William Binney said the companies are paid money for providing data and access. How is that not subsidizing that industry? Financial helps are a first-class reason for other governments to impose duties, restrict international trade and subsidize local competitors. Yet, there is no reaction in Europe. Microsoft can freely sell their OS and Intel is free to have their monopoly, and uses that to backdoor everybody.
It is creepy that european countries don't take action.
LiMux was a good example of moving in the right direction. Recently it was abandoned. I didn't see big unseen powers at play there, just the harsh reality that most people don't understand computers and don't care.
And... this is where the deluded conspiracy theorist accusations the upthread poster was complaining about come from.
There's no evidence for any of that. The ME's capabilities (low level system controller with access to all memory and hardware, with special access to network hardware that can operate cleanly along with a running OS) have been known and even advertised by Intel for years. The news of the moment is that it's subject to a few rather embarrassing exploits.
But that's rather better explained by incompetance instead of evil. Yet everyone jumps to "back door" because that sounds more fun I guess. (In fact, to the extent there is evidence of government involvement here, it's in the opposite direction: the NSA appears to have demanded an "off switch" for the ME).
 Edit to clarify: I'm talking about the ME folks. Yes, the government does bad things. The EC flaws under discussion in this subthread are not among them, so citing them as evidence paints you as a conspiracy nut and not someone serious about security.
IME is (by construction) a backdoor. It's primary purpose is as a management tool, but all management tools are by necessity backdoors. The only distinction between the two is whether the person using the backdoor has ownership over the machine.
> In fact, to the extent there is evidence of government involvement here, it's in the opposite direction: the NSA appears to have demanded an "off switch" for the ME.
It also shows that the NSA is in communication with Intel and is capable of getting them to implement something that large corporations like Google were unable to convince them to do. Which should be concerning, because it makes you wonder what else the NSA might've asked as well.
Also these really aren't conspiracy theories anymore. We know that the NSA and CIA do these sorts of things thanks to the information we learned from Snowden and other whistleblowers.
Historically, Australia has heavily interfered in PNG affairs. Should you be accused of espionage or subversion if you decide to hike a portion of the Kokoda Trail?
Would it be appropriate for Indigenous People to accuse you of attempting to steal their children, a practice that occurred until the 1970s?
It shows they'll do anything within their power, legal or illegal, in order to get at more people's data. Of course they have involvement with this, why wouldn't they?
> Historically, Australia has heavily interfered in PNG affairs. Should you be accused of espionage or subversion if you decide to hike a portion of the Kokoda Trail?
> Would it be appropriate for Indigenous People to accuse you of attempting to steal their children, a practice that occurred until the 1970s?
Bizarre points in support of your initial comment I think.
You're right that anyone else should be mystified.
I think you give them too much credit and unnecessarily slander Intel, which has little reason to go along with NSA (no large DoD contracts, almost all consumer and B2B market).
Also, you overestimate the amount of resources NSA has. If they have enough money to overcome Intel's appetite for risk, then why doesn't the NSA just run every single internet and hardware service out there? Your threat model needs to have bounds. It's worthless if you expect the adversary to have unlimited resources.
> In 2012, the NSA said more than 30,000 employees worked at Fort Meade and other facilities. In 2012, John C. Inglis, the deputy director, said that the total number of NSA employees is "somewhere between 37,000 and one billion" as a joke, and stated that the agency is "probably the biggest employer of introverts." In 2013 Der Spiegel stated that the NSA had 40,000 employees. More widely, it has been described as the world's largest single employer of mathematicians.
Let's assume they have 30 000 employees and the large majority of them are highly educated, that would make it into one of the largest organization on Earth in terms of intellect capital.
In terms of actual budget it's obviously classified but estimations are probably around 10 billions USD per year.
That's not a small budget by any feat, and we know they operate huge data centers for surveillance, so they are certainly not a "passive" intelligence agency.
Throwing up a big number is dazzling, but when you look at what the NSA does with that $10B, there is a limit. For example, the supposed 40k employees already eat up $3.2B, assuming an extremely charitable average fully-loaded cost of $80k per employee.
