SoylentNews is people
SoylentNews
Submitted via IRC for TheMightyBuzzard
Since 2008, most of Intel's chipsets have contained a tiny homunculus computer called the "Management Engine" (ME). The ME is a largely undocumented master controller for your CPU: it works with system firmware during boot and has direct access to system memory, the screen, keyboard, and network. All of the code inside the ME is secret, signed, and tightly controlled by Intel. Last week, vulnerabilities in the Active Management (AMT) module in some Management Engines have caused lots of machines with Intel CPUs to be disastrously vulnerable to remote and local attackers. While AMT can be disabled, there is presently no way to disable or limit the Management Engine in general. Intel urgently needs to provide one.
[...] EFF believes that Intel needs to provide a minimum level of transparency and user control of the Management Engines inside our computers, in order to prevent this cybersecurity disaster from recurring. Unless that happens, we are concerned that it may not be appropriate to use Intel CPUs in many kinds of critical infrastructure systems.
It's a crying shame the what the EFF says doesn't hold a whole lot of weight.
Source: The Electronic Frontier Foundation
(Score: 4, Interesting) by Runaway1956 on Monday May 15 2017, @08:13AM (18 children)
I was gloating over Intel's problems, until I was reminded that AMD has a similar function onboard their chips. I guess the difference is in the level of transparency. But, I'm happy to see Intel having problems anyway. It some percentage of the population distrusts Intel, that opens the door for more competition, which in turn, helps to keep Intel honest. Intel has done a lot of more or less shady things in it's history, but I'll never forgive them for trying to make all their CPU's identify themselves on the internet. Sally Anonymous went to great lengths to prevent being identified while on the web, but her CPU was busy announcing her identity to anyone who knew how to ask. Sucks to be Sally, huh?
http://courses.ischool.berkeley.edu/i224/s99/GroupG/psn_outline.html [berkeley.edu]
(Score: 2) by Wootery on Monday May 15 2017, @08:27AM (8 children)
Is it possible to turn off AMD's system?
The damning part of this whole episode isn't that Intel have a below-ring-zero bug, or even that it's on by default, but that it's impossible to turn off.
(Score: 2) by butthurt on Monday May 15 2017, @09:19AM (1 child)
Slashdot commenter sexconker seems to say "no":
But AMD won't be removing it, so they could at least allow binary blobs to be loaded which disable functionality. (Or give us a config option or jumper to do the same.)
-- https://news.slashdot.org/comments.pl?sid=10349793&cid=54015969 [slashdot.org]
I haven't seen anything to the contrary.
(Score: 0) by Anonymous Coward on Monday May 15 2017, @08:15PM
'Lisa Su has been made aware of it, but sadly she has already left for the day, but you can be sure this has the attention of the highest levels of AMD management.' -- Or something similiar.
Basically AMD gave a carefully worded and polite brushoff when the PSP was brought up. As the Netflix article also shows, Trustzone/ME components are not going away because media companies want a generally programmable 'master system' they can use to implement their DRM and spying on the user's system. While such a system could have mostly been implemented in secure, documented and reproducable hardware (barring perhaps the encryption engine, which would need to be standardized and modular to allow hardware to support new keytypes and deprecate broken ones for new importation to the hardware secured keyring), but due to cost reduction and a desire for control, rather than a mutually trusted shared escrow system (each side's keys being placable into a shared keystore without either getting access to the other's key and all cryptographic re-encoding taking place inside of it before being transmitted to an authorized decoding device, which in turn would have to relay a public key signed by a certificate authority trusted by the media company/DRM implementors, to ensure the remote device would not allow copying. Notice how this isn't very different from how HDCP is supposed to work? Combining a certificate authority like the internet uses, and a trustworthy non-reprogrammable hardware key escrow ensures both sides could trust its authorization. But neither TrustZone, Intel ME, nor the TPM/Secureboot modules have been designed that way.
(Score: 3, Informative) by kaszz on Monday May 15 2017, @09:37AM (5 children)
Here's how to shut off the Intel one [github.io].
(Score: 4, Insightful) by The Mighty Buzzard on Monday May 15 2017, @11:09AM (4 children)
Sort of. You can never be certain though. You can't even tell if they sold the NSA a backdoor. The firmware is closed source and heavily encrypted.
My rights don't end where your fear begins.
