
Uncorrectable freedom and security issues on x86 platforms (2016) - shirian
https://decentralize.today/uncorrectable-freedom-and-security-issues-on-x86-platforms-2e6220fa07ed#.4bahgsnc0
======
0x0
Isn't it sci-fi-level incredible, and frankly both scary and shady, that every
modern x86 CPU has this forced sub-ring-0 control program? And that the CPU
vendors apparently go to extreme lengths in hiding its functionality? Why
would even large vendors like Apple or Dell agree to this?

The 30-minute timeout is particularly mischievous. It's like they REALLY want
to slow down any effort at patching out the ME.

Are we going to have to wait on an insider leak on what's the real deal here?
Or have I completely missed out on a perfectly good excuse for what's going
on?

~~~
throwawaysed
NSA 100% . Some time around 10 years ago governments decided the internet was
too "dangerous" to be free. Arab spring cemented that into their minds, and
now a bastion of free thought has become the worlds biggest spying apparatus.

~~~
trome
So why not build our own network with crypto, blackjack & hookers on libre
hardware? Say on an OrangePi PC2 with a bunch of high gain USB 5GHz radios
attached, and throw some spinning rust on there so you can run a Nextcloud
instance and/or join your local Ceph cluster/IPFS.

We have CJDNS (which salsa20's all your data & can VPN legacy networks to ya),
fully FLOSS SBCs for under $20ea, and 802.11n and AC outdoor radios can be had
for cheap, this is merely a community involvement problem.

~~~
timonovici
The issue is not widely known, silicon is very costly to manufacture, and most
people frankly don't care, as long that spying is unobtrusive (and hell it is
so).

Also, most people already are living with the thought that their computers are
cracked/hacked/virused the moment they are connected to the internet - all my
friends and relatives ask me to check their computer for viruses - almost none
trust their computers or phones (especially Android phones, it seems). For
such people, where this is the natural state of the world, it's very hard to
imagine that they can change anything about it - and telling them that there
are backdoors from the moment the laptop is assembled, doesn't help much.

~~~
trome
Sure, but the silicon & libre drivers already exist and don't need to be
manufactured, so at this point its a marketing problem of selling a more
secure computing box.

------
cure
Happy to see more attention to this problem. The FSF called it out back in
2014, as well:

[https://www.fsf.org/blogs/community/active-management-
techno...](https://www.fsf.org/blogs/community/active-management-technology)

------
j_s
Should point to:
[http://mail.fsfeurope.org/pipermail/discussion/2016-April/01...](http://mail.fsfeurope.org/pipermail/discussion/2016-April/010912.html)

Canonical presentation: _REcon 2014 - Intel Management Engine Secrets (Igor
Skochinsky)_
[https://www.youtube.com/watch?v=4kCICUPc9_8](https://www.youtube.com/watch?v=4kCICUPc9_8)

Decoding ME firmware in BIOS updates until Skylake (2015):
[http://io.netgarage.org/me/](http://io.netgarage.org/me/)

------
bubblethink
While it would be great to liberate x86, more than 4 billion people in the
world use mobile phones, and phones are beyond saving. x86 is in very healthy
shape compared to the clusterfuck that is the smartphone industry. If you
think that coreboot is a fringe project, you need to head over to replicant or
neo900 to see what the fringe actually is.

~~~
xvilka
Well, then you can go deeper and check out baseband firmware liberation
project - OsmocomBB [1], since baseband firmware in a far worse shape than
applications firmware (and TrustZone firmware) in smartphone industry.

[1]
[https://osmocom.org/projects/baseband](https://osmocom.org/projects/baseband)

~~~
bubblethink
I don't think baseband can ever be truly free because of regulatory issues.
The only realistic way of containing it would be through isolation.

~~~
adrianN
You could also change the regulatory framework.

------
KirinDave
... I confess I'm very frustrated reading about how trusted computing modules
hurt the cause of FOSS but no alternatives to actually try and carry out
cryptography to execute trusted code.

Inevitably the complaint is, "Well if they have physical access you're screwed
anyways." And I just don't understand how _anyone_ can maintain that farce
when the last year has shown that it's a genuine challenge even for the US FBI
to unlock a mobile device without the owners say-so and it's getting harder
all the time.

If you truly believe that physical access is a trump of any security then you
can never trust your hardware anyways, as it is exceptionaly hard to prove it
conforms to a spec.

