back to article Intel to slap hardware lock on Management Engine code to thwart downgrade attacks

Intel's Coffee Lake and Cannon Lake x86 processors can be fortified by computer manufacturers to prevent in hardware attempts to downgrade, exploit and potentially neuter Chipzilla's built-in creepy Management Engine. In June, Positive Technologies security researchers Mark Ermolov and Maxim Goryachy privately reported to …

Page:

  1. Anonymous Coward
    Big Brother

    Intel to thwart downgrade attacks

    And it's all done purely in the interests of protecting us from the cyber-islamo-fascists. The definition of trusted computing actually means that the manufacturers can be trusted to backdoor the hardware for the state security apparatus.

    1. The Man Who Fell To Earth Silver badge
      WTF?

      So...

      Does this mean that to be secure, I should only buy machines with AMD CPU's?

      1. eldakka

        Re: So...

        Does this mean that to be secure, I should only buy machines with AMD CPU's?
        As has been pointed out in the comments of many of the recent articles regarding Intel's IME, AMD has its own version embedded in its chips/chipsets called the PSP. Therefore AMD-based systems are potentially susceptible to the same types of attacks and privacy and security concerns.

        1. kain preacher

          Re: So...

          But not on their main stream desktop CPUs.

          1. whitepines
            Alert

            Re: So...

            This is a common misconception. The server folks like to think the PSP is only for "those consumer chips", and the consumers like to think somehow the PSP is an enterprise-only feature.

            Let me be as clear as possible. EVERY AMD CPU has the PSP. It cannot be removed, it cannot be disabled, and it has full access to the x86 cores and all of the system components. It's stored on rewriteable firmware storage and anyone with access to the AMD signing key can run their code at the highest possible privilege level on the entire system.

            Scared yet?

            1. Chronos

              Re: So...

              Let me be as clear as possible. EVERY AMD CPU has the PSP. It cannot be removed, it cannot be disabled, and it has full access to the x86 cores and all of the system components. It's stored on rewriteable firmware storage and anyone with access to the AMD signing key can run their code at the highest possible privilege level on the entire system.

              Correct, with the tiny qualifier of CPUs and APUs >= family 16h. Trinity and Richland APUs on socket FM1 and Phenom II and Athlon II CPUs on Socket AM3 are probably the last to be PSP-free. A general rule-of-thumb is if it's a 2013 or newer core, it has PSP/Secure Processor.

              1. whitepines

                Re: So...

                Good point, thanks for the correction. I completely forgot the (rather awful) earth-mover series cores were even being manufactured any more since they're completely and utterly obsolete at this point.

                1. whitepines
                  Trollface

                  Re: So...

                  Oh look, an AMD fanboi is stalking me and downvoting. How cute. Don't you have to apply updates to your Windows 10 home edition installation by now?

                2. Chronos

                  Re: So...

                  It's pertinent information if anyone is looking to specifically avoid this mess, as is the fact that Core number numeral devices, more often than not, do come with ME, albeit easily disabled on at least some of the ICH9 variants. I wasn't trying to contradict you or "be clever," just inform.

                  1. whitepines

                    Re: So...

                    @Chronos I appreciate the correction; my comment was directed at the unknown drive-by downvoter, not you. As you said, people need to know what they have to do to avoid this mess, and it's not pretty...

                    1. Chronos

                      Re: So...

                      @whitepines, yes, it would be better if they'd join the debate rather than just clicking the little button, wouldn't it? I agree that the down-vote was unwarranted.

            2. michael.moon

              Re: So...

              perhaps a better solution , obviously only for the security minded , publish which chip which IO pins do what , so we can use a scalpel to physically cut those lines, after all not much use having a management god mode if you CAN'T access it cant reprogram the firmware to get around the physically cut lines.

              Surely this is the buyers preference ? they bought the motherboard it's there hardware , give people the data to PERMINANTLY RENDER THE FUNCTION USELESS!! . :-) or has it been embedded into the cpu itself , surely it must be on it's own separate IC or would not have unfettered access to the memory also

              1. whitepines

                Re: So...