(Score: 2) by bradley13 on Monday May 15 2017, @11:26AM
Given all of the other Snowdon revelations, I wouldn't bet against it. In fact, I figure it's damn near certain that the NSA has a backdoor into the management engine. It's a much more attractive target that lots of other things they spend $billions attacking, and they can certainly bend Intel into compliance.
There's every reason for the ME to be open source, and for owners to have the same level of access to it that they do to their system firmware. I.e., it should be possible for the owner to inspect it, and to alter it just as you would any other firmware. Obviously, this shouldn't be possible from an O/S level (rootkit danger), but possibly through a special physical port.
Everyone is somebody else's weirdo.
(Score: 1) by fustakrakich on Monday May 15 2017, @12:28PM (1 child)
You can never be certain though.
Can't you monitor network traffic?
La politica e i criminali sono la stessa cosa..
(Score: 2) by The Mighty Buzzard on Monday May 15 2017, @02:41PM
From another box that doesn't have any sort of ME, sure. From one that does, what's to stop them from refusing to register packets they don't want you to see?
My rights don't end where your fear begins.
(Score: 2) by kaszz on Monday May 15 2017, @04:31PM
You are absolutely right. I should been more clear on that. Otoh, most people here ought to figure out in a few seconds that it won't wipe out all backdoors that may exist. Anyway, it will at minimum put some serious rocks in the cogs of mass spying. The method is interesting but there are of course way sharper methods in the toolbox for the willing.
As for prevention. Don't trust any manufacturer with a significant business stake in the US that they aren't willing to risk and there goes AMD and Intel instantly *poof*. And even a compromised machine needs to communicate somehow which can be thwarted by blocking such traffic in a firewall, not running a pre-compromised CPU or NIC. Any wireless and RF capable devices also has to be physically disabled.
I'll propose that there IS a specific en-es-ay backdoor into machines with an Intel processor which will enable a mass compromise. It only takes a resourceful person(s) to discover it. What have been seen so far is only a light teaser.
(Score: 3, Insightful) by butthurt on Monday May 15 2017, @09:03AM (4 children)
> I was gloating over Intel's problems, until I was reminded that AMD has a similar function onboard their chips.
I noticed you gloating over the recent story announcing an exploit of an Intel misfeature. That story should have been linked to this topic we're in:
/article.pl?sid=17/05/07/0211240 [soylentnews.org]
I'm not aware of published exploits for AMD systems. If that's because those exploits haven't been announced, rather than because of my ignorance, then AMD would appear to be the lesser evil.
> I'll never forgive them for trying to make all their CPU's identify themselves on the internet.
The designers of "applications, including Web browsers" have the option of disseminating such information, or not. If your browser wasn't specifically designed to provide the processor serial number, the number would only be transmitted if a Web page could run arbitrary machine code on your computer, signifying a total lack of security. Your linked page says something similar:
The PSN is designed to be a passive element, never broadcast to the operating system, applications or to the Internet. In other words, outsiders cannot directly read a computer's PSN; a separate piece of software must be downloaded and executed before the PSN can be read and transmitted out. Allowing a mischievous piece of software to unknowingly read one's PSN is no different than allowing any other bit of code to wreak other forms of havoc on your computer.
In the absence of a processor serial number, there are other unique identifiers in commonplace hardware. Hard drives and Ethernet/Wi-fi interfaces come to mind.
(Score: 3, Interesting) by Runaway1956 on Monday May 15 2017, @09:27AM (3 children)
Note that I said "similar function" rather than "similar exploits". I was referring to the management functions. I'm not aware of AMD's processor management being exploited. It probably is exploitable, in some manner, but if so, it hasn't been publicized.
The link I provided above helps to underscore the disingenuous nonsense from Intel. On the one hand, they proclaimed that the computer would "prove" to business and banking that you were really you, on the other hand, it could only be turned on by rebooting the system. They claimed that it couldn't be hacked, while providing the software with which it could be hacked via the internet.
Software vendors, such as Mozilla, would almost certainly have been forced (by the market) to ENABLE the feature. They may or may not have been pressured into enabling it by default. Internet Explorer would almost certainly have enabled by default. (Bear in mind the dates, IE was the "One ring to rule them all" at that point in time.)
