SoylentNews is people
SoylentNews
Hugo Landau has written a blog post about why Intel will never let hardware owners control the Management Engine. The Intel Managment Engine (ME) is a secondary microprocessor ensconced in recent Intel x86 chips, running an Intel-signed, proprietary, binary blob which provides remote access over the network as well as direct access to memory and peripherals. Because of the code signing restrictions enforced by the hardware, it cannot be modified or replaced by the user.
Intel/AMD will never allow machine owners to control the code executing on the ME/PSP because they have decided to build a business on preventing you from doing so. In particular, it's likely that they're actually contractually obligated not to let you control these processors.
The reason is that Intel literally decided to collude with Hollywood to integrate DRM into their CPUs; they conspired with media companies to lock you out of certain parts of your machine. After all, this is the company that created HDCP.
This DRM functionality is implemented on the ME/PSP. Its ability to implement DRM depends on you not having control over it, and not having control over the code that runs on it. Allowing you to control the code running on the ME would directly compromise an initiative which Intel has been advancing for over a decade.
(Score: 2) by bzipitidoo on Tuesday July 24 2018, @02:44AM (6 children)
Like I said in another story, I'm not trading down to a 133 MHz Pentium MMX with a measly 256M RAM for security from Spectre. Or security from the ME. This ARM chip is better than a 20 year old Pentium system, but it's still a huge performance hit and has other problems. It's too high a price.
We'd all like to be free of Treacherous Computing and DRM, and there are other solutions than trying to avoid the ME. Like, sniff out the kind of traffic that the ME sends and receives, and block it at the firewall. Another possibility is to spoof or DDoS Intel with fake ME traffic. SN had a few stories about the possibility of disabling the ME by exploiting its security flaws to get it to flash itself to oblivion, or at least a permanently disabled state.
Another strategy is to "zerg" them. That's the main way we fight the MAFIAA. There is way too much pirating for any of their strategies to have a hope of really stopping it, and a DRM enforcing ME won't change that. MIcrosoft already tried that approach in the OS a decade ago with the much hated Windows Vista, and it was an abysmal failure. Moving the DRM to hardware won't help.
Yet another approach is a class action lawsuit against Intel and AMD, and anyone else of the very few who manufacture CPUs who dare to build in back doors. It's only a matter of time before their fool backdoor causes some major failure, in the same vein as Sony's incredibly stupid root kit on their audio CDs. Maybe a compromised ME causes some PC handing critical medical equipment to kill a patient, like the infamous Therac 25 did. Also, I'm sure the military takes a very dim view of their own computer hardware having such back doors. They love other militaries being stuck with such hardware, but they hate it for themselves.
You mentioned MALI. I've been watching for years, wondering which way to jump to get open graphics hardware, Nvidia (Nvidious, you know) or ATI, or someone else, maybe Matrox? Maybe 3dfx would rise from the dead? So far, no one has delivered fully open 3D accelerated graphics. MALI is not open enough.
(Score: 3, Interesting) by jmorris on Tuesday July 24 2018, @03:24AM (3 children)
I'm watching this little fellow: RockPro64 [pine64.org]
From the forums it looks not ready for prime time for now, but look carefully at it. It or something like it is probably the future we seek. See that PCIe slot? It is "open ended" so it could accept a Radeon. Screw waiting for a reverse engineered Mali driver, Radeon is supported by AMD with open docs and developers. If the driver can be ported to ARM64 successfully one could have a quad core machine with 4GB of memory and a real desktop Linux running for $250. This particular product might also have a problem where a long PCIe card could get in the way of the eMMC slot. But if we see more PCIe slots appear on these little Arm boards, that is the way forward. Assuming they do not start getting "Management coprocessors" that can't be controlled.
(Score: 2) by bobthecimmerian on Tuesday July 24 2018, @02:04PM (2 children)
https://en.wikipedia.org/wiki/Free_and_open-source_graphics_device_driver#ATI/AMD [wikipedia.org] "The FOSS drivers for ATI-AMD GPUs are being developed under the name Radeon (xf86-video-ati or xserver-xorg-video-radeon). They still must load proprietary microcode into the GPU to enable hardware acceleration." (Emphasis mine.)
(Score: 0) by Anonymous Coward on Tuesday July 24 2018, @05:40PM (1 child)
It's microcode. I'm not sure that the "source" is anything more than comments next to blobs of bits?
Maybe the industry has advanced but I'm not sure what there is to see
(Score: 0) by Anonymous Coward on Sunday August 05 2018, @08:00AM
Seeing is one thing. Modifying and distributing another.
(Score: 0) by Anonymous Coward on Tuesday July 24 2018, @07:16AM
I'm not trading down to a 133 MHz Pentium MMX with a measly 256M RAM for security from Spectre.
Nor is anyone else ... so i can develop my Spectre exploit with the sure certain knowledge that it will hack everything
It may not be easy, but with the funds provided by
my backersa well-wisher - I will get there in the endBwaa ha ha haar!
(Score: 4, Informative) by urza9814 on Tuesday July 24 2018, @02:52PM
They aren't stuck with it. Companies like Dell have publicly stated that they have specific models which they will only sell to government agencies or specific approved corporate buyers which have these features disabled. I'm sure Intel is cooperating with that, for the right price. Intel has also publicly stated that there are features in the management engine that were placed there specifically to be used by the NSA. So why should the government be concerned when Intel allows them to either remove or custom modify these features? The feds probably have source code and schematics. They don't care about any of this. They aren't going to save you.
https://www.extremetech.com/computing/260219-dell-sells-pcs-without-intel-management-engine-tradeoffs [extremetech.com]