Personal computing discussed

Moderators: Flying Fox, morphine

 
dpaus
Gerbil
Topic Author
Posts: 73
Joined: Mon Mar 24, 2008 11:54 am

Vulnerable Minix system in Intel chipsets

Fri Nov 10, 2017 7:13 am

 
alloyD
Gerbil First Class
Posts: 175
Joined: Thu Apr 14, 2005 4:44 pm
Location: Missouri

Re: Vulnerable Minix system in Intel chipsets

Fri Nov 10, 2017 8:14 am

Not that it will change anything, but it's nice for the EFF to be able say "SEE! I TOLD YOU!"
"The danger lies not in the machine itself but in the user's failure to envision the full consequences of the instructions he gives to it." --Neil Stephenson
 
srg86
Gerbil Team Leader
Posts: 245
Joined: Tue Apr 25, 2006 7:57 am
Location: Madison, WI

Re: Vulnerable Minix system in Intel chipsets

Fri Nov 10, 2017 8:17 am

The fact that they are using Minix is interesting, but this is not news.

In previous forms this has been around for about a decade. Its used with AMT:

https://www.intel.com/content/www/us/en ... ology.html

Its part of vPro
Last edited by srg86 on Fri Nov 10, 2017 8:18 am, edited 1 time in total.
Intel Core i7 4790K, Z97, 16GB RAM, 128GB m4 SSD, 480GB M500 SSD, 500GB WD Vel, Intel HD4600, Corsair HX650, Fedora x64.
Thinkpad T460p, Intel Core i5 6440HQ, 8GB RAM, 512GB SSD, Intel HD 530 IGP, Fedora x64, Win 10 x64.
 
whm1974
Gerbil Elder
Posts: 5761
Joined: Fri Dec 05, 2014 5:29 am

Re: Vulnerable Minix system in Intel chipsets

Fri Nov 10, 2017 8:17 am

alloyD wrote:
Not that it will change anything, but it's nice for the EFF to be able say "SEE! I TOLD YOU!"

It is starting to look like my system is going to be RISC-V based.
 
srg86
Gerbil Team Leader
Posts: 245
Joined: Tue Apr 25, 2006 7:57 am
Location: Madison, WI

Re: Vulnerable Minix system in Intel chipsets

Fri Nov 10, 2017 8:19 am

whm1974 wrote:
alloyD wrote:
Not that it will change anything, but it's nice for the EFF to be able say "SEE! I TOLD YOU!"

It is starting to look like my system is going to be RISC-V based.


I don't know about the web interface, but especially as AMD will have similar features in the PSP. Wouldn't surprise me if ARM also has something similar.
Intel Core i7 4790K, Z97, 16GB RAM, 128GB m4 SSD, 480GB M500 SSD, 500GB WD Vel, Intel HD4600, Corsair HX650, Fedora x64.
Thinkpad T460p, Intel Core i5 6440HQ, 8GB RAM, 512GB SSD, Intel HD 530 IGP, Fedora x64, Win 10 x64.
 
alloyD
Gerbil First Class
Posts: 175
Joined: Thu Apr 14, 2005 4:44 pm
Location: Missouri

Re: Vulnerable Minix system in Intel chipsets

Fri Nov 10, 2017 8:24 am

At least with AMD we had a a somewhat vague, maybe-sorta, Lisa-will-think-about-it, stance on opening up the PSP for inspection.

edit: Ah. Well, looks like since the last time I checked, they confirmed they would not. oh well.
"The danger lies not in the machine itself but in the user's failure to envision the full consequences of the instructions he gives to it." --Neil Stephenson
 
whm1974
Gerbil Elder
Posts: 5761
Joined: Fri Dec 05, 2014 5:29 am

Re: Vulnerable Minix system in Intel chipsets

Fri Nov 10, 2017 8:47 am

srg86 wrote:
whm1974 wrote:
alloyD wrote:
Not that it will change anything, but it's nice for the EFF to be able say "SEE! I TOLD YOU!"

