diff options
-rw-r--r-- | site/faq/index.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/site/faq/index.php b/site/faq/index.php index 443d14c..b445db2 100644 --- a/site/faq/index.php +++ b/site/faq/index.php @@ -119,7 +119,7 @@ </p> <h3 id="intelme">Intel Management Engine (ME) <span class="ref">(<a href="#intelme">#intelme</a>)</span></h3> <p> - The ME is a separate processor that exists in all Intel systems past the year ~2006, running its own embedded (and proprietary) operating system, referred to as the ME <i>firmware</i> in this article. It provides remote access capabilities, + The ME is a separate microcontroller that exists in all Intel systems past the year ~2006, running its own embedded (and proprietary) operating system, referred to as the ME <i>firmware</i> in this article. It provides remote access capabilities, independently from the running operating system on the main CPU, with full access to RAM, and full networking support. <i>With a functioning ME, your system is left wide open for attack. It can also phone home to Intel.</i> It also handles the TPM, AMT (<a href="https://www.fsf.org/blogs/community/active-management-technology">Active Management Technology</a>), <a href="https://mjg59.dreamwidth.org/33981.html">Boot Guard</a> and various <a href="https://defectivebydesign.org/what_is_drm_digital_restrictions_management">DRM</a> mechanisms. @@ -141,13 +141,13 @@ a book titled <i><a href="https://www.apress.com/9781430265719">Platform Embedded Security Technology Revealed</a></i> (PESTR), published by Apress (ISBN 9781430265719). </p> <p> - The Management Engine processor is an <i>ARC</i> microcontroller. The firmware is based - on <a href="http://rtos.com/products/threadx/ARC">ThreadX RTOS</a>, which is an embedded operating system - designed specifically for those chips. Manufacturers (not just Intel) can pay for a (proprietary) license + The Management Engine is an <i>ARC</i> microcontroller. The firmware is based + on <a href="http://rtos.com/products/threadx/ARC">ThreadX RTOS</a>, a proprietary embedded operating system. + Manufacturers (not just Intel) can pay for a (proprietary) license providing access to the source code, but they are not allowed to share it with anyone. In other words, even if Intel wanted to release the source code for this blob, they could not do so. Even if they did, the ME firmware is cryptographically signed, where the signature is verified at boot time. If you try to use your own modified - version of the ME firmware, it will be rejected by the ARC processor and your system will not boot. In other words, + version of the ME firmware, it will be rejected by the ARC and your system will not boot. In other words, the ME firmware is <i><a href="https://www.gnu.org/proprietary/proprietary-tyrants.html">tivoized</a></i>. </p> <p> |