~~~
Spooky23
The FBI issue wasn't a technical issue. When they gave up on grandstanding,
the phone was cracked in hours.

~~~
KirinDave
They purchased a hack for an old phone, according to the stories I read.

------
bogomipz
I was struck by the following passage:

>including Secure Boot, which even now requires FOSS users to purchase a
license from Microsoft to boot FOSS on affected machines that lack an
appropriate Secure Boot override."

Can someone explain this to me, would this be for instance be Lenovo laptops
making a deal with Microsoft since Windows is the default OS installed on
these laptops? Is Microsoft mandating all OEMs/hardware vendors to configure
secure boot with a MS signing key? Even if I order a laptop with no OS
installed?

~~~
gizmo686
Secure boot has 4 types of keys:

The signature database (db) and forbidden signature database (dbx) contain a
whitelist and blacklist respectivly of keys, signatures, and hashes that are
trusted to run.

Updates to either of the above lists must be signed by a Key Exchange Key
(KEK). Most implementations allow multiple Key Exchanges Keys.

Updates to the list of Key Exchange Keys must be signed by the Platform Key
(PK). Most implementations only allow 1 PK, and that PK is Microsoft's.

This means that any binary run on a secure boot machine with Microsoft's PK
has a chain of trust rooted at Microsoft.

It may be possible to update the PK before transitioning the system to secure
mode; but most consumer devices ship already in secure mode. This is different
from simply disabling secure boot, which would still not allow you to update
PK (for obvious reasons).

EDIT: It appears that it is called "user mode" and "setup mode" instead of
secure mode.

Also it seems that some systems allow you to re-enter setup mode from the
"bios" [0].

On an unrelated note, what do we call the firmware provided settings app now
that it is no longer part of the BIOS.

[0]
[https://wiki.gentoo.org/wiki/Sakaki%27s_EFI_Install_Guide/Co...](https://wiki.gentoo.org/wiki/Sakaki%27s_EFI_Install_Guide/Configuring_Secure_Boot#Entering_Setup_Mode.2C_and_Installing_New_Keys)

~~~
bogomipz
Thanks for the detailed answer. In regards to:

>" Most implementations only allow 1 PK, and that PK is Microsoft's."

Isn't this a bit monopolistic and coercive though? "If you want the Microsoft
Hologram on your product the PK has to be has to be Microsoft and there can
only be one PK." I can't believe this doesn't violate some type of anti-trust
laws.

~~~
RandomOpinion
How so? The OEMs want to make hardware that runs Windows. Microsoft provides a
specification[0] and certification suites[1] that defines what "Windows-
compatible" means, which OEMs then follow. Nothing coercive about that.

There is no open standard that defines what a PC is. Linux and other operating
systems are piggybacking on the Windows PC standard. If they want OEMs to
manufacture hardware to their standards, they'll have to create their own
"Linux-compatible" specification and persuade OEMs to follow it.

[0]
[https://msdn.microsoft.com/windows/hardware/commercialize/de...](https://msdn.microsoft.com/windows/hardware/commercialize/design/compatibility/index)

[1] [https://msdn.microsoft.com/en-
us/library/windows/hardware/dn...](https://msdn.microsoft.com/en-
us/library/windows/hardware/dn930814.aspx)

~~~
bogomipz
>"The OEMs want to make hardware that runs Windows."

I disagree. I think the OEMs want to make hardware that consumer buy. I don't
think they care one bit what OS consumers run on top of their hardware. In
fact I would imagine OEMS would prefer to bring their products to market
without consulting Microsoft at all.

It's coercive in the sense the the secure execution is predicated on there
only being one PK and the OEMs have to knuckle under to MS just to be
considered a "potential" machine that Microsoft allows to run Windows.

>"Linux and other operating systems are piggybacking on the Windows PC
standard."

What exactly is the "Window PC Standard"? I have never heard this term before.
Linux didn't piggy back on Windows anything. Maybe you mean X86? X86 predates
Windows.

~~~
unlmtd
They also want to make hardware that doesn't get them assasinated by the
King's agents.

------
throwaway77384
This needs more attention. Particularly now that AMD may actually look into
cooperating with the community on this matter somewhat. I wouldn't get my
hopes up yet though, as this was a Reddit AMA done during a time when AMD is
keen to please the community. This matter must not go away for something to be
done about it.

~~~
jasonkostempski
Are there any projects out there that throw the baby out with the bathwater
and just restart computing from the ground up with freedom as a foundation?
I'd love to participate something like that and I think it'd be a great way to
respark 80's like hacker movement.

