Fwd: [Cryptography] Intel Management Engine pwnd (was: How to find hidden/undocumented instructions
122 views
Skip to first unread message
Sandy Harris
Nov 22, 2017, 8:34:26 AM11/22/17
to qubes-users
From a crypto list, seemed relevant here.
---------- Forwarded message ----------
From: =JeffH <Jeff....@kingsmountain.com>
Date: Tue, Nov 21, 2017 at 7:04 PM
Subject: [Cryptography] Intel Management Engine pwnd (was: How to find
hidden/undocumented instructions
To: "Crypto (moderated) list" <crypto...@metzdowd.com>
Oh joy...
Intel finds critical holes in secret Management Engine hidden in tons
of desktop, server chipsets
https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/
By Thomas Claburn in San Francisco 20 Nov 2017 at 23:53
Intel today admitted its Management Engine (ME), Server Platform
Services (SPS), and Trusted Execution Engine (TXE) are vulnerable to
multiple worrying security flaws, based on the findings of external
security experts.
The firmware-level bugs allow logged-in administrators, and malicious
or hijacked high-privilege processes, to run code beneath the
operating system to spy on or meddle with the computer completely out
of sight of other users and admins. The holes can also be exploited by
network administrators, or people masquerading as admins, to remotely
infect machines with spyware and invisible rootkits, potentially.
Meanwhile, logged-in users, or malicious or commandeered applications,
can leverage the security weaknesses to extract confidential and
protected information from the computer's memory, potentially giving
miscreants sensitive data – such as passwords or cryptographic keys –
to kick off other attacks. This is especially bad news on servers and
other shared machines.
In short, a huge amount of Intel silicon is secretly running code that
is buggy and exploitable by attackers and malware to fully and
silently compromise computers. The processor chipsets affected by the
flaws are as follows:
6th, 7th and 8th Generation Intel Core processors
Intel Xeon E3-1200 v5 and v6 processors
Intel Xeon Scalable processors
Intel Xeon W processors
Intel Atom C3000 processors
Apollo Lake Intel Atom E3900 series
Apollo Lake Intel Pentiums
Celeron N and J series processors
Intel's Management Engine, at the heart of today's disclosures, is a
computer within your computer. It is Chipzilla's much maligned
coprocessor at the center of its vPro suite of features, and it is
present in various chip families. It has been assailed as a "backdoor"
– a term Intel emphatically rejects – and it is a mechanism targeted
by researchers at UK-based Positive Technologies, who are set to
reveal in detail new ways to exploit the ME next month.
The Management Engine is a barely documented black box. it has its own
CPU and its own operating system – recently, an x86 Quark core and
MINIX – that has complete control over the machine, and it functions
below and out of sight of the installed operating system and any
hypervisors or antivirus tools present.
It is designed to allow network administrators to remotely or locally
log into a server or workstation, and fix up any errors, reinstall the
OS, take over the desktop, and so on, which is handy if the box is so
messed up it can't even boot properly.
The ME runs closed-source remote-administration software to do this,
and this code contains bugs – like all programs – except these bugs
allow hackers to wield incredible power over a machine. The ME can be
potentially abused to install rootkits and other forms of spyware that
silently snoop on users, steal information, or tamper with files.
SPS is based on ME, and allows you to remotely configure Intel-powered
servers over the network. TXE is Intel's hardware authenticity
technology. Previously, the AMT suite of tools, again running on ME,
could be bypassed with an empty credential string.
Today, Intel has gone public with more issues in its firmware. It
revealed it "has identified several security vulnerabilities that
could potentially place impacted platforms at risk" following an audit
of its internal source code:
In response to issues identified by external researchers, Intel has
performed an in-depth comprehensive security review of our Intel
Management Engine (ME), Intel Server Platform Services (SPS), and
Intel Trusted Execution Engine (TXE) with the objective of enhancing
firmware resilience.
