without third-party proprietary code and released its source code, the ME's boot + ROM would reject any modified firmware that isn't signed by Intel. Thus, the ME + firmware is both hopelessly proprietary and "tivoized". + </p> + <p><strong> + In summary, the Intel Management Engine and its applications are a backdoor with + total access to and control over the rest of the PC. The ME is a threat to + freedom, security, and privacy, and the libreboot project strongly recommends + avoiding it entirely. Since recent versions of it can't be removed, this means + avoiding all recent generations of Intel hardware. + </strong></p> + <p> + More information about the Management Engine can be found on various Web sites, + including <a href="http://me.bios.io/Main_Page">me.bios.io</a>, <a + href="http://io.smashthestack.org/me/">the smashthestack network</a>, <a + href="http://www.coreboot.org/Intel_Management_Engine">coreboot wiki</a>, and <a + href="https://en.wikipedia.org/wiki/Intel_Active_Management_Technology"> + Wikipedia</a>. The book <em><a href="https://www.apress.com/9781430265719"> + Platform Embedded Security Technology Revealed</a></em> describes in great + detail the ME's hardware architecture and firmware application modules. </p> <h3 id="fsp">Firmware Support Package (FSP) <span class="ref">(<a href="#fsp">#fsp</a>)</span></h3> <p> |