[clug] Intel Management Engine MINIX

George at Clug Clug at goproject.info
Sat Feb 23 23:42:34 UTC 2019 

Bryan,


Thanks for bringing something to my attention that I had never
bothered with before. I wonder if MINIX can alter microcode?



_Joke for the day ? or I believe in Santa Claus too ?_

https://fossbytes.com/minix-worlds-most-popular-os-threat/
“Intel takes the integrity of its products very seriously. Intel
does not put back doors in its products nor do our products give Intel
control or access to computing systems without the explicit permission
of the end user,” he wrote in a blog post [1].


_Is this a bit like the statement, "if your running ESXi your running
linux."  ?_

https://www.networkworld.com/article/3236064/servers/minix-the-most-popular-os-in-the-world-thanks-to-intel.html


But here’s the crazy part: That’s not the only operating system
you’re running. 



If you have a modern Intel CPU (released in the last few years) with
Intel’s Management Engine [2] built in, you’ve got another
complete operating system running that you might not have had any clue
was in there: MINIX [3]. 














_But this is more to the point;_



GOOGLE WANTS TO REMOVE MINIX FROM ITS INTERNAL SERVERS



According to Google [4], which is actively working to remove Intel’s
Management Engine (MINIX) from their internal servers (for obvious
security reasons), the following features exist within Ring -3: 



	* Full networking stack
	* File systems
	* Many drivers (including USB, networking, etc.)

	* A web server 




George





On Sunday, 24-02-2019 at 01:43 Bryan Kilgallin via linux wrote:


{The second thing to make my head explode: You have zero access to
“Ring 
-3” / MINIX. But MINIX has total and complete access to the entirety
of 
your computer. All of it. It knows all and sees all, which presents a 
huge security risk — especially if MINIX, on that super-secret Ring
-3 
CPU, is running many services and isn’t updated regularly with
security 
patches.}

https://www.networkworld.com/article/3236064/servers/minix-the-most-popular-os-in-the-world-thanks-to-intel.html
-- 
members.iinet.net.au/~kilgallin/

-- 
linux mailing list
linux at lists.samba.org
https://lists.samba.org/mailman/listinfo/linux



Links:
------
[1]
https://securingtomorrow.mcafee.com/executive-perspectives/agile-secure-intels-approach-designing-world-class-security/
[2]
https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it
[3] https://en.wikipedia.org/wiki/MINIX
[4]
https://schd.ws/hosted_files/osseu17/84/Replace%20UEFI%20with%20Linux.pdf

More information about the linux mailing list