
MINIX: ​Intel's hidden in-chip operating system - jugalps
http://www.zdnet.com/article/minix-intels-hidden-in-chip-operating-system/
======
turblety
While the backdoor and surveillance arguments are good, and the chips are very
likely backdoored (if not deliberately then by undetected bugs) there are
other issues with this closed source firmware.

Let's say another bug [1] is found that lets anyone remotely control your
computer, but Intel becomes bankrupt, or just doesn't see it as a big enough
threat to roll out a firmware update. You then essentially have a computer
that you can't use, due to the fact it's not secure and anything done on it
could be compromised.

Maybe not a massive deal for the average home user who would just buy another
laptop. But let's say a large company buys 10k laptops all with an Intel chip
inside it. Then Intel goes bankrupt, becomes incompetent (i.e. can not resolve
bugs), refuses to upgrade firmware, or something else. When the next massive
security bug is found (which is inevitable with all code, open source or
closed) you are left essentially with 10k unusable laptops.

If the code was open sourced, the large company could pay someone else to fix
the problem, or what's more likely is someone in the open source community
would fix it for us.

The fact you have another processor running beside your main one, that has
full access to everything you do without your permission, knowledge or ability
to stop it should worry everyone. Even if there are no backdoors or bugs in
the code right now, it's a very dangerous precedent to set that we buy
hardware we can not control. Maybe one day Intel decides to put an expiry date
in their chips, or some DRM to prevent you watching certain content without a
license. These restrictions can't be good for society in the long term, can
they?

But the biggest problem should be for large companies and corporations. They
are putting the faith of their own business into Intel, which like all
businesses could one day fail, big time.

1\. [https://www.intel.co.uk/content/www/uk/en/architecture-
and-t...](https://www.intel.co.uk/content/www/uk/en/architecture-and-
technology/intel-amt-vulnerability-announcement.html)

~~~
userbinator
The fact that it's closed source is not actually the biggest problem --- it's
the fact that the hardware completely refuses to run firmware that's not
signed by Intel, and Intel is not giving you the keys or any other way out.

Intel could open-source the firmware, but without any way to use it on the
hardware, it'd be useless for anything but finding exploits --- arguably an
even worse position. See also
[https://en.wikipedia.org/wiki/Tivoization](https://en.wikipedia.org/wiki/Tivoization)

All you need is the ability to run your own code on the hardware, legally or
otherwise (regardless of what laws exist, no one can stop you from flipping
the bits on storage media you possess...), and the community will do the rest.
Having the ability to extract the existing code is also immensely helpful, but
I'd consider source to be more of a bonus than an absolute requirement. BIOS
modding, custom Android ROMs, iOS jailbreaks, console homebrew, whatever else
--- you don't need source code, just the ability to run your own.

Crackers, reversers, and security researchers have long been fine operating
under the saying: "Source code? We don't need no stinkin' source code!"

...and IMHO the software community could do well to promote this sort of
_introspection_ more, to encourage tinkering and exploration and analysis, in
contrast to the "can't do anything without source code", "can't do anything
without someone else telling you that you can" attitude prevalent today; but,
and this may be a bit of a conspiracy theory, I suspect the establishment
generally does not approve of such a "hacker" attitude precisely because it
means they can't hide anything by "closing the source".

~~~
monocasa
Hence why GPLv3 and it's anti-Tivoization clause is so important.

------
tsujamin
" _What Minnich would like to see happen is for Intel to dump its MINIX code
and use an open-source Linux-based firmware. This would be much more secure.
The current software is only secured by "security by obscurity".

Changing to Linux would also enable servers to boot much faster. According to
Minnich, booting an Open Compute Project (OCP) Server takes eight minutes
thanks to MINIX's primitive drivers. With Linux it would take less than 17
seconds to get to a shell prompt. That's a speedup of 32 times._"

Anyone else think this is article is pretty FUD and crap? Not saying Minix has
been security audited or is more/less secure than a Linux alternative, but
there's something to be said for microkernels at the ME layer.

The OpenCompute annecdote (uncited?) doesn't designate whether Minix in ME is
the bottleneck, or whether it's just slow to boot (it probably is when you're
booting it with a platform worth of devices).

Good to know my involuntary shudder when opening a ZDNet article isn't
entirely unfounded.

~~~
tomxor
Yes, it's complete FUD. It's also moot, because it really doesn't matter much
whats in ME, ME just needs to not exist. The primary reason for choosing MINIX
is memory footprint and reliability, additionally GNU is never popular for
proprietary blobs like this... it would actually harm users with ME's current
strategy if you think about it, GNU forces them to publish their likely buggy
striped down version of linux, yet only intel can sign the firmware, so users
are helpless and malicious people can find bugs in the code while intel sits
on their hands.

I don't find it hard to believe that Minix drivers are slow and primitive...
Minix is not widely used like Linux, that doesn't really mean anything more
than that, it's an amazing kernel and there is no better choice for an
embedded system that you can't afford to fail and require user intervention.

I guess the TL;DR is that Minix was the right system for the job, it's just
that the job was unfortunately pure evil, so arguing about Minix is stupid.