And, finally, AMD's "TrustZone" - here's AMD's marketing hype on the subject. Three different searches have failed to find any exploits, or discussion of potential exploits. https://community.amd.com/community/amd-business/blog/2015/09/11/securing-the-data-center-from-the-silicon-up [amd.com]
AMD also uses the term "Platform Security Processor", which appears to be the same thing. Some third party marketing hype here: http://www.electronicdesign.com/microprocessors/platform-security-processor-protects-low-power-apus [electronicdesign.com]
(Score: 2) by butthurt on Monday May 15 2017, @10:36AM (2 children)
Note that I said "similar function" rather than "similar exploits". I was referring to the management functions. I'm not aware of AMD's processor management being exploited. It probably is exploitable, in some manner, but if so, it hasn't been publicized.
I didn't misunderstand you as saying that there are similar exploits for AMD. My understanding of the recently announced one for Intel is slight, but in my estimation they were extremely careless.
On the one hand, they proclaimed that the computer would "prove" to business and banking that you were really you, on the other hand, it could only be turned on by rebooting the system.
I don't see a contradiction between those things. Proving one's identity would seem to be at odds with preserving one's anonymity. Identifying a computer, of course, is not quite the same as identifying a person.
> [...] forced (by the market) to ENABLE the feature.
Market pressures certainly exist. I would assume that they were the reason the feature was devised.
> AMD's "TrustZone" [...] AMD also uses the term "Platform Security Processor", which appears to be the same thing.
I read that "Platform Security Processor" is an earlier term that has been replaced by the term "AMD Secure Platform." It involves an ARM processor running in tandem with AMD's processor, and TrustZone is a feature of that ARM processor. From your last link:
AMD's Platform Security Processor (PSP) is based on an ARM Cortex-A5 that supports the ARM TrustZone technology.
From Wikipedia:
AMD has licensed and [incorporated] TrustZone technology into its Secure Processor Technology. Enabled in some but not all products, AMD's APUs include a Cortex-A5 processor for handling secure processing. In fact, the Cortex-A5 TrustZone core had been included in earlier AMD products, but was not enabled due to time constraints.
-- https://en.wikipedia.org/wiki/TrustZone#TrustZone_.28for_Cortex-A_profile.29 [wikipedia.org]
(Score: 2) by Hairyfeet on Wednesday May 17 2017, @05:49AM (1 child)
All the links on that Wiki? Simply go back to an article about ARM and again the only link they provide for AMD is a "coming soon" article that hasn't been updated since 2013. AMD was in talks with ARM, they bought a license and...they didn't do a thing with it. Total vaporware. The reason why is obvious, they saw Intel wasn't making mad money selling EMT laptops for business so didn't spend the tens of millions to redo their chip layouts to incorporate Trustzone.
If you say Trustzone exists in AMD chips? Show me some code that uses Trustzone. I can provide plenty of links to software that uses Intel EMT so if Trustzone exists in AMD chips? Show me some code and I have nearly a dozen AMD systems going back to AM2, I'll be happy to test it....but you can't because AMD never bothered to use Trustzone.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by butthurt on Wednesday May 17 2017, @10:24AM
Are you familiar with the site Tom's IT Pro? I'm not, but I found a 2015 article there stating that "6th generation Carrizo-based AMD Pro A-Series APUs" have TrustZone and that it's intended to provide "a safe execution environment that is completely segregated from the rest of the silicon."
http://www.tomsitpro.com/articles/amd-pro-carrizo-arm-trustzone,1-2917.html [tomsitpro.com]
By EMT you mean Extended Memory Technology, usually known as EM64T, is that right?
http://www.hardwaresecrets.com/intel-em64t-technology-explained/ [hardwaresecrets.com]
That's different: the AMD Secure Processor and Trustzone, as I understand them (and my understanding is slight), aren't accessible to a normal operating system. From what I gather, it runs proprietary firmware--which is what some people are objecting to. If the code were available, those objections would vanish.
AMD has a page which mentions these features:
AMD gives you a dedicated AMD Secure Processor1 built into select AMD Accelerated Processing Units (APUs). ARM® TrustZone®, a system-wide approach to security, runs on top of the hardware creating a secure environment by partitioning the CPU into two virtual “worlds.” Sensitive tasks are run on the AMD Secure Processor – in the “secure world” – while other tasks are run in “standard operation.” This helps ensure the secure storage and processing of sensitive data and trusted applications. It also helps protect the integrity and confidentiality of key resources, such as the user interface and service provider assets.
1. AMD Secure Processor (formerly “Platform Security Processor” or “PSP”) is a dedicated processor that features ARM TrustZone® technology, along with a software-based Trusted Execution Environment (TEE) designed to enable third-party trusted applications. AMD Secure Processor is a hardware-based technology which enables secure boot up from BIOS level into the TEE. Trusted third-party applications are able to leverage industry-standard APIs to take advantage of the TEE’s secure execution environment. Not all applications utilize the TEE’s security features. AMD Secure Processor is currently only available on select AMD A-Series and AMD E-Series APUs.