The flaws, according to Intel, could allow an attacker to impersonate
the ME, SPS or TXE mechanisms, thereby invalidating local security
features; "load and execute arbitrary code outside the visibility of
the user and operating system"; and crash affected systems. The
severity of the vulnerabilities is mitigated by the fact that most of
them require local access, either as an administrator or less
privileged user; the rest require you to access the management
features as an authenticated sysadmin.
<snip/>
_______________________________________________
The cryptography mailing list
crypto...@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
---------- Forwarded message ----------
From: =JeffH <Jeff....@kingsmountain.com>
Date: Tue, Nov 21, 2017 at 7:04 PM
Subject: [Cryptography] Intel Management Engine pwnd (was: How to find
hidden/undocumented instructions
To: "Crypto (moderated) list" <crypto...@metzdowd.com>
Oh joy...
Intel finds critical holes in secret Management Engine hidden in tons
of desktop, server chipsets
https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/
By Thomas Claburn in San Francisco 20 Nov 2017 at 23:53
Intel today admitted its Management Engine (ME), Server Platform
Services (SPS), and Trusted Execution Engine (TXE) are vulnerable to
multiple worrying security flaws, based on the findings of external
security experts.
The firmware-level bugs allow logged-in administrators, and malicious
or hijacked high-privilege processes, to run code beneath the
operating system to spy on or meddle with the computer completely out
of sight of other users and admins. The holes can also be exploited by
network administrators, or people masquerading as admins, to remotely
infect machines with spyware and invisible rootkits, potentially.
Meanwhile, logged-in users, or malicious or commandeered applications,
can leverage the security weaknesses to extract confidential and
protected information from the computer's memory, potentially giving
miscreants sensitive data – such as passwords or cryptographic keys –
to kick off other attacks. This is especially bad news on servers and
other shared machines.
In short, a huge amount of Intel silicon is secretly running code that
is buggy and exploitable by attackers and malware to fully and
silently compromise computers. The processor chipsets affected by the
flaws are as follows:
6th, 7th and 8th Generation Intel Core processors
Intel Xeon E3-1200 v5 and v6 processors
Intel Xeon Scalable processors
Intel Xeon W processors
Intel Atom C3000 processors
Apollo Lake Intel Atom E3900 series
Apollo Lake Intel Pentiums
Celeron N and J series processors
Intel's Management Engine, at the heart of today's disclosures, is a
computer within your computer. It is Chipzilla's much maligned
coprocessor at the center of its vPro suite of features, and it is
present in various chip families. It has been assailed as a "backdoor"
– a term Intel emphatically rejects – and it is a mechanism targeted
by researchers at UK-based Positive Technologies, who are set to
reveal in detail new ways to exploit the ME next month.
The Management Engine is a barely documented black box. it has its own
CPU and its own operating system – recently, an x86 Quark core and
MINIX – that has complete control over the machine, and it functions
below and out of sight of the installed operating system and any
hypervisors or antivirus tools present.
It is designed to allow network administrators to remotely or locally
log into a server or workstation, and fix up any errors, reinstall the
OS, take over the desktop, and so on, which is handy if the box is so
messed up it can't even boot properly.
The ME runs closed-source remote-administration software to do this,
and this code contains bugs – like all programs – except these bugs
allow hackers to wield incredible power over a machine. The ME can be
potentially abused to install rootkits and other forms of spyware that
silently snoop on users, steal information, or tamper with files.
SPS is based on ME, and allows you to remotely configure Intel-powered
servers over the network. TXE is Intel's hardware authenticity
technology. Previously, the AMT suite of tools, again running on ME,
could be bypassed with an empty credential string.
Today, Intel has gone public with more issues in its firmware. It
revealed it "has identified several security vulnerabilities that
could potentially place impacted platforms at risk" following an audit
of its internal source code:
In response to issues identified by external researchers, Intel has
performed an in-depth comprehensive security review of our Intel
Management Engine (ME), Intel Server Platform Services (SPS), and
Intel Trusted Execution Engine (TXE) with the objective of enhancing
firmware resilience.
