summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorP. J. McDermott <pj@pehjota.net>2015-09-13 17:45:51 (EDT)
committer P. J. McDermott <pj@pehjota.net>2015-09-13 17:45:51 (EDT)
commit28f81f4c1af196262bad8f388491eb328db70e41 (patch)
tree479e4ec3bfedfe5862035669da533f5cf8059900
parent16958b8afff8c8800a6e52ceed76e4d2071ef4d7 (diff)
downloadlibreboot.org-28f81f4c1af196262bad8f388491eb328db70e41.zip
libreboot.org-28f81f4c1af196262bad8f388491eb328db70e41.tar.gz
libreboot.org-28f81f4c1af196262bad8f388491eb328db70e41.tar.bz2
FAQ: Rewrite Intel ME sectionfeature/faq-intel-me-rewrite
Explain in greater detail the ME, its introduction and versions, its hardware architecture, and and its firmware structure and application modules.
-rw-r--r--site/faq/index.php173
1 files changed, 136 insertions, 37 deletions
diff --git a/site/faq/index.php b/site/faq/index.php
index b445db2..4f11c3e 100644
--- a/site/faq/index.php
+++ b/site/faq/index.php
@@ -119,43 +119,142 @@
</p>
<h3 id="intelme">Intel Management Engine (ME) <span class="ref">(<a href="#intelme">#intelme</a>)</span></h3>
<p>
- The ME is a separate microcontroller that exists in all Intel systems past the year ~2006, running its own embedded (and proprietary) operating system, referred to as the ME <i>firmware</i> in this article. It provides remote access capabilities,
- independently from the running operating system on the main CPU, with full access to RAM, and full networking support. <i>With a functioning ME, your system
- is left wide open for attack. It can also phone home to Intel.</i> It also handles the
- TPM, AMT (<a href="https://www.fsf.org/blogs/community/active-management-technology">Active Management Technology</a>), <a href="https://mjg59.dreamwidth.org/33981.html">Boot Guard</a> and various <a href="https://defectivebydesign.org/what_is_drm_digital_restrictions_management">DRM</a> mechanisms.
- The ME also performs some basic hardware initialization and power management, on recent systems.
- </p>
- <p>
- The ME firmware is <i>cryptographically signed</i>, which means that you cannot run a modified version of it. You also can't boot without it.
- On some older systems (based on ICH8 and ICH9), it's possible to remove the ME <i>firmware</i> and still have a functioning system, where
- the ME itself is permanently deactivated. For instance, libreboot supports several ICH9 based
- laptops (e.g. <a href="../docs/install/x200_external.html">Libreboot X200</a> and <a href="../docs/install/t400_external.html">Libreboot T400</a>); see <a href="../docs/hcl/gm45_remove_me.html">../docs/hcl/gm45_remove_me.html</a>.
- On later systems (basically anything produced since 2010), this is not possible.
- </p>
- <p>
- All modern Intel systems built after around the year 2008/2009 (after ICH9) require this proprietary firmware, and
- will not boot without it (or will shut down after 30 minutes). Replacing it is impossible, unless you are Intel (only they have the private
- key, necessary for signing the firmware). The Management Engine is covered on a lot of websites
- (e.g. <a href="http://me.bios.io/Main_Page">me.bios.io</a>, <a href="http://io.smashthestack.org/me/">smashthestack.org</a>,
- the <a href="http://www.coreboot.org/Intel_Management_Engine">coreboot wiki</a>, <a href="https://en.wikipedia.org/wiki/Intel_Active_Management_Technology">wikipedia</a>, <a href="https://www.fsf.org/blogs/community/active-management-technology">FSF blog</a>) and
- a book titled <i><a href="https://www.apress.com/9781430265719">Platform Embedded Security Technology Revealed</a></i> (PESTR), published by Apress (ISBN 9781430265719).
- </p>
- <p>
- The Management Engine is an <i>ARC</i> microcontroller. The firmware is based
- on <a href="http://rtos.com/products/threadx/ARC">ThreadX RTOS</a>, a proprietary embedded operating system.
- Manufacturers (not just Intel) can pay for a (proprietary) license
- providing access to the source code, but they are not allowed to share it with anyone. In other words, even
- if Intel wanted to release the source code for this blob, they could not do so. Even if they did, the ME
- firmware is cryptographically signed, where the signature is verified at boot time. If you try to use your own modified
- version of the ME firmware, it will be rejected by the ARC and your system will not boot. In other words,
- the ME firmware is <i><a href="https://www.gnu.org/proprietary/proprietary-tyrants.html">tivoized</a></i>.
