[tor-talk] Mimix, an operating system inside the main OS

grarpamp grarpamp at gmail.com
Fri Nov 10 06:11:26 UTC 2017


> The ThinkPad X200 was introduced in 2009 (not 2000); Intel ME has been
> in all Intel hardware since 2006.

It's not date based, but product line based, old product
vs new, both in production at any given time.

There's all kinds of secret shit in your closed source, unverifiable,
CPU's and software.

https://www.slideshare.net/codeblue_jp/igor-skochinsky-enpub/1
https://github.com/corna/me_cleaner
https://en.wikipedia.org/wiki/Intel_Management_Engine
https://puri.sm/posts/deep-dive-into-intel-me-disablement/
http://blog.ptsecurity.com/2017/08/disabling-intel-me.html

AMD (with PSP etc) and Microsoft are filled with their
own secret goodies too.

And while you can maybe if very lucky, start to find
at least some firmwares have been designed out...
ARM
https://www.raptorcs.com/TALOSII/

You still can't see inside the chips.

So until you start demanding and requiring open chips #OpenHW,
open fabs #OpenFabs, and open software #OpenSW, you're fucked.

Have fun being compromised till then.

> It's probably worth noting that Intel AMT (which runs on the ME's
> controller) is the "enterprise" functionality with the web server and
> remote provisioning. The ME firmware just does stuff like host the
> network stack and deal with the hardware support. Maybe it does other
> stuff. AMT seems to be the really shocking vulnerable component.

>>> https://www.networkworld.com/article/3236064/servers/minix-the-most-popular-os-in-the-world-thanks-to-intel.amp.html
>>>
>>>  You might not know it, but inside your Intel system, you have an
>>> operating system running in addition to your main OS, MINIX. And it’s
>>> raising eyebrows and concerns
>>
>> Without question, the revelations about Intel ME are shocking. Sort of
>> like we've known has existed on smart phones for a long while.
>>
>> The article seems to note that it's only an issue for the "last few
>> years" when I believe it's been found as far back as the Thinkpad x200
>> (~year 2000), at least.
>>
>> There are a number of tools on GitHub looking to mitigate ME, such as
>> intelmetool, me-tools and me_cleaner, but one should be EXTREMELY
>> careful about running them as bricking hardware is a real possibility.
>>
>> Oddly, the article seems to cast Minix as tainted, while Tanenbaum is
>> *really* someone who matters in operating system land in a good way, and
>> everyone should realize that the original Linux was a Minix derivative.


More information about the tor-talk mailing list