~~~
wolfgke
> additionally GNU is never popular for proprietary blobs like this... it
> would actually harm users with ME's current strategy if you think about it,
> GNU forces them to publish their likely buggy striped down version of linux

I don't know whether Intel ME contains the usual userland tools that are
typical for UNIX-like operating systems. But it is well-known that a lot of
MINIX 3's userland was taken/ported from NetBSD, as the MINIX 3 developers
openly admit:
[http://wiki.minix3.org/doku.php?id=developersguide:portingne...](http://wiki.minix3.org/doku.php?id=developersguide:portingnetbsduserland)

~~~
tomxor
Yes I am aware this is why Minix has the BSD license throughout. To be clear
in-case their is confusion: in the text you quote I am describing the
hypothetical scenario where Intel used Linux + GNU userland to build ME.

------
JepZ
While I am unsure if switchting to Linux for ME is a good solution, open
sourcing whatever runs ME is a very important step towards user/customer
security. And that is not because we all want to know intels secrets about
'how to make the fastest CPU' but because ME can change the product on a
fundamental level while we use the product.

The reason I doubt that Linux is a good solution is that linux wasn't built to
run somewhere deep inside a cpu with very little overhead. Surely, it can run
nearly everywhere, I just doubt that it is the best choice for that job.

Just to be clear: I love Linux, not just for what it is, but also for what it
does and use it every day since more than a decade.

~~~
colejohnson66
Well, someone managed to get Linux running on a Motorola 68k of all things:
[https://www.bigmessowires.com/2014/11/17/68-katy-68000-linux...](https://www.bigmessowires.com/2014/11/17/68-katy-68000-linux-
on-a-solderless-breadboard/)

~~~
Aloha
Linux has actually run on a Motorola 68k for quite some time (late 90's I
think?)- what makes this special is its a 68008, which is a 68000, with an 8
bit data bus.

------
mosselman
So if switching to AMD is NOT the solution, what is? ARM?

For your portable needs there is: [https://puri.sm/posts/purism-librem-
laptops-completely-disab...](https://puri.sm/posts/purism-librem-laptops-
completely-disable-intel-management-engine/)

~~~
deno
For desktop your options are:

— FX 8350 (Piledriver) from AMD with no PSP: very cheap, no flashing
necessary, but not the best performance. Single core performance much worse
than even Pentium G4620[1].

— Some Intel processors and a Raspberry Pi: much better performance but you
have to ME_Clean the firmware, hence the Pi.

— POWER9 processor for amazing performance and completely open & free firmware
all around: the CPU is $400 but you get $400 worth of performance, PCIe 4.0
etc., however the only mainboard you can get right now costs $2000, and it’s
not x86, so you’d need to run your Windows VMs (if you need) on a seperate
box.

Personally I recommend used IvyBridge-EP or Haswell Xeon E5 system, make sure
it takes ECC DDR3 Reg ram and you can pick up lots of _very_ cheap DDR3 ECC
memory to go along with it.

Performance is pretty good, on par with mid level Ryzen[1], and it’s recent
enough to have all the hardware extensions anyone cares about.

[1] [http://cpu.userbenchmark.com/Compare/AMD-FX-8350-vs-Intel-
Pe...](http://cpu.userbenchmark.com/Compare/AMD-FX-8350-vs-Intel-
Pentium-G4620/1489vs3895)

[2] [http://cpu.userbenchmark.com/Compare/Intel-
Xeon-E5-1650-v2-v...](http://cpu.userbenchmark.com/Compare/Intel-
Xeon-E5-1650-v2-vs-AMD-Ryzen-5-1600/m7574vs3919)

EDIT: Post before wrongly stated that you need pre-Skylake chip.
Skylake/Kabylake µarch is also an option now, however some restrictions apply.
I don’t think it’s very good value though, at least until Coffeelake is
compatible.

~~~
jabl
> Personally I recommend IvyBridge-EP or Haswell Xeon E5

Err, the ME has been present on every Intel system since 2006 or so.

The only thing that changed with Skylake is that the ME runs on an x86 core,
on previous processors the ME ran on some RISC microcontroller.

~~~
m45t3r
I think OP meant to say that you can disable ME in those CPUs, since they are
pre-Skylale silicon.