- </p>
- <p>
- <b><i>
- The Management Engine is a giant backdoor, allowing full access to your entire system for malicious adversaries. You don't have any privacy
- at all on systems that have this.
- The libreboot project strongly recommends that you avoid it entirely, and this means avoiding all recent generations of Intel hardware.
- </i></b>
+ Introduced in June 2006 in Intel's 965 Express Chipset Family of (Graphics and)
+ Memory Controller Hubs, or (G)MCHs, and the ICH8 I/O Controller Family, the
+ Intel Management Engine (ME) is a separate computing environment physically
+ located in the (G)MCH chip. In Q3 2009, the first generation of Intel Core
+ i3/i5/i7 (Nehalem) CPUs and the 5 Series Chipset family of Platform Controller
+ Hubs, or PCHs, brought a more tightly integrated ME (now at version 6.0) inside
+ the PCH chip, which itself replaced the ICH. Thus, the ME is <em>present on all
+ Intel desktop, mobile (laptop), and server systems since mid 2006</em>.
+ </p>
+ <p>
+ The ME consists of an ARC processor core (replaced with other processor cores in
+ later generations of the ME), code and data caches, a timer, and a secure
+ internal bus to which additional devices are connected, including a cryptography
+ engine, internal ROM and RAM, memory controllers, and a <em>direct memory access
+ (DMA) engine</em> to access the host operating system's memory as well as to
+ reserve a region of protected external memory to supplement the ME's limited
+ internal RAM. The ME also has <em>network access</em> with its own MAC address
+ through an Intel Gigabit Ethernet Controller. Its boot program, stored on the
+ internal ROM, loads a firmware "manifest" from the PC's SPI flash chip. This
+ manifest is <em>signed with a strong cryptographic key</em>, which differs
+ between versions of the ME firmware. If the manifest isn't signed by a specific
+ Intel key, the boot ROM won't load and execute the firmware and the ME processor
+ core will be halted.
+ </p>
+ <p>
+ The ME firmware is compressed and consists of modules that are listed in the
+ manifest along with secure cryptographic hashes of their contents. One module
+ is the operating system kernel, which is based on a <em>proprietary real-time
+ operating system (RTOS) kernel</em> called "ThreadX". The developer, Express
+ Logic, sells licenses and source code for ThreadX. Customers such as Intel are
+ forbidden from disclosing or sublicensing the ThreadX source code. Another
+ module is the Dynamic Application Loader (DAL), which consists of a <em>Java
+ virtual machine</em> and set of pre-installed Java classes for cryptography,
+ secure storage, etc. The DAL module can load and execute additional ME modules
+ from the PC's HDD or SSD. The ME firmware also includes a number of native
+ application modules within its flash memory space, including Intel Active
+ Management Technology (AMT), an implementation of a Trusted Platform Module
+ (TPM), Intel Boot Guard, and audio and video DRM systems.
+ </p>
+ <p>
+ The <a href="https://www.fsf.org/blogs/community/active-management-technology">
+ Active Management Technology (AMT)</a> application, part of the Intel "vPro"
+ brand, is a Web server and application code that enables remote users to power
+ on, power off, view information about, and otherwise manage the PC. It can
+ be <em>used remotely even while the PC is powered off</em> (via Wake-on-Lan).
+ Traffic is encrypted using SSL/TLS libraries, but recall that all of the major
+ SSL/TLS implementations have had highly publicized vulnerabilities. The AMT
+ application itself has <em><a
+ href="https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Known_vulnerabilities_and_exploits">
+ known vulnerabilities</a></em>, which have been exploited to develop rootkits
+ and keyloggers and covertly gain encrypted access to the management features of
+ a PC. Remember that the ME has full access to the PC's RAM. This means that an
+ attacker exploiting any of these vulnerabilities may gain access to everything
+ on the PC as it runs: all open files, all running applications, all keys
+ pressed, and more.
+ </p>
+ <p>
+ <a href="https://mjg59.dreamwidth.org/33981.html">Intel Boot Guard</a> is an ME
+ application introduced in Q2 2013 with ME firmware version 9.0 on 4th Generation
+ Intel Core i3/i5/i7 (Haswell) CPUs. It allows a PC OEM to generate an
+ asymmetric cryptographic keypair, install the public key in the CPU, and prevent
+ the CPU from executing boot firmware that isn't signed with their private key.