It is starting to look like my system is going to be RISC-V based.


I don't know about the web interface, but especially as AMD will have similar features in the PSP. Wouldn't surprise me if ARM also has something similar.

The SiFive company already has this released and they are planning on releasing a development board next year:
https://www.sifive.com/products/risc-v-core-ip/u54-mc/
Of course it will be a while before we will be to build a usable system yet, but it is coming.
 
DragonDaddyBear
Gerbil Elite
Posts: 759
Joined: Fri Jan 30, 2009 8:01 am

Re: Vulnerable Minix system in Intel chipsets

Fri Nov 10, 2017 9:00 am

alloyD wrote:
At least with AMD we had a a somewhat vague, maybe-sorta, Lisa-will-think-about-it, stance on opening up the PSP for inspection.

edit: Ah. Well, looks like since the last time I checked, they confirmed they would not. oh well.

That's not the same as what Intel has. AMD did not have a trusted execution extension and Intel did. Thus, if you wanted to write software in such a way that you could isolate the process from the user of the computer you could not. This is one reason that Intel is required for things like 4K Blu-Ray. It's very difficult to access, or so I'm led to believe. JBI or any other more knowledgeable person jump in and correct me. Because AMD didn't have this, they turned to ARM, which does have a trusted execution area (TrustZone). That's what that Arm "chip" is supposed to be for. I'm not saying it couldn't run it's own OS or something hidden from users but that's not intent. Also, the AMT is a chipset feature, is it not?
 
chuckula
Gold subscriber
Gerbil Jedi
Posts: 1862
Joined: Wed Jan 23, 2008 9:18 pm
Location: Probably where I don't belong.

Re: Vulnerable Minix system in Intel chipsets

Fri Nov 10, 2017 9:04 am

alloyD wrote:
At least with AMD we had a a somewhat vague, maybe-sorta, Lisa-will-think-about-it, stance on opening up the PSP for inspection.

edit: Ah. Well, looks like since the last time I checked, they confirmed they would not. oh well.


AMD probably couldn't open up PSP even if it wanted to since PSP appears to be a licensed product from a third-party vendor that implements a mini-ARM core to do its thing.
4770K @ 4.7 GHz; 32GB DDR3-2133; GTX-1080 sold and back to hipster IGP!; 512GB 840 Pro (2x); Fractal Define XL-R2; NZXT Kraken-X60
--Many thanks to the TR Forum for advice in getting it built.
 
just brew it!
Gold subscriber
Administrator
Posts: 51536
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Vulnerable Minix system in Intel chipsets

Fri Nov 10, 2017 9:25 am

Not really all that famiiar with how it works internally, other than SMM caused problems at a previous job when we were trying to do real-time stuff on an x86 based SBC. Sucks when a hidden ghost in the machine can randomly steal CPU cycles without warning.

Regarding a truly "clean" system with an ironclad guarantee of no hidden back doors, these days you'd probably have to design the CPU yourself in an FPGA, or at the very least learn enough about FPGAs to audit all of the HDL code that goes into it. Ditto all of your peripherals, since those typically have some intelligence and firmware in them as well. And as others have noted, you'd never be able to play DRM encumbered media on the resulting system (it wouldn't be fast enough to play media anyway, you'd probably be looking at 1980s PC class performance).
Nostalgia isn't what it used to be.
 
whm1974
Gerbil Elder
Posts: 5761
Joined: Fri Dec 05, 2014 5:29 am

Re: Vulnerable Minix system in Intel chipsets

Fri Nov 10, 2017 9:38 am

just brew it! wrote:
Not really all that famiiar with how it works internally, other than SMM caused problems at a previous job when we were trying to do real-time stuff on an x86 based SBC. Sucks when a hidden ghost in the machine can randomly steal CPU cycles without warning.

