Let's say another bug  is found that lets anyone remotely control your computer, but Intel becomes bankrupt, or just doesn't see it as a big enough threat to roll out a firmware update. You then essentially have a computer that you can't use, due to the fact it's not secure and anything done on it could be compromised.
Maybe not a massive deal for the average home user who would just buy another laptop. But let's say a large company buys 10k laptops all with an Intel chip inside it. Then Intel goes bankrupt, becomes incompetent (i.e. can not resolve bugs), refuses to upgrade firmware, or something else. When the next massive security bug is found (which is inevitable with all code, open source or closed) you are left essentially with 10k unusable laptops.
If the code was open sourced, the large company could pay someone else to fix the problem, or what's more likely is someone in the open source community would fix it for us.
The fact you have another processor running beside your main one, that has full access to everything you do without your permission, knowledge or ability to stop it should worry everyone. Even if there are no backdoors or bugs in the code right now, it's a very dangerous precedent to set that we buy hardware we can not control. Maybe one day Intel decides to put an expiry date in their chips, or some DRM to prevent you watching certain content without a license. These restrictions can't be good for society in the long term, can they?
But the biggest problem should be for large companies and corporations. They are putting the faith of their own business into Intel, which like all businesses could one day fail, big time.
Intel could open-source the firmware, but without any way to use it on the hardware, it'd be useless for anything but finding exploits --- arguably an even worse position. See also https://en.wikipedia.org/wiki/Tivoization
All you need is the ability to run your own code on the hardware, legally or otherwise (regardless of what laws exist, no one can stop you from flipping the bits on storage media you possess...), and the community will do the rest. Having the ability to extract the existing code is also immensely helpful, but I'd consider source to be more of a bonus than an absolute requirement. BIOS modding, custom Android ROMs, iOS jailbreaks, console homebrew, whatever else --- you don't need source code, just the ability to run your own.
Crackers, reversers, and security researchers have long been fine operating under the saying: "Source code? We don't need no stinkin' source code!"
...and IMHO the software community could do well to promote this sort of introspection more, to encourage tinkering and exploration and analysis, in contrast to the "can't do anything without source code", "can't do anything without someone else telling you that you can" attitude prevalent today; but, and this may be a bit of a conspiracy theory, I suspect the establishment generally does not approve of such a "hacker" attitude precisely because it means they can't hide anything by "closing the source".
For all unmodified parts of MINIX that ended up in ME 11, this is precisely the case.
I'm constantly amazed at the pushback here and other forums against copyleft-foss.
Intel deliberately creating such holes and then only fixing them on more expensive models would be possible as well, but the PR from that one might be distasteful enough to hurt Intel.
These kind of business practises are Apple's biggest contribution to the computing industry. Didn't invent them but made them absolutely "the norm" and everyone, even hardware manufacturers want to emulate Apple's stunning success. I used to hate Microsoft business practises, Apple are far, far worse the only reason they didn't seem it was because they had such a pathetic market share. Only one thing has changed. Think different. Think critically about what Apple are.
If Intel copy apple here, can you object to intel doing it but not Apple with a straight face?
"If Intel copy apple here, can one object to intel doing it but not Apple with a straight face?"
While this is less useful for devices going outside the network (e.g. the laptops you mention), I suspect that the big enterprise response is going to have to be smarter networks. I can easily picture high end fully managed switches becoming more like firewalls, possibly even to the stage of deep packet inspection for recognized patterns.
Not having worked with this, does the ME get its own IP or piggyback looking for particular patterns in packets? And how feasible is it to detect by testing for missing packets (or spurious ones if they're received and passed through?)
But I wouldn't hold my breath that they'll release the keys -- why would they? Releasing keys is the last thing you'll think of if a decades-old business is going up in flames.
Sorry to answer your question, yes it's actually quite easy to flash the firmware. You don't actually need any hardware for it (unless you brick your device somehow). The only issue (as you stated) is it must be signed by Intel to work.
But perhaps I am wet behind the ears, have there been any similar cases on a similar scale in the past?
How would that work ?
Changing to Linux would also enable servers to boot much faster. According to Minnich, booting an Open Compute Project (OCP) Server takes eight minutes thanks to MINIX's primitive drivers. With Linux it would take less than 17 seconds to get to a shell prompt. That's a speedup of 32 times."
Anyone else think this is article is pretty FUD and crap? Not saying Minix has been security audited or is more/less secure than a Linux alternative, but there's something to be said for microkernels at the ME layer.
The OpenCompute annecdote (uncited?) doesn't designate whether Minix in ME is the bottleneck, or whether it's just slow to boot (it probably is when you're booting it with a platform worth of devices).