Including facilities and supercomputer costs, this rapidly dwindles.
That leaves maybe $5B for bribes, according to your accounting. Is that enough to subvert everybody?
> they are certainly not a "passive" intelligence agency
What is this addressing? Are you attempting to change the goal posts? The topic is ostensible unlimited NSA resources to corrupt every proprietary technology.
I doubt wal-mart has as many highly educated employees as the NSA. Numbers don't mean anything by themselves, but if you hire thousands of mathematicians they are bound to deliver more than Wal-Mart in the datascience and cryptography department.
> Including facilities and supercomputer costs, this rapidly dwindles.
Well, considering the overall surveillance budget of all secret agencies constantly increases, it does not seem that they will ever lack funding.
> That leaves maybe $5B for bribes, according to your accounting. Is that enough to subvert everybody?
Why would you need bribes when you have the Law and the full might of government power behind you? If you can convict of high treason anybody who speaks publicly about what the NSA does, why would anyone at Google, Microsoft or other companies working with the NSA have any incentive to say anything?
> The topic is ostensible unlimited NSA resources to corrupt every proprietary technology.
Resources is not only money. When you work for the government (and furthermore of the military establishment), as I said earlier, you can bring down a whole new level of pressure that money itself cannot buy. If that were not the case, then a bunch of secrets (take for example everything related to nuclear testing in the US) that were only revealed way, way after the facts, would have emerged much earlier in all likelihood.
This is where your rhetoric is getting ahead of the facts. The Snowden leaks were published in American newspapers. Company officers from each of those businesses publicly berated the NSA. FBI national security letters did force companies to disclose information about foreign intelligence targets, but this is not because of secret NSA powers, it's from a law passed by Congress.
> When you work for the government (and furthermore of the military establishment), as I said earlier, you can bring down a whole new level of pressure that money itself cannot buy.
What does the military have to do with Software-as-a-Service providers? Can you name an instance when the modern military provided a chilling effect or seriously impacted these services?
Snowden is being prosecuted under the Espionage Act, the reporters were threatened repeatedly by the authorities, The Guardian was forced to destroy their copies of the Snowden Archives, etc etc.
Also, just because the "secret NSA power" of National Security Letters are a tool made legal by Congress doesn't change the ethics concerns relating to their use.
You can only conservatively assume the worst since they operate in complete secrecy with pretty much a blank check from the Federal Government, and prevent anyone from disclosing what they actually do. And take in account that even the Snowden revelations were not the full picture, there are documents that were still not released from what he passed on to journalists.
And it's in their agency's interest to go above and beyond what the Law, and to lie about it like they did before the Congress hearing. They will do every malicious thing given the opportunity because that's their core mission. Unless you assume they are grossly incompetent at it.
Assuming a supposedly* adversarial agency has unlimited resources and ability will only cause you to focus on that threat instead of more immediate ones. Or worse, make you needlessly complacent when there is so much that can be done to harden against APTs and other, more immediate threats.
* supposedly because if you're a U.S. citizen, the government works for you. If you're outside of FVEY (AU,CA,UK,US,NZ) and are a government official, military member, have interesting technical infrastructure, or operate an interesting company, then yes you should include NSA in your threat model.
Oh there is: Dual_EC_DRBG, and that took years to get proof. Also, NSA and AT&T room 641A, plus the packet interdiction programs of the NSA - and I mean physical packets containing DC hardware, that then was modified by NSA.
And we don't have any overview what the US government forces companies and people with NSLs to do... only the sliver of info we got with the Lavabit case.
Have you heard about PRISM? Have you heard about Lavabit? Have you heard about the FISA court and its practice?
> But that's rather better explained by incompetance instead of evil.
Have the ME in all products, not deactivatable, and not replaceable is not a trivial thing to do, so it surely isn't incompetence. What is it then?
Because they don't want people bricking their computers.