Regarding a truly "clean" system with an ironclad guarantee of no hidden back doors, these days you'd probably have to design the CPU yourself in an FPGA, or at the very least learn enough about FPGAs to audit all of the HDL code that goes into it. Ditto all of your peripherals, since those typically have some intelligence and firmware in them as well. And as others have noted, you'd never be able to play DRM encumbered media on the resulting system (it wouldn't be fast enough to play media anyway, you'd probably be looking at 1980s PC class performance).

Another reason to hate DRM and SMM. So how did you fixed the problem?
 
srg86
Gerbil Team Leader
Posts: 245
Joined: Tue Apr 25, 2006 7:57 am
Location: Madison, WI

Re: Vulnerable Minix system in Intel chipsets

Fri Nov 10, 2017 9:48 am

just brew it! wrote:
Not really all that famiiar with how it works internally, other than SMM caused problems at a previous job when we were trying to do real-time stuff on an x86 based SBC. Sucks when a hidden ghost in the machine can randomly steal CPU cycles without warning.

Regarding a truly "clean" system with an ironclad guarantee of no hidden back doors, these days you'd probably have to design the CPU yourself in an FPGA, or at the very least learn enough about FPGAs to audit all of the HDL code that goes into it. Ditto all of your peripherals, since those typically have some intelligence and firmware in them as well. And as others have noted, you'd never be able to play DRM encumbered media on the resulting system (it wouldn't be fast enough to play media anyway, you'd probably be looking at 1980s PC class performance).


I think the only truly "clean" ironclad back-door less system is not only one in which you have designed all the logic yourself, but one in which you have fab'ed yourself down the silicon level. And as you say, the CPU and peripherals would have to be designed by you down to this level.
Intel Core i7 4790K, Z97, 16GB RAM, 128GB m4 SSD, 480GB M500 SSD, 500GB WD Vel, Intel HD4600, Corsair HX650, Fedora x64.
Thinkpad T460p, Intel Core i5 6440HQ, 8GB RAM, 512GB SSD, Intel HD 530 IGP, Fedora x64, Win 10 x64.
 
whm1974
Gerbil Elder
Posts: 5761
Joined: Fri Dec 05, 2014 5:29 am

Re: Vulnerable Minix system in Intel chipsets

Fri Nov 10, 2017 9:52 am

srg86 wrote:
just brew it! wrote:
Not really all that famiiar with how it works internally, other than SMM caused problems at a previous job when we were trying to do real-time stuff on an x86 based SBC. Sucks when a hidden ghost in the machine can randomly steal CPU cycles without warning.

Regarding a truly "clean" system with an ironclad guarantee of no hidden back doors, these days you'd probably have to design the CPU yourself in an FPGA, or at the very least learn enough about FPGAs to audit all of the HDL code that goes into it. Ditto all of your peripherals, since those typically have some intelligence and firmware in them as well. And as others have noted, you'd never be able to play DRM encumbered media on the resulting system (it wouldn't be fast enough to play media anyway, you'd probably be looking at 1980s PC class performance).


I think the only truly "clean" ironclad back-door less system is not only one in which you have designed all the logic yourself, but one in which you have fab'ed yourself down the silicon level. And as you say, the CPU and peripherals would have to be designed by you down to this level.

And it wouldn't be cheap to do if you are making small runs at a time.
 
just brew it!
Gold subscriber
Administrator
Posts: 51536
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Vulnerable Minix system in Intel chipsets

Fri Nov 10, 2017 11:53 am

whm1974 wrote:
just brew it! wrote:
Not really all that famiiar with how it works internally, other than SMM caused problems at a previous job when we were trying to do real-time stuff on an x86 based SBC. Sucks when a hidden ghost in the machine can randomly steal CPU cycles without warning.

Another reason to hate DRM and SMM. So how did you fixed the problem?

