[Animats]

Having a "management engine" with direct access to the network and to memory is questionable in itself. Its code being secret indicates there's probably something bad going in. If it only does what Intel says it does, it doesn't need to be secret.

[qb45]

Unfortunately, a "management engine" with some degree of control over the CPU is necessary for, well, management. As in remote management, which is something that big corps with thousands of machines want, and the more control it gives the better.

The code itself is as secret as the code of any proprietary Windows-based remote administration tool they could supply as a poor man's substitute if the ME didn't exist. It's just how this industry works.

This doesn't indicate that there is anything "bad" going on. What is bad is that Intel, being the cheap bastards they are, combined this remote management and DRM, virtualization, TPM, CPU initialization and hell knows what else into one blob running on one MCU with no way to separate and disable the unneeded/unwanted/buggy/vulnerable garbage from actually useful functionality. And that such critical part is closed to third party scrutiny.

[throw2016]

This is a bit of a fig leaf. If it was just for enterprise users there would be no reason to impose it on everyone. It would be positioned as an enterprise exclusive with a price premium.

The fact that both AMD and ARM integrated similar technologies at around the same time is too much coincidence.

All the signs point to bad actors but for some the bar of evidence is either another Snowden level sacrifice or Intel providing a signed confession. Both improbable and unrealistic. In many ways the detail, scale and scope of revelations in the past 5-10 years make skepticism and hard questions essential. The benefit of doubt has long moved the other way. This alternative is a kind of forced naiveté and denial.

[duskwuff]

> The fact that both AMD and ARM integrated similar technologies at around the same time is too much coincidence.

Don't believe the FSF's FUD. TrustZone is really not comparable at all to Intel's Management Engine or AMD's Secure Processor:

* TrustZone is an operating mode of the CPU, not a separate processor. Fundamentally, it's not all that different from supervisor mode; it's just more privileged. (If you really wanted, you could probably write an OS that ran parts of the kernel in TrustZone.)

* You don't have to have anything running under TrustZone. Indeed, most processors which support TrustZone (e.g, most Android phones) aren't using it at all.

* The TrustZone specification is publicly available [1]. You can read about it all you want. (If you're brave enough and have the right development tools, you can even write code to run in it.)

* ARM's reference implementation of a TrustZone OS is also publicly available [2]. If you're curious how it works, you can see for yourself. (This doesn't include the application code which may be present in specific implementations, of course.)

[1]: https://www.arm.com/products/processors/technologies/trustzo...

[2]: https://github.com/ARM-software/arm-trusted-firmware

[qb45]

> Don't believe the FSF's FUD

Don't believe anti-FSF FUD. If you think they have an issue with TrustZone itself, as opposed to devices using it without owner's control, I'd love to see the links.

[snvzz]

>If you really wanted, you could probably write an OS that ran parts of the kernel in TrustZone.

https://genode.org/documentation/articles/trustzone

[qb45]

> If it was just for enterprise users there would be no reason to impose it on everyone. It would be positioned as an enterprise exclusive with a price premium.

AMT is positioned as enterprise exclusive with a price premium, that's how Intel's pricing usually works. The underlying hardware (the ME) is not, because it's used for other things too. On old chipsets you can clear the ME firmware and the computer will miss some weird features but otherwise work, on newer chipsets it won't work at all. That's why every chip has the ME even if many chips don't have the AMT.

> The fact that both AMD and ARM integrated similar technologies at around the same time is too much coincidence.

AMD: not coincidence, competition.

ARM: See the sibling post.

[kingosticks]

> AMD: not coincidence, competition

For the sake of argument more than anything, were AMD even remotely competitive with Intel in the enterprise sector at the time they introduced their version of this technology? Sure, they might need it one day (which may be soon) and it'd be nice to have it out there and supported, but I'm not totally convinced by this argument.

[admax88q]

You could achieve the same thing via virutalization.

Run a small OS first which has remote management capability, and then boot straight into a virutalized OS that the user uses.

[ethbro]

It doesn't matter if we have source if it's not verifiable that that code is running on your management engine.

[justinclift]

IPMI falls into similar waters, and also has known design flaws around authentication. :(

[dom0]

IPMI normally has a dedicated NIC (well, on some crappy boards it doesn't), which tends not to be connected to public networks.

[justinclift]

In theory, definitely. :D

Unfortunately though, too many of them still seem to make the connection. eg looking through Shodan quickly just now still shows potentially 1k+ examples. Ugh. :(

But you're right that it's a lot less than is likely present for this AMT problem.

[pcwalton]

Intel ME has a DRM app called "Protected Audio-Video Path" [1], which obviously has to be secret.

As to whether anything actually uses the PAVP functionality, I have no idea. I wouldn't be surprised if it was something Intel included to try to push Atom-based set top boxes or whatever.

[1]: https://www.slideshare.net/mobile/codeblue_jp/igor-skochinsk...

[Animats]

Intel ME has a DRM app called "Protected Audio-Video Path", which obviously has to be secret.

Which you don't need on a headless server. Which is what the "management engine" is supposed to be for.

[mjg59]

This is incorrect. The management engine is used for a wide variety of tasks, from DRM to providing a TPM to anti-theft code. The AMT functionality (which is where this vulnerability is) is intended for remote management of laptops and workstations. It's usually not present on anything but low-end servers.

[tyingq]

Digital signage boxes probably benefit from remote management too.

[angersock]

> Intel ME has a DRM app called "Protected Audio-Video Path" [1], which obviously has to be secret.

Does it, does it really?

I'm pretty sure security through obscurity is some bullshit.

[pcwalton]

Sure, but say you're Intel and pitching the technology to Hollywood. Open source would make the entertainment industry nervous. And Intel isn't in a bargaining position, since Hollywood would be more than happy to just shut x86 PCs out of content.

(Needless to say, I'm offering an explanation as to why the Intel ME is what it is, not defending it. I think it's pointless. After all, it's likely that PCs are just not going to get content in the future, given that consumers use set-top boxes that use embedded architectures instead of x86 PCs and Intel has failed in mobile.)

[qb45]

I'm pretty sure only its keys really need to be secret, but hiding the code may provide some extra security by obscurity if the code happens to have bugs.