-- https://www.amd.com/en-us/innovations/software-technologies/security [amd.com]
(Score: 3, Informative) by Hairyfeet on Monday May 15 2017, @12:01PM (3 children)
Citation? Because I've looked at the CPU layouts of every AMD chip from the Barton Athlon to the Vishera core and the ONLY AMD chip that had a "security module" (which was just FYI disabled in hardware) was the socket AM1 APUs and the only reason they had the (again hardware disabled) security chip was socket AM1 was how AMD recovered the PS4 and Xbone APUs whose cache didn't completely check out, they just blew half the cache and the hardware DRM module used by the consoles and sold it as a super cheap ULV APU for HTPCs and office boxes.
So I'd really like to see a citation because every time someone makes that claim all they have been able to provide is an article on the AMD website talking about an "upcoming security module" to compete with the Intel EMT....dated 2012 and which hasn't been updated since 2013. In the end they never bothered to make it, probably because business laptops that sell based on an EMT chip is too much of a niche to be worth spending several tens of millions altering their chip layouts to accommodate it.
Now I can't guarantee the same is true of Ryzen as I haven't had the time to study the Ryzen die layouts but I haven't read a single article or seen a single vid talking about Ryzen where any kind of extra security is mentioned nor has AMD been pushing Ryzen for business laptops and from what I have seen of the die layouts for Ryzen its the same as for previous AMD CPUs, [techpowerup.com] a big chunk of cache and the usual, ALU, FP unit, Load/Store, etc. If you want even more detail AMD has given several presentations where they show in great detail every nm of the Ryzen chip with everything neatly laid out...don't remember seeing any kind of security modules. Oh and please don't try to bring in some EFF "article" because if you look at their citation for AMD it goes right back to that "coming soon" from 2012 I have already covered.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by Runaway1956 on Monday May 15 2017, @12:16PM (1 child)
Sorry, no, I don't have a good citation. In honesty, all that I've found are marketing hype links, and links referencing that same hype. As for studying the chips, I've never even really looked at them. Again, marketing hype. I'm not aware of any actual chips on the market. And, I think that when the subject was discussed in another thread, I just took those marketer's links at face value.
(Score: 3, Informative) by Hairyfeet on Wednesday May 17 2017, @05:37AM
Well checking out die layouts is kinda my thing, going back to the old 286 where you could actually see the various modules with nothing more than a magnifying glass, VERY cool. Once I got into AMD (when I found out Intel was market rigging, bribing, and rigging benchmarks to push their shitty Netburst arch) I started getting into checking out their chip layouts and their chip layouts? Really straightforward. Like I said ALUs, Load/store, FPU, a big ass cache, even their Bulldozer and later Vishera were laid out simply and logically, they simply bet that more cores would be better than less cores with faster single core performance but sadly software just didn't take advantage of the hardware.
But the EFF started pushing that "ZOMFG AMD has a security module like Intel wharrgarbl!" when it was all based on an abandoned "coming soon" article about hardware that turned out to be complete vaporware. Even the AM1 had the security module blown in the hardware which anybody that thought about it for a second would know why, I mean do you REALLY think MSFT and Sony would be happy if their security module that keeps their consoles from being hacked was being sold on a $29 APU on the easily hackable PC platform? They would have a royal shitfit and the hackers would have a field day trying to find weaknesses in the module because they know its the actual chip used in PS4 and Xbone...but nobody has bothered to even try using an AM1 to hack a PS4 because when AMD blows the questionable cache they blow the security module so its just a teeny tiny bit of dead silicon.
So if you want a PC with no security modules to worry about? Just get an AMD.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 0) by Anonymous Coward on Monday May 15 2017, @08:22PM
High level overview flowcharts from maybe a year ago?
The PSP was prominently shown alongside the cpu cores connected to the in-chip interconnect alongside the cache, memory controller and pci bus controllers.
Go look for one of those old flowcharts and you should find it.
Having said that, yes there has been a pretty MUM attitude towards it and the only real 'official' proof that it was in AM4 is the Reddit AMA where that discussion with an engineer about how many people would buy it if the PSP was unlocked/disabled/could run unsigned firmware. Obviously met to a diplomatic rejection while claiming they would consider it.