IIRC we got the vendor to roll us a custom BIOS with a switch to turn off the part of it that was giving us grief.
Nostalgia isn't what it used to be.
 
whm1974
Gerbil Elder
Posts: 5761
Joined: Fri Dec 05, 2014 5:29 am

Re: Vulnerable Minix system in Intel chipsets

Fri Nov 10, 2017 12:06 pm

just brew it! wrote:
whm1974 wrote:
just brew it! wrote:
Not really all that famiiar with how it works internally, other than SMM caused problems at a previous job when we were trying to do real-time stuff on an x86 based SBC. Sucks when a hidden ghost in the machine can randomly steal CPU cycles without warning.

Another reason to hate DRM and SMM. So how did you fixed the problem?

IIRC we got the vendor to roll us a custom BIOS with a switch to turn off the part of it that was giving us grief.

How many hoops did your team had to go through to get them to do that?
 
just brew it!
Gold subscriber
Administrator
Posts: 51536
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Vulnerable Minix system in Intel chipsets

Fri Nov 10, 2017 12:16 pm

whm1974 wrote:
just brew it! wrote:
IIRC we got the vendor to roll us a custom BIOS with a switch to turn off the part of it that was giving us grief.

How many hoops did your team had to go through to get them to do that?

Yes, it was a PITA.

While we're looking at Intel security holes, there's also this: https://thenextweb.com/security/2017/11 ... d-via-usb/
Nostalgia isn't what it used to be.
 
whm1974
Gerbil Elder
Posts: 5761
Joined: Fri Dec 05, 2014 5:29 am

Re: Vulnerable Minix system in Intel chipsets

Fri Nov 10, 2017 12:38 pm

just brew it! wrote:
whm1974 wrote:
just brew it! wrote:
IIRC we got the vendor to roll us a custom BIOS with a switch to turn off the part of it that was giving us grief.

How many hoops did your team had to go through to get them to do that?

Yes, it was a PITA.

While we're looking at Intel security holes, there's also this: https://thenextweb.com/security/2017/11 ... d-via-usb/

JFC!!! :o Now I'm wondering if in the future I will be buying hardware from Purism and similar companies or even switched to RISC-V even if I have to learn how to build a homebrew computer? And just my current system around just for playing games. :roll: :evil:
 
srg86
Gerbil Team Leader
Posts: 245
Joined: Tue Apr 25, 2006 7:57 am
Location: Madison, WI

Re: Vulnerable Minix system in Intel chipsets

Fri Nov 10, 2017 1:03 pm

meh, if someone has physical access to your machine, all bets are off, that doesn't change.
Intel Core i7 4790K, Z97, 16GB RAM, 128GB m4 SSD, 480GB M500 SSD, 500GB WD Vel, Intel HD4600, Corsair HX650, Fedora x64.
Thinkpad T460p, Intel Core i5 6440HQ, 8GB RAM, 512GB SSD, Intel HD 530 IGP, Fedora x64, Win 10 x64.
 
whm1974
Gerbil Elder
Posts: 5761
Joined: Fri Dec 05, 2014 5:29 am

Re: Vulnerable Minix system in Intel chipsets

Fri Nov 10, 2017 1:18 pm

srg86 wrote:
meh, if someone has physical access to your machine, all bets are off, that doesn't change.

While this very true, but we can also make it very hard to get into the system itself, well for the average computer user anyway.
 
just brew it!
Gold subscriber
Administrator
Posts: 51536
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Vulnerable Minix system in Intel chipsets

Fri Nov 10, 2017 1:50 pm

srg86 wrote:
meh, if someone has physical access to your machine, all bets are off, that doesn't change.

Someone could sell booby trapped USB sticks online and infect thousands of systems without physically touching them.
Nostalgia isn't what it used to be.
 
Ummagumma
Gerbil
Posts: 38
Joined: Fri May 27, 2016 9:18 pm

Re: Vulnerable Minix system in Intel chipsets

Fri Nov 10, 2017 1:50 pm

dpaus wrote:


I see that TechDirt is catching up on the news. The security issues with Intel ME have been well docoumented by other "outlets" for a few months now.

