Stories
Slash Boxes
Comments

SoylentNews is people

Why Intel Will Never Let Owners Control the Management Engine

posted by chromas on Monday July 23 2018, @10:22PM   Printer-friendly
from the drm dept.

canopic jug writes:

Hugo Landau has written a blog post about why Intel will never let hardware owners control the Management Engine. The Intel Managment Engine (ME) is a secondary microprocessor ensconced in recent Intel x86 chips, running an Intel-signed, proprietary, binary blob which provides remote access over the network as well as direct access to memory and peripherals. Because of the code signing restrictions enforced by the hardware, it cannot be modified or replaced by the user.

Intel/AMD will never allow machine owners to control the code executing on the ME/PSP because they have decided to build a business on preventing you from doing so. In particular, it's likely that they're actually contractually obligated not to let you control these processors.

The reason is that Intel literally decided to collude with Hollywood to integrate DRM into their CPUs; they conspired with media companies to lock you out of certain parts of your machine. After all, this is the company that created HDCP.

This DRM functionality is implemented on the ME/PSP. Its ability to implement DRM depends on you not having control over it, and not having control over the code that runs on it. Allowing you to control the code running on the ME would directly compromise an initiative which Intel has been advancing for over a decade.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Why Intel Will Never Let Owners Control the Management Engine | Log In/Create an Account | Top | 67 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Unixnut on Tuesday July 24 2018, @08:46AM (2 children)

    by Unixnut (5779) on Tuesday July 24 2018, @08:46AM (#711638)

    How would you handle:

    "! Update required. Please connect to internet for critical system security update. " ( ding! )

    And system fails to run until you agree and give it what it wants.

    I would not use a system that tries to control, deny my instructions and generally boss me around.

    I mean think about it, if you care about freedom and security enough to never ever connect your PC to a network and only deal with USB sticks as your interaction, why on earth would you go through all that effort, and deal with all the inconvenience, and then stick to a software system that tells you what you should do, and denies you control unless you submit to its instructions?

    Ideally, If you want security and control, you have to apply it to the entire stack, from the silicon to the end-user app.

    Also, I would not recommend USB sticks, after all, an entire class of viruses developed that spread by floppies, in theory nefarious backdoor could just use your USB stick for compromising you. Not sure what would be a good way for communication, I would probably go back to the old RS232, with custom (and limited) commandsets. It is a low-level, simple and rugged enough system that it would be hard to find underlying security holes in, at which point your security is as good as the terminal server you write/use on the other end of the line.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 3, Insightful) by fyngyrz on Tuesday July 24 2018, @10:03AM

    by fyngyrz (6567) on Tuesday July 24 2018, @10:03AM (#711650) Journal

    How would you handle:

    "! Update required. Please connect to internet for critical system security update. " ( ding! )
    And system fails to run until you agree and give it what it wants.

    With an axe.

  • (Score: 2) by fyngyrz on Tuesday July 24 2018, @10:05AM

    by fyngyrz (6567) on Tuesday July 24 2018, @10:05AM (#711651) Journal

    ugh, sorry, replied to wrong message. Coffee!