I have yet to hear a good reason for the ME that makes it possible to argue that it is not for backdooring of and having power over all x86 machines.
This is not incompatible with them encouraging or exploiting a back door, and it is strong evidence that ME is a security risk.
What's the point of asking for more 'evidence'? Do you expect Snowden levels of sacrifice and disclosures every month?
Apologists will continue to do this untill it's too late to do anything about surveillance, at which point they will shrink into the thicket and leave everyone else hanging onto a surveillance state.
Those who care about surveillance, privacy and democracy have every responsibility to be alert and act now.
William Binney said something. Does it mean that it applies to all companies? Did he mention which companies? Is he a credible source for things that occurred after he left NSA? Is he even a credible source outside his expertise?
Do you think that European countries don't take action? What would you call the anti-trust suit against Google, GDPR, anti-tax haven lawsuit against Apple, and other actions?
Having a narrow set of news sources can lead a reasonable person (you) to your conclusion. I urge you to look at a variety of sources. Some good ones: Der Spiegel, Al Jazeera, NPR, The Economist, The Wall Street Journal, The South China Morning Post.
> Do you think that the U.S. government has enough money to influence Intel and Microsoft?
I think the government uses (legal) force and threats to get what they want. The laws are in place to leave no options for the company. The money is more a compensation than a bribery. It could make the companies comply without needing to go nuclear. Also, it supports local companies.
> It is the other way around: both companies spend tens of millions on lobbyists.
Do these lobbysist have any influence on the FBI, CIA, NSA, etc., either directly or remotely through the government? I don't think so.
> William Binney said something. Does it mean that it applies to all companies? Did he mention which companies? Is he a credible source for things that occurred after he left NSA? Is he even a credible source outside his expertise?
All companies? I don't know, and it doesn't even matter. He talked about his time at the NSA. I consider him a credible source, since I have no reason not to.
> Do you think that European countries don't take action? What would you call the anti-trust suit against Google, GDPR, anti-tax haven lawsuit against Apple, and other actions?
Yes, I think they don't take sufficient and adequate action. The GDPR is a good step, but the race is not won by a step. It reminds me of an anti-corruption office in a one-party communist regime. A good thing, but not enough.
Please don't meddle this with taxes. That is a totally different outrageous clusterfuck.
These agencies have their budgets set by the U.S. Congress. I think you're unfamiliar with the composition of the United States government.
> I consider him a credible source, since I have no reason not to.
What makes him a credible source? His claim to fame is THINTHREAD, not cash deals with companies. Are you saying that if a man says something that aligns with your world view, but is outside of his expertise, you'll still believe the statement? That doesn't sound honest.
> Yes, I think they don't take sufficient and adequate action
Then why claim that the EU won't take any action when you admit they do in the next reply?
This is the problem with discourse on most of the internet. People make extreme claims to make a point. But that's not a reasoned argument. You're venting, not arguing. That belongs on Reddit and 4chan, not here.
Nobody suggested there was a parallel multi-process operating system running, with full bus arbitration, and mmio capability.
Edit. Not sure why I am being downvoted reddit style. Every-time these threads come up - it's necessary to trot out an explanation of the basic differences between ARC core, psp, arm cortex and trustzone etc, and who uses what technology, what is known about the software/OSes that are running - jvm versus minix-os, amt versus ME etc, what is new knowledge, what is official, and what has been uncovered from private research. I base my statements about lack of general awareness on these topics from actually following HN submissions.
Just a few days ago, someone in a thread was speculating on using low-level op-codes in bootstrap code to subvert the BIOS, apparently in complete ignorance of the depth of the embedded stack.
Need to maintain crypto keys for SGX enclave memory? Do it in the ME.
Need to do some extra stuff on suspend/resume? Do it in the ME.
Not sure if any other special handling might require updates at a later date? Do it in the ME.
There's no need for nefarious purposes to explain why the ME isn't optional anymore - it's just more convenient.
Need to monitor/hack the computer when the users think it is "power off", Do it in ME.
Need to add other "features" to the system in the future, Do it in ME.