                They're way ahead of you here. Not only is this core on the silicon itself, but disabling it by cutting lines would be rather like drilling holes in the starter motor on your car. The platform simply won't boot without that core, since the core is responsible for starting the platform.

          2. bombastic bob Silver badge

            Re: So...

            (regarding AMD's management engine)

            "But not their main stream desktop CPUs"

            I certainly HOPE so, that AMD CPUs for desktops don't ALL come "equipped" with a management engine like Intel's!

            This sort of thing makes it UNNECESSARILY hard for ME, having to do "that level of research" into new hardware...

            (from the article)

            "patches to kill off the security holes in the code are gradually being made available to organizations and people to download and install."

            How about "patches to PERMANENTLY FLIP THE HAP BIT" (as mentioned as a solution near the end of the article).

            1. whitepines

              Re: So...

              As I mentioned above, yes, they do come with AMD PSP. No way around it.

  2. Anonymous Coward
    Anonymous Coward

    hey intel

    screw you, nobody wants ME

    1. Anonymous Coward
      Anonymous Coward

      Re: hey intel

      Burn it. Burn it with fire.

  3. whitepines
    Mushroom

    ME free computing

    Excellent timing, what with POWER9 being released literally days ago. Pick up one of these and never worry about the ME or PSP again....

    https://raptorcs.com/TALOSII/

    1. S4qFBxkFFg

      Re: ME free computing

      I want one, but the motherboard they're offering makes the high-end stuff from Asus, MSI, etc. look like a budget choice. (>$2000!)

      Does anyone else even make Power9 MBs?

    2. Doctor Syntax Silver badge

      Re: ME free computing

      No laptops, then? And why on earth do they need to list a hex screwdriver as an accessory? Does it use screws with non-standard dimensions such as millicubits?

      1. whitepines

        Re: ME free computing

        I'd guess the long lengths of those drivers aren't all that common. POWER uses a spring loaded retention mechanism; you can see that if you look real close at the heatsink pictures. At any rate it's definitely a standard driver (says 5/32" on the page).

        Other vendors do make systems but the pricing is even worse. IBM launched their own server for GPU compute (the AC922), and there's also the Penguin Computing PE2112GTX. The Talos is currently the only system to focus on security and owner control, though, and it looks like there might be some hope for smaller, cheaper systems if you look at the Raptor Engineering Twitter page.

  4. Christian Berger

    If ME would be the first feature Intel wouldn't charge extra

    I mean, OK, there are actually reasons for wanting to have ME, but so far Intel has chosen to charge extra for every desirable feature. Want ECC-RAM, get a server chip, want virtualisation, get a server chip.

    1. Dan 55 Silver badge

      Re: If ME would be the first feature Intel wouldn't charge extra

      Dell charge $20 extra to disable the chip (i.e. flip the HAP bit) for you, on some laptops. Then there's Purism and System 76.

      https://fossbytes.com/laptops-intel-me-chip-disabled/

    2. phuzz Silver badge
      Unhappy

      Re: If ME would be the first feature Intel wouldn't charge extra

      Yep, get ME in the CPU for my home computer, where I don't need or want it, but when I buy a server at work we have to pay extra for the remote management features.

  5. A Non e-mouse Silver badge

    Optional

    Intel could, of course, listen to the market and sell versions of its chips without ME. But that would result in a lower kick-back from the three letter agencies.

  6. MacroRodent
    Big Brother

    AMD?

    Maybe Purism would have better luck petitioning AMD. They might see a market in selling chips that either lack their equivalent of ME, or provide a documented way for OEMs to totally disable it.

    OK, privacy and security conscious "hippies" is a small market, but it exists, and catering to it should not cost AMD any extra in new chip designs.

    1. whitepines
      Facepalm

      Re: AMD?

      AMD is on record stating that they will not be removing the PSP or allowing it to be disabled. It already provides a digital lock on features for their server chips, and they are moving more and more core functionality into the PSP.