~~~
throwaway77384
Libreboot and coreboot are trying to open source things on the software side
of things (think dd-wrt or openwrt or tomato for routers, custom firmware
basically). With hardware it's a bit of a different story. You hear about
attempts from time to time, but getting away from Intel / AMD is really hard.
The suggestions from the article about alternative architectures seem to be
our best bet currently.

~~~
jasonkostempski
Alternative architectures is definitely the most pragmatic thing to go for. I
was going off on a bit of a tangent from the article and just wondering if
anyone has tried redoing the 70's - 90's without trying to be compatible with
any existing technology but still learning from the mistakes.

~~~
RandomOpinion
The crowdfunded Open-V implementation of RISC V comes to mind.

[https://www.crowdsupply.com/onchip/open-v](https://www.crowdsupply.com/onchip/open-v)

However, it doesn't look like they're going to come remotely close to hitting
their funding goal. Fabricating chips is expensive.

------
graycat
I'm trying to understand all of this and especially the threats to privacy,
control of my computing hardware, and data security.

I read about some new hard/software for _secure boot_ , etc., but don't recall
all the details now.

So, for a shorter approach, suppose I just buy a processor from AMD, a
motherboard from ASUS, hard disk drives from Western Digital, etc., and plug
it all together for myself. So, then I'm the _manufacturer_ or OEM of my
computer.

Q. 1. For what the OP is talking about, where do I have threats to privacy,
control of my machine and its data, and security?

Q. 2. To use the machine I plugged together, do I have to get some keys from
Microsoft?

Q. 3. Suppose I install operating systems from Microsoft, e.g., Windows 7 64
bit Professional, Windows 10, Windows Server or the database SQL Server. Then
do I have to get keys from Microsoft?

Q. 4. Will the _support processor_ and its software, whatever they are called,
on their own without my knowledge or approval use the Internet to send/receive
data from/to my computer, modify the data on my hard disks, etc.?

Thanks.

~~~
timonovici
1\. The motherboad has a ARC chip, that loads a firmware included in the flash
chip. That ARC chip is supposedly inside the PCH (Platform Controller Hub, a
north bridge on steroids) - it's efectively in the silicon, you can't remove
it.

2\. Depends on the motherboard and the BIOS written in the flash chip

3\. No. They are already signed.

4\. If somebody controls them and ask them to do so. All that's necesary is a
LAN connection (or wifi, but only with Intel chips) and power. The HDD is
completely irrelevant, as is the OS.

~~~
graycat
The motherboard I have in mind is the ASUS m5a97 r2.0. Back in October, 2015 I
got a PDF on that motherboard at

[http://data.manualslib.com/pdf2/42/4150/414970-asus/m5a97_r2...](http://data.manualslib.com/pdf2/42/4150/414970-asus/m5a97_r20_user_manual.pdf?21746bed4ca8a7cf8dc1026baaa917b8&take=binary)

Just checking, the PDF does mention the Unified Extensible Firmware Interface
(UEFI) but not ARC or PCH.

That ASUS manual does mention that the UEFI BIOS does offer automatic updating
of the BIOS version; that feature, if enabled, does seem to raise security
concerns.

Looking at the UEFI page of Wikipedia at

[https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_In...](https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface)

there is

> UEFI can support remote diagnostics and repair of computers, even with no
> operating system installed.[3]

which seems to raise some security concerns. Also it does appear that some
people trying to install an operating system might encounter some mud
wrestling. Maybe what I'm intending to do with Microsoft's Windows 7, 10, and
Server will be easy enough.

Thanks.

------
narrator
Want complete software freedom? How about the MIPS chips the Russian military
uses[1]? Those don't have an NSA back door. Sucks you can't really buy them as
they are only made for use in Russian military and government applications.

"Last year, the Russian government announced that it doesn't want to rely on
Intel and AMD chips from the U.S. anymore and will focus more on using
homegrown chips from Russia."

[1] [http://www.tomshardware.com/news/baikal-t1-mips-cpu-
omnishie...](http://www.tomshardware.com/news/baikal-t1-mips-cpu-omnishield-
support,29178.html)

~~~
memmcgee
Those probably have Russian backdoors though.

~~~
sattoshi
In most cases, a foreign gov spying on you is harmless.

~~~
c22
In most cases a foreign government spying on you is trading their insights
with your government in order to sidestep domestic spying restrictions.

------
AdmiralAsshat
>Both serve effectively the same purpose; to ensure that the physical owner of
the machine never has full control of said machine.

That is the end-result, yes, but that wasn't the purpose: the purpose was to
allow companies to keep track of their laptops--to remotely push out firmware
updates, to inventory the hardware/asset list, etc. It was a convenience
feature, essentially.

Of course, the end-result, as stated, is that you've got a complete black-box
second processor that can do whatever it wants, even when your device is off.