Ignoring the security concerns, the remote access, imaging, etc, are actually pretty nice. Better done than most 3rd party IPMI implementations.
If it were open and documented , and able to be turned off, it has value.
>Based on the items identified through the comprehensive security review, an attacker could gain unauthorized access to platform, Intel® ME feature, and 3rd party secrets protected by the Intel® Management Engine (ME), Intel® Server Platform Service (SPS), or Intel® Trusted Execution Engine (TXE).
It seems like there's a reasonable chance of that being the case.
The things for which you actually want a backdoor in your server to control it from. Maybe even in the face of an attacker who has gained full control of both software and hardware.
A) Trust their employees
B) Respect my privacy
C) Aren't paternalistic
Why are people buying their products?
Anyway, I see some value in the features that ME provides, and so I'm not as anti-ME as a lot of the commenters on here. But obviously, I want the security bugs to be fixed too.
I just want a minimum bootloader (open source) that boots into Linux - that's it. No "Enteprise management" crap, no NSA crap.
I don't think I have any options. I certainly wouldn't buy Chinese or Russian, and I'm not aware of any EU member state having anything in the works either - but I think it's time we started seriously considering this.
Google/Amazon/Microsoft have the muscle to actually do something about this, but no motivation. I'm surprised that they even trust Intel - it would take one high-profile security breach to turn their respective Cloud Computing businesses upside down - people are already jittery.
I don't know if IBM Power is the solution, or ARM, but it's become abundantly clear that you can't trust Intel or AMD, or the x86 platform, anymore.
We know that Google don't have unlimited trust in Intel: they replace the firmware, are talking about how they are trying to defang IME, and continue to maintain investments in the POWER architecture, even though AFAIK they have no public products that use it.
If you want a POWER workstation and are OK with not running on x86-64 (or x86-32) then there's the Talos II workstation  . It comes with a hefty price tag (IIRC 3,7k USD). Peanuts for a lot of US-based developers, but for many others in the world it just isn't affordable. You say 30% raw performance would be OK. This is not 1,3x more expensive than a x86-64 workstation. It is a lot more...
It also depends on your threat modelling. If you believe that Intel ME is out there, remotely exploitable by XYZ (NSA, evil hackers, ???), then a number of people and groups have a lot to worry about. Groups and people high up in chains. We're talking about developers of software, developers who build software in end user products (those are 2 large groups already), and a whole plethora of other groups which are the foundation of our society.
And it is locally and remotely vulnerable which Intel patched yesterday . What I don't know is if this patch should be applied, or if it should be used to get rid of Intel ME.
NSA & other US orgs receive hardware without ME already.
Surveillance is for the rest of us.
I'm aware of Google's work with Coreboot and Chromebooks, but not Facebook's. Can you tell us anything?
Who has been spied on using Intel ME?
Anyway, I'm happy to read more about it if you have any additional info.
This is especially true for cryptography where a cryptosystem used today has to resist theoretical attackers that can use hardware that will exists in decades from now.
I assume ME and UEFI use DHCP to get their addresses yet my modem/router only shows the one from my user OS.
Where do they get the drivers for whatever NIC happens to be installed? Do the motherboard vendors have to put blobs in place during manufacturing?
It is not much different in concept from a normal layer 1 switch. Everything gets repeated and the recipients discard what they're not interested in.
Anybody got some good links about the Go userspace?
Let us know if you have any questions. There's a slack channel (see contributing.md) where Ron and I are pretty active.
I have kind of a "FOSS diplomacy" question: is the kernel core team involved in this effort, or is it something totally third party to them? (the purpose of this question being to know if linux core team gets involved in go programming)
Also, the NERF (basically negate most of UEFI, in particular the extensibility) firmware using Linux, has an initramfs containing all the user space stuff as uncompiled Go, and a compiler which compiles on the fly.
Can anyone elaborate please. How does AMD compare to Intel's problems with ME?
