From 16958b8afff8c8800a6e52ceed76e4d2071ef4d7 Mon Sep 17 00:00:00 2001
From: Francis Rowe
- The ME is a separate processor that exists in all Intel systems past the year ~2006, running its own embedded (and proprietary) operating system, referred to as the ME firmware in this article. It provides remote access capabilities, + The ME is a separate microcontroller that exists in all Intel systems past the year ~2006, running its own embedded (and proprietary) operating system, referred to as the ME firmware in this article. It provides remote access capabilities, independently from the running operating system on the main CPU, with full access to RAM, and full networking support. With a functioning ME, your system is left wide open for attack. It can also phone home to Intel. It also handles the TPM, AMT (Active Management Technology), Boot Guard and various DRM mechanisms. @@ -141,13 +141,13 @@ a book titled Platform Embedded Security Technology Revealed (PESTR), published by Apress (ISBN 9781430265719).
- The Management Engine processor is an ARC microcontroller. The firmware is based - on ThreadX RTOS, which is an embedded operating system - designed specifically for those chips. Manufacturers (not just Intel) can pay for a (proprietary) license + The Management Engine is an ARC microcontroller. The firmware is based + on ThreadX RTOS, a proprietary embedded operating system. + Manufacturers (not just Intel) can pay for a (proprietary) license providing access to the source code, but they are not allowed to share it with anyone. In other words, even if Intel wanted to release the source code for this blob, they could not do so. Even if they did, the ME firmware is cryptographically signed, where the signature is verified at boot time. If you try to use your own modified - version of the ME firmware, it will be rejected by the ARC processor and your system will not boot. In other words, + version of the ME firmware, it will be rejected by the ARC and your system will not boot. In other words, the ME firmware is tivoized.
-- cgit v0.9.1