You can even buy a laptop now that has Intel ME as completely disabled as possible without crippling the actual processor function that you really want.

https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-management-engine/
I used to do networking & network security for a living. Now I just do it for fun, but I still take it seriously.
 
Wirko
Gerbil First Class
Posts: 149
Joined: Fri Jun 15, 2007 4:38 am
Location: Central Europe

Re: Vulnerable Minix system in Intel chipsets

Fri Nov 10, 2017 4:19 pm

srg86 wrote:
just brew it! wrote:
Not really all that famiiar with how it works internally, other than SMM caused problems at a previous job when we were trying to do real-time stuff on an x86 based SBC. Sucks when a hidden ghost in the machine can randomly steal CPU cycles without warning.

Regarding a truly "clean" system with an ironclad guarantee of no hidden back doors, these days you'd probably have to design the CPU yourself in an FPGA, or at the very least learn enough about FPGAs to audit all of the HDL code that goes into it. Ditto all of your peripherals, since those typically have some intelligence and firmware in them as well. And as others have noted, you'd never be able to play DRM encumbered media on the resulting system (it wouldn't be fast enough to play media anyway, you'd probably be looking at 1980s PC class performance).


I think the only truly "clean" ironclad back-door less system is not only one in which you have designed all the logic yourself, but one in which you have fab'ed yourself down the silicon level. And as you say, the CPU and peripherals would have to be designed by you down to this level.


The same "you" would also have to weed out the vulnerabilities of the hardware. All of them.
 
whm1974
Gerbil Elder
Posts: 5761
Joined: Fri Dec 05, 2014 5:29 am

Re: Vulnerable Minix system in Intel chipsets

Fri Nov 10, 2017 4:24 pm

Wirko wrote:
srg86 wrote:
just brew it! wrote:
Not really all that famiiar with how it works internally, other than SMM caused problems at a previous job when we were trying to do real-time stuff on an x86 based SBC. Sucks when a hidden ghost in the machine can randomly steal CPU cycles without warning.

Regarding a truly "clean" system with an ironclad guarantee of no hidden back doors, these days you'd probably have to design the CPU yourself in an FPGA, or at the very least learn enough about FPGAs to audit all of the HDL code that goes into it. Ditto all of your peripherals, since those typically have some intelligence and firmware in them as well. And as others have noted, you'd never be able to play DRM encumbered media on the resulting system (it wouldn't be fast enough to play media anyway, you'd probably be looking at 1980s PC class performance).


I think the only truly "clean" ironclad back-door less system is not only one in which you have designed all the logic yourself, but one in which you have fab'ed yourself down the silicon level. And as you say, the CPU and peripherals would have to be designed by you down to this level.


The same "you" would also have to weed out the vulnerabilities of the hardware. All of them.

Ouch!!! That would impossible for one person to do all of that.
 
the
Gerbil Elite
Posts: 924
Joined: Tue Jun 29, 2010 2:26 am

Re: Vulnerable Minix system in Intel chipsets

Fri Nov 10, 2017 11:45 pm

One thing that has bugged me about this exploit since it was original revealed is if it only works with the USB ports with JTAG functionality or any USB port provided by the chipset. This was never made entirely clear to me form those who found the exploit though Intel's documentation would point toward only ports that had this JTAG functionality.
Dual Opteron 6376, 96 GB DDR3, Asus KGPE-D16, GTX 970
Mac Pro Dual Xeon E5645, 48 GB DDR3, GTX 770
Core i7 3930K@4.2 Ghz, 32 GB DDR3, GA-X79-UP5-Wifi
Core i7 2600K@4.4 Ghz, 16 GB DDR3, GTX 970, GA-X68XP-UD4

Who is online

Users browsing this forum: No registered users and 1 guest