Zen based parts from AMD have their PSP (platform security processor), which I believe is generally a dedicated Cortex-A series CPU within the silicon to do many security related things. Its functionality is similar to some of what the ME provides on Intel parts.
Someone should read "On Trusting Trust" and note its author…
Anyway that issue is orthogonal to the language choice.
2) Only in so far as it goes into power saving mode itself. (Which is kind of fake, does not disable magic networking junk.)
3) Like in any other boot if unhibernating. Does not touch suspend which is handled in UEFI.
I don't follow. If it's nefarious then doesn't having control in the beginning already screw you? And if not, but if it gets compromised, then can't it be programmed not to do that?
Why wouldn't you be interested in turning it off?
And why would you classify people who'd rather not be running remotely vulnerable code they can't control as "privacy folks"?
Could you please post a link on that? I read about the AMT bugs, which require the user to manually provision it.
Summary: Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege
EDIT: I'm not sure this was the one the GP referring to
> Why wouldn't you be interested in turning it off?
I'm not asking why you'd be interested in it, I'm asking why you'd freak out
so much about it given X/Y/Z are already true and you can't do anything about them. There's a bit more nuance in my argument than you're giving me credit for here.
> And why would you classify people who'd rather not be running remotely vulnerable code they can't control as "privacy folks"?
I already excluded the part about remote vulnerability. See first point above.
Edit: yes at the end of the article https://www.youtube.com/watch?v=iffTJ1vPCSo&list=PLbzoR-pLrL...
Support efforts like coreboot instead. And FFS, firmware should not persist once the operating system boots. Persistent firmware is cancer.
Well, if you're going to run Linux anyway, running Linux as your firmware + bootloader doesn't increase your attack surface. And, it can be argued that e.g. the Linux networking stack is more battle tested than the UEFI one.
> Support efforts like coreboot instead.
Ron Minnich is the father of coreboot. If it were possible to run coreboot on modern Intel server platforms, I'm certain that's what he would propose. As a sibling commenter mentioned, he views NERF as a backup solution if using coreboot isn't possible.
> And FFS, firmware should not persist once the operating system boots. Persistent firmware is cancer.
In NERF, the Linux kernel burned on the flash rom kexec()'s the final distro kernel. IOW, it replaces itself by the new kernel, it doesn't linger around in the background.
I know some people like being retro with old ThinkPads but 12 year old servers are a bit much.
Also, Linux in firmware is either the final OS, or - more likely - a kexec step into the actual OS. In the latter case, there's no persistent firmware since the old Linux is gone.
Generally I agree with you, however there is one thing that cannot be done without a RAM-persisted firmware: any kind of power management. It's highly dependant on the specific chips (sometimes, chip revisions) on the motherboard, and while integrating even ultra low level stuff into the Linux kernel might help there, we see the consequences of doing so in the Android world: manufacturers do not have the time/money to get their code in a shape that's going to be accepted by the kernel community, so they fork it and the users are screwed.
It's not just a simple flag - it's basic stuff like for example which clock pin is mapped to which clock consumer(s), which GPIOs on which pins are mapped to stuff like LEDs, the power/reset switch, which hardware interrupt line is mapped to which GPIO... all stuff that's best kept inside the BIOS where the manufacturer can easily patch it if needed in contrast to the Linux kernel with its notorious difficulty to get stuff accepted into mainline, much less into a kernel that actually runs on users' computers - think LTS users, for example. I can take a 2010 kernel and it will likely run fine on a recent x86 machine, but if I needed to wait for motherboard support to ship in kernel, that would be not very cool.
Yes, something like FDT would be nice but even on the relatively small ARM space it has its fair share of issues - I don't even want to think about having FDT in mainstream x86.
Either do it in the OS, or do it in a separate CPU, such as a microcontroller.
The big difference is Go on one side, and a small selection of config files to support a small/growing collection of hardware on the other.
Is this guy looking to use the existing kernel code, as coreboot does? Or is he going to add to it, to make the One Kernel to Rule Them Allz? Because Im hearing the former, not the latter. I could be wrong.