The flaws, according to Intel, could allow an attacker to impersonate
the ME, SPS or TXE mechanisms, thereby invalidating local security
features; "load and execute arbitrary code outside the visibility of
the user and operating system"; and crash affected systems. The
severity of the vulnerabilities is mitigated by the fact that most of
them require local access, either as an administrator or less
privileged user; the rest require you to access the management
features as an authenticated sysadmin.
<snip/>
_______________________________________________
The cryptography mailing list
crypto...@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
Yuraeitha
Nov 22, 2017, 5:07:15 PM11/22/17
to qubes-users
Now seems like a really good time to twist Intel's arm to the back and force them to get rid of these invasive blobs, once and for all. Going open source, should be the very minimum solution, after all, how can we trust a company like this otherwise, if they don't at least try to be as transparent as possible. They lack trust enough already as it is, them now admitting it should mean no more roadblocks to get rid of it once and for all.
If they got to the point and they admitted it (and its no longer a case of proving its existence), and still don't want to do the right thing, then imho, all hell should break loose.
Even if AMD is fucked up in this way as well, I'll buy AMD until Intel get this right. Because right now, Intel needs to look good again, while AMD does not after its come-back. Boycutting Intel now, may force its hand to do the right thing. Push em where it hurts.
And if Intel finally does the right thing, then who knows, AMD may follow suit. AMD is halfway there already anyway.
Tai...@gmx.com
Nov 22, 2017, 9:46:16 PM11/22/17
to Yuraeitha, qubes-users
On 11/22/2017 05:07 PM, Yuraeitha wrote:
> Now seems like a really good time to twist Intel's arm to the back and force them to get rid of these invasive blobs, once and for all. Going open source, should be the very minimum solution, after all, how can we trust a company like this otherwise, if they don't at least try to be as transparent as possible. They lack trust enough already as it is, them now admitting it should mean no more roadblocks to get rid of it once and for all.
>
> If they got to the point and they admitted it (and its no longer a case of proving its existence), and still don't want to do the right thing, then imho, all hell should break loose.
>
> Even if AMD is fucked up in this way as well, I'll buy AMD until Intel get this right. Because right now, Intel needs to look good again, while AMD does not after its come-back. Boycutting Intel now, may force its hand to do the right thing. Push em where it hurts.
>
> And if Intel finally does the right thing, then who knows, AMD may follow suit. AMD is halfway there already anyway.
>
AMD has PSP, which is their version of ME. It is no better.
> Now seems like a really good time to twist Intel's arm to the back and force them to get rid of these invasive blobs, once and for all. Going open source, should be the very minimum solution, after all, how can we trust a company like this otherwise, if they don't at least try to be as transparent as possible. They lack trust enough already as it is, them now admitting it should mean no more roadblocks to get rid of it once and for all.
>
> If they got to the point and they admitted it (and its no longer a case of proving its existence), and still don't want to do the right thing, then imho, all hell should break loose.
>
> Even if AMD is fucked up in this way as well, I'll buy AMD until Intel get this right. Because right now, Intel needs to look good again, while AMD does not after its come-back. Boycutting Intel now, may force its hand to do the right thing. Push em where it hurts.
>
> And if Intel finally does the right thing, then who knows, AMD may follow suit. AMD is halfway there already anyway.
>
owner controlled POWER is the future, if enough people buy TALOS
products eventually they'll be a lower end option (FYI the TALOS 2 price
is appropriate for high end server hardware, it is actually less than
Intel's stuff)
If google can't convince intel to offer a way to remove ME then no one
can, certainly not a small company with no real connections and no
hardware engineers (purism)
Yuraeitha
Nov 22, 2017, 10:11:18 PM11/22/17
to qubes-users
Nice! I did not know about TALOS, seems really interesting. I had kinda lost any hope for POWER CPU's since IBM are such big slackers when it comes to getting POWER marketed or supporting motherboard developers in the mass markets. The way I understand it, it's significantly easier to make motherboards, compared to making CPU's, and existing RAM technology can be used. So it was a bit mind-boggling for me that no one went ahead and made POWER motherboards. Not enough interest by the people at least capable of making motherboards, I guess? or my understanding of it falls short perhaps.