      At minimum, it would be expensive for them to do an about face on this. Considering they also want a slice of the DRM pie, I highly doubt it is even being considered.

      1. Anonymous Coward
        Anonymous Coward

        Re: AMD?

        I think you might have better luck with Qualcomm

      2. phuzz Silver badge

        Re: AMD?

        What does AMD's PSP (or Intel's ME) have to do with DRM?

        Are you getting it confused with the TPM?

        1. eldakka

          Re: AMD?

          What does AMD's PSP (or Intel's ME) have to do with DRM?
          Apparently it is a key element in allowing 4k HD blu-ray decoding by ensuring a non-user accessible encrypted path from the Blu-ray player (or the HTML5 DRM browser plugins) and the display output. Basically, it is used to ensure that HDCP encryption is guaranteed end-to-end. It is, in many ways, a non-optional TPM module. Since the IME/PSP has full control over your computer, it can prevent/isolate user (well, the computer owner's) access to certain areas/features of the computer.

          1. whitepines
            Flame

            Re: AMD?

            Oh, it's worse than that. Remember the "Intel Upgrade Service" from back in 2010? Seems AMD brought it back; and I quote:

            "The PSP is capable of "locking" additional processor features"

            From https://mail.coreboot.org/pipermail/coreboot/2014-August/078489.html

            Also found the same general claim elsewhere online, but like all things ME/PSP related it's generally shrouded in mystery and myth....

            1. Anonymous Coward
              Anonymous Coward

              Re: AMD?

              Look for more news about the PSP incoming.

              No idea what the truth of this story will turn out to be, but don't write off a disable flag just yet. Don't rely on one turning up either though.

              1. bombastic bob Silver badge
                Happy

                Re: AMD?

                @Mycho

                thanks for that article link (about firmware updates to allow disabling PSP). I'll put off making a particular motherboard and CPU choice until AFTER this is all ironed out...

                /me wonders if Linux and the BSDs might some day include a method of disabling management engines...

              2. whitepines

                Re: AMD?

                That's already been largely debunked. The PSP still runs, it's not disabled, just UEFI doesn't talk to it. It's probably just a debug option in case UEFI gets so messed up the board doesn't boot for some reason.

                https://www.phoronix.com/forums/forum/hardware/motherboards-chipsets/994165-amd-reportedly-allows-disabling-psp-secure-processor-with-latest-agesa?p=994177#post994177

  7. Andy The Hat Silver badge

    Anti roll back ...

    is a good thing ... unless the update goes wrong in which case Intel have killed your system until they decide to release an update with a later version number.

    Nothing can possibly go wrong there then.

    1. Richard 12 Silver badge

      Re: Anti roll back ...

      Plus there aren't many of these "fuses" - normally only 16 or 32 bits.

      Normally they are used for the device serial number and as markers for warranty-breaking events (eg overclocked, overtemp etc)

      All they can is blow one more fuse each time.

      So they're betting all their customers physical hardware on never needing more than 15 firmware updates.

      Ever, on pain of total brick.

    2. Anonymous Coward
      Anonymous Coward

      Re: Anti roll back ...

      Most BIOSs store a backup of the firmware before writing the new one. I'm no CPU guru, but couldn't something similar be done securely? A chip that only ME can access, where it writes the old firmware, flashes the new, if the ME fails to come up, re-write the backup?

      So long as only the ME can access this "backup chip", it should be safe as for something nefarious to mess with the backup chip, it'd have to first compromise the ME, and you're hosed anyway.

  8. I Am Spartacus
    Devil

    Support for Linux

    It means that Linux distros have to be signed to use the secure boot. but that will stop you loading any device driver that taints the kernel.

    That new graphics engine? Sorry. but you can't use any of the special features until we get a kernel upgrade signed by Intel, which by the way, probably means that M$ also have to sign off on it.

    1. phuzz Silver badge

      Re: Support for Linux

      You're mixing up the ME with SecureBoot. They're different and separate things.