~~~
nickpsecurity
Nah, that wasn't the purpose unless Im misremembering. It came later as a
selling point. It started in initiatives such as Trusted Computing Group where
these companies agreed on technologies to control what runs on the PC for
security and DRM purposes. Featured regular, secret meetings on top of the
public ones.They took lots of flak when DRM goals got press attention. That
they're just helping companies manage stuff or users fix computers sounds much
more pleasant. They also made sure it was true by adding those features. ;)

------
upofadown
>As Intel owns all rights to the x86 architecture, there will never be any new
manufacturers licensed to make x86 chips ...

This strikes me as the root problem here. How can one company be granted a
monopoly on what is basically an instruction set? Particularly in the case of
the instruction set our civilization runs on?

Since I can't understand how something like this could happen I don't
understand why any replacement architecture wouldn't end up being controlled
by a single entity.

~~~
TazeTSchnitzel
I believe it's not the instruction set they have patents on per se, but rather
on how to implement it efficiently.

~~~
wolfgke
Which provides strong evidence that patents are the root of all evil.

------
amluto
> These technologies, in turn, are used to implement various forms of remote
> control and Digital Rights Management (DRM) technologies, including Secure
> Boot, which even now requires FOSS users to purchase a license from
> Microsoft to boot FOSS on affected machines that lack an appropriate Secure
> Boot override.

I dislike the mandatory use of these features as much as the next nerd, but
this is inaccurate FUD. Secure Boot is a code in flash that checks the
signature of whatever you try to boot against some rather complicated policy.
It's regular code and would work more or less the same on any platform that
runs machine code off of ROM or flash.

There's something that Intel calls, IIRC, "Verified Boot" that tries to
prevent someone with an in-system programmer or desoldering skills from
changing the flash, but that has nothing to do with the Management Engine
either.

And FOSS users don't need to purchase any license from anyone. They can use a
tool like Linux Foundation's PreLoader or Red Hat's shim (open source but
awkward to modify because you need the signed binary to boot on a stock
system) to boot anything they like. No negotiations, no license, no
communication with MS at all.

~~~
cyphar
> > These technologies, in turn, are used to implement various forms of remote
> control and Digital Rights Management (DRM) technologies, including Secure
> Boot, which even now requires FOSS users to purchase a license from
> Microsoft to boot FOSS on affected machines that lack an appropriate Secure
> Boot override.

> I dislike the mandatory use of these features as much as the next nerd, but
> this is inaccurate FUD. Secure Boot is a code in flash that checks the
> signature of whatever you try to boot against some rather complicated
> policy. It's regular code and would work more or less the same on any
> platform that runs machine code off of ROM or flash.

"Regular code" doesn't mean it's not proprietary, and doesn't mean that it's
not concerning for free software users.

> And FOSS users don't need to purchase any license from anyone. They can use
> a tool like Linux Foundation's PreLoader or Red Hat's shim (open source but
> awkward to modify because you need the signed binary to boot on a stock
> system) to boot anything they like. No negotiations, no license, no
> communication with MS at all.

Those preloaders are signed by Microsoft. While it is a good hack for
distributions at the moment, it doesn't mean that Microsoft is no longer in
the loop. They still have an incredibly worrying amount of control over what
can run on modern hardware.

~~~
amluto
> "Regular code" doesn't mean it's not proprietary, and doesn't mean that it's
> not concerning for free software users.

Which has essentially nothing to do with the article and isn't even Intel's
fault in any meaningful sense.

------
__jal
Would love to see and ARM or MIPS setup get within shouting range of Intel.

I have yet to hear any explanation of the IME that makes sense without the
presence user-hostile intent.

~~~
rocqua
> I have yet to hear any explanation of the IME that makes sense without the
> presence user-hostile intent.

The entirety of enterprise laptop management. Not because you don't want users
to change their laptop. The point is to be able to run updates for the users.

Or consider the remote KVM option. Disregarding security, that is a sysadmin's
wet dream. Being able to recover a system that can't boot saves a lot of boots
on the ground.

~~~
__jal
I get all that - I've worked in enterprise IT my entire career.

It does not explain the 30 minute timer.

~~~
discreditable
> It does not explain the 30 minute timer.

An innocent use would be: "If the ME is hung, turn it off and on again."