But either way, TALOS is really good news. Though its a bit sad that its so pricy and only for desktops. Especially as mobile devices are becoming so powerful, that desktops are less relevant for most normal people these days. It makes the desktop market smaller, and TALOS even harder to sell to normal people, and thereby probably also less likely to drop in price then too. And as a result, much less likely to come to laptops as well then. Unless something changes? Seems like an evil unbreakable circle, unless a shortcut is being cut out somewhere.
For one, the price is waaaaaay to high for most regular people.
What hopes do we have for cheaper hardware, made available for the more popular devices (like laptops and phones), I wonder.
It's so frustrating, getting hopes, but at the same time, just enough out of reach, dangling there like a carrot on a stick, laughing at you. Frustrating...
also, lmao, indeed, the claims and lack of results to show for, are gonna make purism a laughing stock for years to come. Maybe if they involved the open source community and got a huge backing with a single voice, but instead, many open source people got offended by their overestimated claims. The irony...
jkitt
Nov 22, 2017, 10:54:57 PM11/22/17
to qubes-users
On Wednesday, 22 November 2017 13:34:26 UTC, Sandy Harris wrote:
> From a crypto list, seemed relevant here.
> .....> From a crypto list, seemed relevant here.
> Oh joy...
>
> Intel finds critical holes in secret Management Engine hidden in tons
> of desktop, server chipsets
> https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/
So I have my ME "turned off", and I understand off never means off, but can it still be remotely exploited? I'm using a wireless NIC.
Yuraeitha
Nov 22, 2017, 11:26:24 PM11/22/17
to qubes-users
On Thursday, November 23, 2017 at 2:46:16 AM UTC, Tai...@gmx.com wrote:
oh btw Tai, I realized I missed your AMD line comment.
I'm well aware that AMD sucks too, but this is not my point I tried to make. The point is that AMD looks good (for other reasons), compared to Intel right now. If Intel wants to fight back, they could for starters try stop appearing so... well.. "evil" or needlessly and overly "greedy" beyond reason.
So I'm not saying AMD is any better, it's just that AMD can be used, like a tool, to fuck Intel up enough, to force Intel's hand to do something good (hopefully). Question is, will enough people do it, in orcer to force Intel's hand. And if enough do it, then its probably not for this reason. But nontheless, whatever little helps to send Intel a clear signal that they need to behave to regain any love.
Yuraeitha
Nov 22, 2017, 11:28:43 PM11/22/17
to qubes-users
@jkitt a good question, we need some more answers. For starters, where is the proof that it works, and not just take "experts words for that it works". Taking a word for it, simply just isn't good enough.
Tai...@gmx.com
Nov 22, 2017, 11:34:07 PM11/22/17
to jkitt, qubes-users
allow for that, although I wouldn't be using an intel wireless NIC as I
am sure they have some unpublished extra ME features besides the vPro
ones that are documented.
Yuraeitha
Nov 22, 2017, 11:46:18 PM11/22/17
to qubes-users
So for example, there is no issue buying a motherboard (and cleaning it up), with an intel NIC, just as long you do not use the nic, right? I mean, it cannot execute commands inwards to the motherboard, but only whatever passes through the NIC when its in use?
So if for example inserting a more trusted PCI nic card, and just ignoring the intel nic, it should be no problem?
Tai...@gmx.com
Nov 23, 2017, 12:01:41 AM11/23/17
to Yuraeitha, qubes-users
On 11/22/2017 10:11 PM, Yuraeitha wrote:
> Nice! I did not know about TALOS, seems really interesting. I had kinda lost any hope for POWER CPU's since IBM are such big slackers when it comes to getting POWER marketed or supporting motherboard developers in the mass markets. The way I understand it, it's significantly easier to make motherboards, compared to making CPU's, and existing RAM technology can be used. So it was a bit mind-boggling for me that no one went ahead and made POWER motherboards. Not enough interest by the people at least capable of making motherboards, I guess? or my understanding of it falls short perhaps.