Good to know my involuntary shudder when opening a ZDNet article isn't entirely unfounded.
I don't find it hard to believe that Minix drivers are slow and primitive... Minix is not widely used like Linux, that doesn't really mean anything more than that, it's an amazing kernel and there is no better choice for an embedded system that you can't afford to fail and require user intervention.
I guess the TL;DR is that Minix was the right system for the job, it's just that the job was unfortunately pure evil, so arguing about Minix is stupid.
I don't know whether Intel ME contains the usual userland tools that are typical for UNIX-like operating systems. But it is well-known that a lot of MINIX 3's userland was taken/ported from NetBSD, as the MINIX 3 developers openly admit: http://wiki.minix3.org/doku.php?id=developersguide:portingne...
e.g. running 1 million Linux kernel at once
He's also one of the people behind CoreBoot or whatever its called now
I know Ron Minnich. He is one of the founders of the coreboot project. He's been at this (replacing proprietary firmware with a free software alternative) for a very long time and he knows what he is talking about.
When the final distro kernel is booted by the firmware one, it replaces it. The firmware Linux kernel is thus NOT left running anywhere in the background doing insidious things.
The reason I doubt that Linux is a good solution is that linux wasn't built to run somewhere deep inside a cpu with very little overhead. Surely, it can run nearly everywhere, I just doubt that it is the best choice for that job.
Just to be clear: I love Linux, not just for what it is, but also for what it does and use it every day since more than a decade.
FWIW, this is NOT at all the goal of the NERF project that this zdnet article talks about. So what the idea is roughly:
- Remove or disable the ME as much as possible (impossible to do 100% since e.g. the ME is responsible for booting up the main CPU, but it appears you can remove a large part of it)
- Replace the upper levels of the UEFI firmware stack and the bootloader with Linux + a minimal userspace written in Go (u-root).
See https://schd.ws/hosted_files/osseu17/84/Replace%20UEFI%20wit... for more details.
For your portable needs there is: https://puri.sm/posts/purism-librem-laptops-completely-disab...
— FX 8350 (Piledriver) from AMD with no PSP: very cheap, no flashing necessary, but not the best performance. Single core performance much worse than even Pentium G4620.
— Some Intel processors and a Raspberry Pi: much better performance but you have to ME_Clean the firmware, hence the Pi.
— POWER9 processor for amazing performance and completely open & free firmware all around: the CPU is $400 but you get $400 worth of performance, PCIe 4.0 etc., however the only mainboard you can get right now costs $2000, and it’s not x86, so you’d need to run your Windows VMs (if you need) on a seperate box.
Personally I recommend used IvyBridge-EP or Haswell Xeon E5 system, make sure it takes ECC DDR3 Reg ram and you can pick up lots of very cheap DDR3 ECC memory to go along with it.
Performance is pretty good, on par with mid level Ryzen, and it’s recent enough to have all the hardware extensions anyone cares about.
EDIT: Post before wrongly stated that you need pre-Skylake chip. Skylake/Kabylake µarch is also an option now, however some restrictions apply. I don’t think it’s very good value though, at least until Coffeelake is compatible.
Err, the ME has been present on every Intel system since 2006 or so.
The only thing that changed with Skylake is that the ME runs on an x86 core, on previous processors the ME ran on some RISC microcontroller.
The Pi also has a binary blob requirement and a Trustzone implementation (which is however open to tinkering).
Are there tutorials do do this?:
Some Intel processors and a Raspberry Pi: much better performance but you have to ME_Clean the firmware, hence the Pi.
Second, all system since about....2007 (?) have a Intel ME ROM burned inside the chipset, so there's no telling what is still running there, and what exactly is capable of.
Problem is it's dead.
Going out on a limb here, but we can solve this with another layer of abstraction in the long term. We need to develop a fully portable open source virtual machine model (think p-code machine) that is portable and make that the canonical hardware abstraction. That makes all vendors irrelevant if they can't comply with it and opens the market to new hardware vendors with different sales models to provide an optimised hardware implementation of that abstraction. The incumbents (ARM, Intel, AMD) can't sell a security model if the abstraction denies them that ability. Sure they can sell you out, but new competition which is privacy focused should end that.
and if it's so good, why is sparc dead?
As far as I know, Fujitsu still sells it with high-end servers (attempting to take on IBM POWER), and it's still floating around in embedded designs, but it's a niche choice, with the associated downsides.
However, I assume any chip released after they added the backdoors also has the backdoors. So, you'd be looking for pre-2007, Pentium-class chips in SMP configuration. Maybe Pentium 4 Prescot-2M or Cedar Mill. Wikipedia shows the latter was on same node as Core Duo with 3-3.6GHz plus 2MB cache.
