Hugo Landau has written a blog post about why Intel will never let hardware owners control the Management Engine. The Intel Managment Engine (ME) is a secondary microprocessor ensconced in recent Intel x86 chips, running an Intel-signed, proprietary, binary blob which provides remote access over the network as well as direct access to memory and peripherals. Because of the code signing restrictions enforced by the hardware, it cannot be modified or replaced by the user.
Intel/AMD will never allow machine owners to control the code executing on the ME/PSP because they have decided to build a business on preventing you from doing so. In particular, it's likely that they're actually contractually obligated not to let you control these processors.
The reason is that Intel literally decided to collude with Hollywood to integrate DRM into their CPUs; they conspired with media companies to lock you out of certain parts of your machine. After all, this is the company that created HDCP.
This DRM functionality is implemented on the ME/PSP. Its ability to implement DRM depends on you not having control over it, and not having control over the code that runs on it. Allowing you to control the code running on the ME would directly compromise an initiative which Intel has been advancing for over a decade.
(Score: 2, Informative) by bob_super on Tuesday July 24 2018, @06:43AM (2 children)
Nope. SN is just having one of its regular moments of excessive paranoid overreaction. Many of those are driven by hardware-level spying, however unlikely and impractical, because Linux & friends take care of the software paranoia, but too few people have access to custom hardware (let alone with decent performance).
If someone has added a processor to handle the increasing complexity of the hardware we're dealing with, and the ever more complex security protocols that badly attempt to keep said hardware safe (ironically, before handing execution pointers to Microsoft code), then that person must have a nefarious intent, and must be working for those people who either spy on us, want money for the entertainment we consume, or clearly both.
Intel, ARM, and AMD employees take blood oaths, and are under constant watch after they depart the company, to make sure that none outside of the trusted halls ever spills a word of the conspiracy which watches us from Ring -1.
All hail Ring -1! All hail Ring -1! The first rule of Ring -1, is you don't ... Just a minute, doorbell's ringing.
(Score: 2, Touché) by anubi on Tuesday July 24 2018, @07:07AM
Didn't I read something like that about the DVD_CCA encryption? Way too many permutations! Can't be done!
And a Norwegian kid gave their stuff back to them on a platter? (DVD-JON DeCSS ).
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 3, Informative) by urza9814 on Tuesday July 24 2018, @03:40PM
That would be a decent argument if any of this stuff was actually secret. But when Intel officially confirms that they have code in the management engine that was custom written for government security agencies, it's kinda hard to still dismiss the existence of such code as a crazy conspiracy theory...
http://blog.ptsecurity.com/2017/08/disabling-intel-me.html [ptsecurity.com]