~~~
__jal
Sigh. If I need to spell this out:

Why is the ME watchdog mandatory?

What innocent explanation details why Intel has chosen to deny me the option
to consider the ME a security risk in my environment and disable it?

------
etiam
Is "uncorrectable" still a valid description? There seems to have been some
progress lately in eliminating ME that are not necessary?

[https://news.ycombinator.com/item?id=13056997](https://news.ycombinator.com/item?id=13056997)

[https://news.ycombinator.com/item?id=13416378](https://news.ycombinator.com/item?id=13416378)

------
saurik
> Major distributions have worked around this issue by purchasing a signing
> key from Microsoft for their binary packages, but the end user is unable to
> modify the signed software without a license from Microsoft, even though
> they have the source code available to them under the GPL.

Is this an accurate description of what is happening? (I don't pay much
attention to desktop systems: I spend most of my time concentrating on the
ever-worsening mobile arena.) Do these "major distributions" come with a
recent version of bash? As someone who develops software under the GPLv3
license, I would not want my software being distributed to these machines via
this hack :/.

~~~
cyphar
> > Major distributions have worked around this issue by purchasing a signing
> key from Microsoft for their binary packages, but the end user is unable to
> modify the signed software without a license from Microsoft, even though
> they have the source code available to them under the GPL.

> Is this an accurate description of what is happening? (I don't pay much
> attention to desktop systems: I spend most of my time concentrating on the
> ever-worsening mobile arena.) Do these "major distributions" come with a
> recent version of bash? As someone who develops software under the GPLv3
> license, I would not want my software being distributed to these machines
> via this hack :/.

It's not entirely accurate. Effectively what most modern distributions do is
that they have a "shim" which is signed by Microsoft. That shim then enrols
the distribution's own UEFI keys on the laptop. So their kernel is signed with
both their own key and Microsoft's key. This means that you can modify your
code without "permission" from Microsoft. openSUSE, Fedora and Debian all
employ this tactic so that our distributions can boot on newer laptops.

Do I wish this wasn't necessary and that everything ran core boot? Yes. Is
there a better way of handling this problem? Not as far as I know.

------
getpost
How is this not an anti-trust issue?

Of course the government wants this capability to access anyone's system, so I
assume nothing will be done. This has to be one of the worst things that has
happened in the history of computing.

EDIT: Handy for CBP use, I imagine.

~~~
bubblethink
This has nothing to do with anti trust. Selling hardware doesn't require you
provide software or the ability to run your desired software.

------
bogomipz
The article states the following for RISCV:

>"While this architecture is extremely limited in performance, price"

Can anyone say thy the performance of RISCV is so lacking?

~~~
kbenson
Likely because there's no major consumer devices shipping them (or at least
high-end versions of them) that could help them hit a scale that brings the
cost down, which makes them less viable for a general public consumer
standpoint, which means there's less time spent optimizing it.

I remember a wihle back when Google was shopping around for Intel replacements
(likely a negotiation tactic), people were saying they should buy the POWER
division from IBM (IIRC). That would have been really interesting...

~~~
bogomipz
>"I remember a wihle back when Google was shopping around for Intel
replacements (likely a negotiation tactic), people were saying they should buy
the POWER division from IBM (IIRC). "

Funny, I was speaking to some IBM engineers a few months ago and brought up
the POWER chips and they kind of laughed and said something to effect that
biggest use case for POWER was Google as a means of keeping Intel pricing in
check.

------
hashhar
Am I missing something here?

> Secure Boot, which even now requires FOSS users to purchase a license from
> Microsoft to boot FOSS on affected machines that lack an appropriate Secure
> Boot override.

I recently installed rEFInd from source by using a self-singed certificate
(signed the binary using it and enrolled the key into the EFI using mokutil)
and it worked. I certainly didn't have to pay MS. I do know that rEFInd
provides a key of their own (using the distro's shim) that obviously has trust
rooted at MS.

------
cathartes
Good to see mention of Talos, even if it never came to fruition.

------
benmward
Mentioned back in 2014 iirc?

------
parenthephobia
(Article is from 2016.)

~~~
AdmiralAsshat
Even then, he's a little late to the party.

------
awinter-py
Is there evidence these have been used to harm anyone?

Not that I wouldn't like a world with no more blobs (or at least reproducible-
build signed blobs). But I use a ton of software I don't have time to review.
Why is solving this more important than, say, looking for RPC holes in docker?