+ This means that <em>coreboot and libreboot are impossible to port</em> to such
+ PCs, without the OEM's private signing key. Note that systems assembled from
+ separately purchased mainboard and CPU parts are unaffected, since the vendor of
+ the mainboard (on which the boot firmware is stored) can't possibly affect the
+ public key stored on the CPU.
+ </p>
+ <p>
+ ME firmware versions 4.0 and later (Intel 4 Series and later chipsets) include
+ an ME application for <em>audio and video <a
+ href="https://defectivebydesign.org/what_is_drm_digital_restrictions_management">
+ DRM</a></em> called "Protected Audio Video Path" (PAVP). The ME receives from
+ the host operating system an encrypted media stream and encrypted key, decrypts
+ the key, and sends the encrypted media decrypted key to the GPU, which then
+ decrypts the media. PAVP is also used by another ME application to draw an
+ authentication PIN pad directly onto the screen. In this usage, the PAVP
+ application directly controls the graphics that appear on the PC's screen in a
+ way that the host OS cannot detect. ME firmware version 7.0 on PCHs with 2nd
+ Generation Intel Core i3/i5/i7 (Sandy Bridge) CPUs replaces PAVP with a similar
+ DRM application called "Intel Insider". Like the AMT application, these DRM
+ applications, which in themselves are defective by design, demonstrate the
+ omnipotent capabilities of the ME: this hardware and its proprietary firmware
+ can access and control everything that is in RAM and even <em>everything that is
+ shown on the screen</em>.
+ </p>
+ <p>
+ The Intel Management Engine with its proprietary firmware has complete access to
+ and control over the PC: it can power on or shut down the PC, read all open
+ files, examine all running applications, track all keys pressed and mouse
+ movements, and even capture or display images on the screen. And it has a
+ network interface that is demonstrably unsecure, which can allow an attacker on
+ the network to inject rootkits that completely compromise the PC and can report
+ to the attacker all activities performed on the PC. It is a threat to freedom,
+ security, and privacy that can't be ignored.
+ </p>
+ <p>
+ Before version 6.0 (that is, on systems from 2008/2009 and earlier), the ME can
+ be disabled by setting a couple of values in the SPI flash memory. The ME
+ firmware can then be removed entirely from the flash memory space. libreboot <a
+ href="../docs/hcl/gm45_remove_me.html">does this</a> on the Intel 4 Series
+ systems that it supports, such as the <a
+ href="../docs/install/x200_external.html">Libreboot X200</a> and <a
+ href="../docs/install/t400_external.html">Libreboot T400</a>. ME firmware
+ versions 6.0 and later, which are found on all systems with an Intel Core
+ i3/i5/i7 CPU and a PCH, include "ME Ingition" firmware that performs some
+ hardware initialization and power management. If the ME's boot ROM does not
+ find in the SPI flash memory an ME firmware manifest with a valid Intel
+ signature, the whole PC will shut down after 30 minutes.
+ </p>
+ <p>
+ Due to the signature verification, developing free replacement firmware for the
+ ME is basically impossible. The only entity capable of replacing the ME
+ firmware is Intel. As previously stated, the ME firmware includes proprietary
+ code licensed from third parties, so Intel couldn't release the source code even
+ if they wanted to. And even if they developed completely new ME firmware
+ without third-party proprietary code and released its source code, the ME's boot
+ ROM would reject any modified firmware that isn't signed by Intel. Thus, the ME
+ firmware is both hopelessly proprietary and "tivoized".
+ </p>
+ <p><strong>
+ In summary, the Intel Management Engine and its applications are a backdoor with
+ total access to and control over the rest of the PC. The ME is a threat to
+ freedom, security, and privacy, and the libreboot project strongly recommends
+ avoiding it entirely. Since recent versions of it can't be removed, this means
+ avoiding all recent generations of Intel hardware.
+ </strong></p>
+ <p>
+ More information about the Management Engine can be found on various Web sites,
+ including <a href="http://me.bios.io/Main_Page">me.bios.io</a>, <a
+ href="http://io.smashthestack.org/me/">the smashthestack network</a>, <a
+ href="http://www.coreboot.org/Intel_Management_Engine">coreboot wiki</a>, and <a
+ href="https://en.wikipedia.org/wiki/Intel_Active_Management_Technology">
+ Wikipedia</a>. The book <em><a href="https://www.apress.com/9781430265719">
+ Platform Embedded Security Technology Revealed</a></em> describes in great
+ detail the ME's hardware architecture and firmware application modules.
</p>
<h3 id="fsp">Firmware Support Package (FSP) <span class="ref">(<a href="#fsp">#fsp</a>)</span></h3>
<p>