------
kelsolaar
I can't remove from my head the thought that the NSA has been exploiting that
for years.

~~~
benevol
No need to. For anybody who's read the Snowden leaks it's 100% plausible that
the NSA owns society through hardware backdoors.

Conclusion: We need 100% open-source hardware ASAP if we're to become a sane
society.

Edit: Anyone remember the "Intel inside" trademark [0] which was supposed to
add (marketing) value to any PC which was allowed to carry that label? Well,
today it's clear that this label actually stands for "Intelligence community
inside".

[0] [https://www.intel.com/content/www/us/en/trademarks/intel-
ins...](https://www.intel.com/content/www/us/en/trademarks/intel-inside.html)

~~~
StreamBright
Implying opensource cannot contain backdoors for years.
[https://arstechnica.com/information-
technology/2010/12/fbi-a...](https://arstechnica.com/information-
technology/2010/12/fbi-accused-of-planting-backdoor-in-openbsd-ipsec-stack/)

~~~
benevol
The open-source approach is our own chance to purge corruption in the
technology layer. We may not yet have implemented the idea perfectly, but keep
in mind the following:

With every new player (government, company, user) joining the open-source
approach, we get additional eyes on the code/hardware.

Imagine all world governments using only open-source code/hardware: Given the
current budgets at play, we would have 100% secure code/hardware in a matter
of seconds - for everybody on the Planet.

Why is this not happening? Because governments (currently) still do not fully
represent the citizens' interests. They mainly represent their interests first
(which is the protection and expansion of their power monopoly). This is
called the principal-agent problem.

~~~
nfoz
Let's suppose that hardware is open-source. How do I know that my instance of
the hardware is faithful to the spec? That my vendor didn't modify the
hardware?

Let's suppose that I have a 3D printer sophisticated enough to print open-
source circuitboards. How do I trust my 3d printer?

I think there's a hardware "trusting trust" problem; I can't imagine how your
optimism could ever be realized. I hope I'm missing something!

~~~
hdhzy
I think the parent doesn't mean that open source will cure all problems but
that it will move the bar higher for malicious players. If the designs were
published and it'd be possible for anyone to review and build such a thing
then it's exponentially harder to hide something.

------
JohnStrange
Now that Intel ME is getting so much attention, are there similar efforts to
analyze AMD's PSP? I wonder about that since I'm planning to buy a new PC next
year and was planning to go for AMD this time. Should I wait until security
researchers have found ways to disable these for a certain
chip/motherboard/firmware combination?

I'm thinking about buying an Intel chip, trying to disable ME, and send the
motherboard and chip back as faulty if it gets bricked during that process.

------
rkachowski
It would be interesting to know the HFT attitude on this. How many nanoseconds
can you shave off of your trades with ME removed?

It seems like throws a spanner in the face of the unikernel / kernel bypass
approach of getting closer to the metal, when your CPU can be directly running
a web server(!) without your control.

~~~
amluto
None. ME isn't running on the CPU.

It's possible that ME initiates memory access that clogs the bus, though.

------
sengork
Makes me wonder what Tanenbaum thinks of the arguably most common MINIX
deployment. Considering that their conference has been cancelled [0] it would
seem that this OS is largely unexplored and by extension not thoroughly
audited.

[0] - [http://www.minix3.org/](http://www.minix3.org/)

~~~
wjnc
He doesn't seem to mind [1]:

"The only thing that would have been nice is that after the project had been
finished and the chip deployed, that someone from Intel would have told me,
just as a courtesy, that MINIX 3 was now probably the most widely used
operating system in the world on x86 computers."

[1] -
[https://news.ycombinator.com/item?id=15642116](https://news.ycombinator.com/item?id=15642116)

------
dis-sys
It is another proof that Andrew Tanenbaum should be awarded the Turning Award
- all those privacy & security issues aside (as he is not involved in the
deployment, he was not even told for the deployment), his Minix positively
influenced an entire generation of software engineers and now it is proven to
be practical in such a world scale deployment.

------
bogomipz
I had a question about this passage:

>"There's no reason not to make this improvement. Minnich noted, "There are
probably 30 million-plus Chromebooks out there and when your Chromebook gets a
new BIOS, a new Linux image is flashed to firmware and I haven't heard of any
problems."

Didn't or don't some generations of Chromebooks use Intel chips? Or is he not
referring to the ring -2 and ring -3 Intel ME/UEFI stuff here?

------
zulrah
What a terribly writen article! Sure intel me is a terrible thing but all this
fake information about minix being slow and obscure makes this article a joke

------
agumonkey
see NERF
[https://news.ycombinator.com/item?id=15572978](https://news.ycombinator.com/item?id=15572978)

------
detaro
see also discussion yesterday (different article about the same thing):
[https://news.ycombinator.com/item?id=15634014](https://news.ycombinator.com/item?id=15634014)

------
microcolonel
Title is inaccurate. MINIX is not Intel's. Why is this ME fluff piece being
rehashed? Why are they talking about stupid ideas like replacing it with
Linux?

------
RoutinePlayer
What impact does this have on cloud computing security?