Actually a lot of companies made POWER 8 motherboards you just didn't
> Nice! I did not know about TALOS, seems really interesting. I had kinda lost any hope for POWER CPU's since IBM are such big slackers when it comes to getting POWER marketed or supporting motherboard developers in the mass markets. The way I understand it, it's significantly easier to make motherboards, compared to making CPU's, and existing RAM technology can be used. So it was a bit mind-boggling for me that no one went ahead and made POWER motherboards. Not enough interest by the people at least capable of making motherboards, I guess? or my understanding of it falls short perhaps.
hear about it (as they aren't mass market)
POWER 9 is a lot more accessible so there will be many more partners, as
more components are now on the CPU die it is cheaper to make
motherboards (which is also why TALOS 2 is a reality) and thus more will
be made.
Look up the OpenPOWER foundation, despite all the really bad things they
have done in the past IBM is making many strides for computing freedom.
What other company releases this level of information on their CPU's?
their hardware? lets you fix your own microcode and gives you the
documentation to teach yourself how to do so?
> But either way, TALOS is really good news. Though its a bit sad that its so pricy and only for desktops.
The price is average for hardware in its performance class, like I said
there are many lower priced (and lower performance) options but now we
are lucky enough to have one in the very high performance sphere.
> Especially as mobile devices are becoming so powerful, that desktops are less relevant for most normal people these days. It makes the desktop market smaller, and TALOS even harder to sell to normal people and thereby probably also less likely to drop in price then too. And as a result, much less likely to come to laptops as well then. Unless something changes? Seems like an evil unbreakable circle, unless a shortcut is being cut out somewhere.
TALOS 2 isn't meant for "normal people" - even I would be hard pressed
to use the full capabilities of even the lower end POWER9 CPU's to the
point where I would really be getting my moneys worth.
The market segment is the small corporation concerned about IP theft
that wants high performance secure computing and may already be using
POWER systems, not grandma and not even you or me but I will however be
purchasing one once I find full time employment again as I believe in
the cause and I want to support them.
It is the first time one can get a free firmware system off the shelf
with the latest and greatest technology, no matter the cost they have
truly done something special here.
> For one, the price is waaaaaay to high for most regular people.
> What hopes do we have for cheaper hardware, made available for the more popular devices (like laptops and phones), I wonder.
You already have cheaper/slower hardware, such as the KCMA-D8 and
> What hopes do we have for cheaper hardware, made available for the more popular devices (like laptops and phones), I wonder.
KGPE-D16 (libre firmware ports and OpenBMC ports made by the same
company) or the open source init G505S laptop.
You can make a libre firmware workstation that can play the latest games
in a VM for $500 total.
In the case of TALOS 2 it fills the gap in the ultra high performance
category, where as the D8 and D16 are the low-medium performance category.
> It's so frustrating, getting hopes, but at the same time, just enough out of reach, dangling there like a carrot on a stick, laughing at you. Frustrating...
>
> also, lmao, indeed, the claims and lack of results to show for, are gonna make purism a laughing stock for years to come. Maybe if they involved the open source community and got a huge backing with a single voice, but instead, many open source people got offended by their overestimated claims. The irony...
They still refuse to take the input of the community in to account, but
>
> also, lmao, indeed, the claims and lack of results to show for, are gonna make purism a laughing stock for years to come. Maybe if they involved the open source community and got a huge backing with a single voice, but instead, many open source people got offended by their overestimated claims. The irony...
constantly attack people like me who give them the constructive
criticism they deserve - they say "oh we are doing our best to free ME"
aka waiting and hoping someone else will do so. They have no hardware
engineers on staff so no one to tell them how impossible and pointless
that is.
