SoylentNews is people
SoylentNews
from the idle-hands-devil's-playthings dept.
Positive Technologies has posted an interesting article about disabling the Intel Management Engine 11 via an undocumented mode.
Our team of Positive Technologies researchers has delved deep into the internal architecture of Intel Management Engine (ME) 11, revealing a mechanism that can disable Intel ME after hardware is initialized and the main processor starts. In this article, we describe how we discovered this undocumented mode and how it is connected with the U.S. government's High Assurance Platform (HAP) program.
[...] Intel Management Engine is a proprietary technology that consists of a microcontroller integrated into the Platform Controller Hub (PCH) chip and a set of built-in peripherals. The PCH carries almost all communication between the processor and external devices; therefore Intel ME has access to almost all data on the computer. The ability to execute third-party code on Intel ME would allow for a complete compromise of the platform.
[...] Unfortunately, analysis of Intel ME 11 was previously impossible because the executable modules are compressed by Huffman codes with unknown tables. Nonetheless, our research team (Dmitry Sklyarov, Mark Ermolov, and Maxim Goryachy) managed to recover these tables and created a utility for unpacking images. The utility is available on our GitHub page.
Hey, the government isn't the only one who wants "high assurance" for their computers. We trolls and average peons would like to think our systems are secure as well.
But it gets better.
Intel allows motherboard manufacturers to set a small number of ME parameters. For this, the company provides hardware manufacturers with special software, including utilities such as Flash Image Tool (FIT) for configuring ME parameters and Flash Programming Tool (FPT) for programming flash memory directly via the built-in SPI controller. These programs are not provided to end users, but they can be easily found on the Internet.
From these utilities, you can extract a large number of XML files (detailed description of the process). These files contain a lot of interesting information: the structure of ME firmware and description of the PCH strap, as well as special configuration bits for various subsystems integrated into the PCH chip. One of the fields, called "reserve_hap", drew our attention because there was a comment next to it: "High Assurance Platform (HAP) enable".
[Ed Note - The fine article contains the following disclaimer:
Disclaimer: The methods described here are risky and may damage or destroy your computer. We take no responsibility for any attempts inspired by our work and do not guarantee the operability of anything. For those who are aware of the risks and decide to experiment anyway, we recommend using an SPI programmer.
You've been warned.]
(Score: 0) by Anonymous Coward on Friday September 01 2017, @10:32PM (1 child)
Those Pis also have a serial number embedded via prom or efuses, which is available via some of the proprietary Pi tools.
Meaning if you paid with a credit card, that second barcode they read off the back was your serial code and it is now tied to your purchasing information.
Same concern with pretty much every piece of hardware in your system. Everything except the CPU is definitely returning a UUID if not serial number, and some do both. If you play an MMO and/or use Windows, assuming that information is tied to that identity, and make sure you don't cross identities with applications, OSes, or hardware that is tied back to your meatspace ID.
The in person cash based used market should really be seeing more activity if people want to keep themselves anonymous, because the retail market, in person AND online definitely isn't. (Even paying cash... what did you think all those cameras at the checkouts were being repurposed for? Loss Prevention and law enforcement surveillance both.)
(Score: 0) by Anonymous Coward on Friday September 01 2017, @11:58PM
Good thing i buy clones, from china. They dont give a damn who buys their stuff.