      So far the only machines I've heard of that don't allow you to either disable Secure Boot, or to add your own (non-microsoft) certificates are some of the Surface tablets.

      So, if you want to install a new graphics driver into your kernel, either use one of the distros that uses a signed shim, or add your own cert into your BIOS, and compile your own signed bootloader.

  9. zaax

    NSA won't allow them to turn it off.

  10. jms222

    With all its faults I do respect that just not having it isn't an option. I went to a talk about trying to replace it yielding essentially broken machines. The surprising thing was that people considered the result useful.

    It's the thing that stops the chip cooking itself after all.

    But maybe there is middle ground where the customer (machine maker) could have their variant supplied with all the remote management and USB<->JTAG crap removed but keeping power and thermal management.

    1. Doctor Syntax Silver badge

      "the customer (machine maker)"

      And therein lies the problem. Intel's customers are machine makers, not us. We, as the ultimate customers, are just at the end of the chain and there are, as yet, insufficient of us who actual care about security. Once a large scale malware campaign worms its way into the ME, possibly resulting in a class action, then we'll finally see Intel frantically scrabbling to try and roll back what they've done and launch ME-free chips.

    2. Dan 55 Silver badge

      They are different things. The SMM is not the same as the ME. You can (or should be able to) design a chip with the SMM but without the ME.

  11. conscience
    FAIL

    Writeable firmware is a terrible idea that wouldn't be necessary if Intel (and others) could be bothered to get their code right prior to shipping.

    We never had this trouble with the old ROM chips. Plus, if the ROM chips were socketed, there would still be the option to physically swap the chips if emergency updates were needed without leaving everyone wide open to attack and snooping. Anything has to be better than the current arrangement.

    1. Hescominsoon

      We never had this problem with ROM because security was an afterthought.....

    2. Kiwi

      Plus, if the ROM chips were socketed, there would still be the option to physically swap the chips if emergency updates were needed without leaving everyone wide open to attack and snooping. Anything has to be better than the current arrangement.

      Yes, because having your system vulnerable or down while waiting for the new chips to ship (and hopefully survive the wonderful security and handling procedures of courier/postal firms...) is so much better than quickly downloading software from the makers site and install it.

      Code is hard. It's practically impossible (even if theoretically possible) to produce software of a significant size without issues. It could even be that your software ships 100% bug and security flaw free, but someone else finds another way in.

      The "old rom chips" did not do anywhere near what is done today. I have somewhere around an ancient hub - 10mbs vs my GB switch. The hub cannot do the speed and despite being made with some very "old rom chips" is not nearly as secure as the switch.

      I've got graphics cards with socketed RAM chips and all sorts of other old junk lying around. I have photos which these machines could never hope to display. I've got a 5mb HDD around somewhere (full height MFM), and hundreds (if not thousands) of photographs that said drive could not hold.

      Things have moved on and are more complex.

      That said, AMD and Intel could make a way for the nastier side of their systems to be disabled if a customer desires, or require a jumper setting on the mobo to enable the communications side of it - lots of ways they could reasonably easily make it so those who want it can have it and those who hate it can kill it. We're probably not even talking cents per board, which they can reclaim by charging the end customers dollars per board anyway.

  12. Anonymous Coward
    Anonymous Coward

    Next week we’ll find out that the ME has an embedded management engine of its own (MeMe?) and that’ll get hacked too. And the following week... what a complete mess IT has become.

    1. AndyMulhearn

      Next week we’ll find out that the ME has an embedded management engine of its own (MeMe?) and that’ll get hacked too. And the following week... what a complete mess IT has become.

      I think you mean Mini ME?

  13. Anonymous Coward
    Anonymous Coward

    Brace

    "a brace of exploitable bugs – CVE-2017-5705, 5706, and 5707"

    2 != 3

    1. Anonymous Coward
      Anonymous Coward

      Re: Brace

      well...how about a leash of bugs? :)

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like