The only thing they are good at is marketing, it is truly incredible the
amount of spin and slick lingo they have on their website - hell there
are even paid shills on various mailinglists who attack me and others on
a regular basis.
They have easily made a libre laptop via either the AMD FT3 mobile
platform (high end when they released their second laptop) or hell even
a KCMA-D8 in a custom fab case with a custom battery, keyboard, etc and
a 35W 8 core CPU - heavy? sure free? definitely.
On the coreboot website it says that you can't have free firmware for
the latest and greatest x86-64 stuff due to the level of churn, but they
still don't listen and refuse to change course and admit they made bad
choices.
Even leah rowe made right and finally paid her (monetary) debts, we can
only hope purism pays their (philosophical) debt to the community with
all the energy and money they have sucked away from real computing
freedom projects.
Tai...@gmx.com
Nov 23, 2017, 12:02:01 AM11/23/17
to Yuraeitha, qubes-users
On 11/22/2017 11:26 PM, Yuraeitha wrote:
> oh btw Tai, I realized I missed your AMD line comment.
> I'm well aware that AMD sucks too, but this is not my point I tried to make. The point is that AMD looks good (for other reasons), compared to Intel right now. If Intel wants to fight back, they could for starters try stop appearing so... well.. "evil" or needlessly and overly "greedy" beyond reason.
If you really need a *brand new* x86-64 CPU then yes AMD is a better
> oh btw Tai, I realized I missed your AMD line comment.
> I'm well aware that AMD sucks too, but this is not my point I tried to make. The point is that AMD looks good (for other reasons), compared to Intel right now. If Intel wants to fight back, they could for starters try stop appearing so... well.. "evil" or needlessly and overly "greedy" beyond reason.
company, a few thousand people on reddit was enough to get executive
level attention about PSP and they somewhat entertained the idea of
providing a way to truly disable it or offer CPU's without it - not that
they did but even google can't get intels attention like that.
For now however a Socket G34 6328/6386SE is more than good enough for
just about anything.
AMD is a much smaller company with a much smaller market share.
> So I'm not saying AMD is any better, it's just that AMD can be used, like a tool, to fuck Intel up enough, to force Intel's hand to do something good (hopefully). Question is, will enough people do it, in orcer to force Intel's hand. And if enough do it, then its probably not for this reason. But nontheless, whatever little helps to send Intel a clear signal that they need to behave to regain any love.
Intel is too big of a company for anyone to make an impact short of a
nation state deciding to no longer buy their products for its
governmental computers which would actually be a really smart idea
(however none have done so)
Tai...@gmx.com
Nov 23, 2017, 12:05:50 AM11/23/17
to Yuraeitha, qubes-users
On 11/22/2017 11:46 PM, Yuraeitha wrote:
> So for example, there is no issue buying a motherboard (and cleaning it up), with an intel NIC, just as long you do not use the nic, right? I mean, it cannot execute commands inwards to the motherboard, but only whatever passes through the NIC when its in use?
Why would you buy one when there are so many alternatives?
> So for example, there is no issue buying a motherboard (and cleaning it up), with an intel NIC, just as long you do not use the nic, right? I mean, it cannot execute commands inwards to the motherboard, but only whatever passes through the NIC when its in use?
> So if for example inserting a more trusted PCI nic card, and just ignoring the intel nic, it should be no problem?
Not how it works, intel nic or not you have the same level of security
once you use me_cleaner - additionally the non LOM series intel nic
ASIC's lack the ME ability irregardless and one can also modify the LOM
series firmware to remove that ability.
The whole "oh you are fine from hypothetical nation state backdoors if
you use a non-intel nic" rumor was started by purism - it is absolutely
false. If such a backdoor existed they surely would have thought of that
already - there are a variety of methods to communicate and control with
a PCI-e networking device without having drivers for each and every NIC
on the market.
Reply all
Reply to author
Forward
0 new messages