SoylentNews

Why Intel Will Never Let Owners Control the Management Engine

posted by chromas on Monday July 23 2018, @10:22PM   
from the drm dept.

canopic jug writes:

Hugo Landau has written a blog post about why Intel will never let hardware owners control the Management Engine. The Intel Managment Engine (ME) is a secondary microprocessor ensconced in recent Intel x86 chips, running an Intel-signed, proprietary, binary blob which provides remote access over the network as well as direct access to memory and peripherals. Because of the code signing restrictions enforced by the hardware, it cannot be modified or replaced by the user.

Intel/AMD will never allow machine owners to control the code executing on the ME/PSP because they have decided to build a business on preventing you from doing so. In particular, it's likely that they're actually contractually obligated not to let you control these processors.

The reason is that Intel literally decided to collude with Hollywood to integrate DRM into their CPUs; they conspired with media companies to lock you out of certain parts of your machine. After all, this is the company that created HDCP.

This DRM functionality is implemented on the ME/PSP. Its ability to implement DRM depends on you not having control over it, and not having control over the code that runs on it. Allowing you to control the code running on the ME would directly compromise an initiative which Intel has been advancing for over a decade.

---

Original Submission

• Re:Now, what are you going to do? Re:Now, what are you going to do? (Score: 2) by stormwyrm on Wednesday July 25 2018, @05:30AM (1 child)

  by stormwyrm (717) on Wednesday July 25 2018, @05:30AM (#712189) Journal

  Agree with the main points, but will quibble on how you say mechanical locks are "not secure at all". Yes, any such mechanical lock can be picked with greater or lesser degrees of ease, and if I really wanted in I could use a blowtorch and melt the lock or use a hacksaw to cut it apart. Does that make such locks not secure? Of course not. Locks and safes buy you time depending on the skills and equipment of the potential adversaries. The cheap lock I use on my locker at the gym can probably be picked by a thief in under ten minutes, but since I'd probably be able to walk by and brain the thief with a barbell before he got it open, it's secure enough for my purposes. A heavy bank vault might be opened within an hour given dynamite, but it's still very much secure if the police can be at the vault to apprehend the thieves in less time than that once they hear the first explosions. Real-world security is never about absolutes.

  --
  Numquam ponenda est pluralitas sine necessitate.

  Parent

  Starting Score:	1		point
  Karma-Bonus Modifier		+1
  Total Score:		2

• Re:Now, what are you going to do? (Score: 1) by anubi on Wednesday July 25 2018, @08:06AM

  by anubi (2828) on Wednesday July 25 2018, @08:06AM (#712222) Journal

  I was mostly referring to the lock I compared to... standard common house front door lock.

  Like you say, they come in varieties from that super cheap lock I use on a gate, just to let people know that I don't welcome uninvited visitors, but should they insist and force it open anyway ( can be done with paper clip ), another circuit will sense the open gate and make a fuss.

  I have a G&S dial lock on an outside door.... just in case I lock myself out of my own house. It'll be easier to bash the door down than to open that one without its combination.

  Generally, its hard to compare mechanical locks to electronic locks.. as its usually hard to violate a mechanical lock in private. Whereas an electronic lock can be hammered at from the other side of the planet for years if it comes to that.

  --
  "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]

  Parent