Far as non-Intel, both PPC and SPARC used Open Firmware. Plenty of them on eBay. Gaisler also made GPL versions of Leon3 you could build yourself or buy as a development board for who knows what price.
In high-assurance security, I remember BootSafe tech letting someone write firmware in Java to benefit from all its testing and verification tech that was then translated into Open Firmware's Forth in a way that preserved the properties. That tech went proprietary but still exists. Something similar could be done in FOSS with a Rust or SPARK to Forth converter leveraging hard work already done by compiler/verification teams of source languages.
So far only option is POWER-based systems and they're costly.
Conclusion: We need 100% open-source hardware ASAP if we're to become a sane society.
Edit: Anyone remember the "Intel inside" trademark  which was supposed to add (marketing) value to any PC which was allowed to carry that label? Well, today it's clear that this label actually stands for "Intelligence community inside".
There are several possible answers to that question:
1) "Just because you're paranoid doesn't mean they're not after you."
2) Because the risk of getting this backdoor known would not be worth the cost.
3) Because Snowden's laptop was used with airgap.
4) Because at that point, the cat was already out of the bag (the journalists had the data on SDs).
My personal belief is that this is a little optimistic. There's a lot wrong with our society, and intel embedding Minix in the ME doesn't really rise to the top of current issues.
I would really like an option that did not have binary blobs in the bios or CPU. That's tough, though...CPU's always have microcode fixes, don't they?
So far, I think the best option for this kind of thing is the Raptor workstation with the Power7 CPU.
> My personal belief is that this is a little optimistic. There's a lot wrong with our society, and intel embedding Minix in the ME doesn't really rise to the top of current issues.
It's not optimistic. Society will change massively - in the good direction. We have still a lot of work ahead of us, and there will of course be pain along the way, but the Planet will become peaceful and clean again. And we are assisted in this process. How do I know? I've seen it.
I'm also not an SJW or whatever. I'm just saying that things that can be very important to us...that we think will have a tremendous impact on the future...those things aren't universal issues. Maybe it's just my lack of understanding of where you are coming from to see how this would be a major component of getting to a peaceful and clean world. If so, I would like to hear more. Thanks.
With every new player (government, company, user) joining the open-source approach, we get additional eyes on the code/hardware.
Imagine all world governments using only open-source code/hardware: Given the current budgets at play, we would have 100% secure code/hardware in a matter of seconds - for everybody on the Planet.
Why is this not happening? Because governments (currently) still do not fully represent the citizens' interests. They mainly represent their interests first (which is the protection and expansion of their power monopoly). This is called the principal-agent problem.
Let's suppose that I have a 3D printer sophisticated enough to print open-source circuitboards. How do I trust my 3d printer?
I think there's a hardware "trusting trust" problem; I can't imagine how your optimism could ever be realized. I hope I'm missing something!
Your futuristic 3D printer could be backdoored to recognize certain patterns and modify them sneakily but that would be pretty sophisticated and somebody validating thoroughly the output could detect the unexpected divergence. Designing a generic backdoor that would work on any CPU design without being obvious sounds very tricky indeed.
It would also be very difficult to hide the code generating the backdoor if the software of the printer is open source itself. Then you'd have to insert inconspicuous code in the printer's driver which would have the very complex task of messing with the model to insert a backdoor in an arbitrary user-controlled design.
100% secure? You must be joking. Since there is no code without bugs and certain percentage of bugs have security implications there is no 100% secure.
Automated fuzzing is a solution amongst others.
I'm thinking about buying an Intel chip, trying to disable ME, and send the motherboard and chip back as faulty if it gets bricked during that process.
It seems like throws a spanner in the face of the unikernel / kernel bypass approach of getting closer to the metal, when your CPU can be directly running a web server(!) without your control.
It's possible that ME initiates memory access that clogs the bus, though.
What might be of concern to real-time workloads are SMM interrupts, which AFAIU run on the main CPU and trap into the firmware. The NERF project might help here too, in that they are looking to either disable SMM or direct them to the Linux kernel.
 - http://www.minix3.org/
"The only thing that would have been nice is that after the project had been finished and the chip deployed, that someone from Intel would have told me, just as a courtesy, that MINIX 3 was now probably the most widely used operating system in the world on x86 computers."
 - https://news.ycombinator.com/item?id=15642116
>"There's no reason not to make this improvement. Minnich noted, "There are probably 30 million-plus Chromebooks out there and when your Chromebook gets a new BIOS, a new Linux image is flashed to firmware and I haven't heard of any problems."
Didn't or don't some generations of Chromebooks use Intel chips? Or is he not referring to the ring -2 and ring -3 Intel ME/UEFI stuff here?