[criddell]

Why would Intel insist on being so secretive about their management engine? Is it some kind of competitive advantage for them?

Supposedly, it's useful for management tasks in enterprise environments, but if I were CIO, I think I would ban VPro chips. Who wants ring -3 processes running on their network for which they have no information about?

[vectorEQ]

So secretive because its so vulnerable as any of their shitty low level nonsense features. Would be nice if they just focsed on ipc and efficient throughput instead of making it swiss cheese!

[pcwalton]

> Why would Intel insist on being so secretive about their management engine?

It includes DRM (Protected Audio/Video Path), for one.

[criddell]

Documenting it shouldn't alter its effectiveness. I can tell you how AES works and that doesn't compromise anything.

[pcwalton]

I agree with you. But Intel would have to convince skeptical Hollywood executives of that, who are more inclined to just not let PCs have new content at all, since relatively few people consume TV and movies on PCs to begin with.

Personally, I think the right solution is to not have DRM for music, TV, and movies on PCs, purely for business reasons. What's happening today is that Intel is effectively shipping everyone who buys an x86 CPU a content decryption module, burning goodwill among free software advocates even though fewer than 1% of consumers will ever use the functionality (actually, does anyone use it?) It makes more business sense for consumers to just buy set-top boxes to consume content. It's not like anyone who buys a $450 Core i7 is going to balk at paying $35 for a Chromecast.

[flukus]

> But Intel would have to convince skeptical Hollywood executives of that

Does hollywood have an leverage whatsoever on intel? If intel decided they were removing any and all DRM features hollywood would have no choice but to accept.

[pcwalton]

No, Hollywood would just not let Intel-based PCs have access to their content. This would lose them zero revenue. As I said, anyone who can afford a $450 Intel CPU can afford a $35 Chromecast.

Hollywood holds all the cards here.

[wtallis]

If you tell me how AES works and also give me the key you're using, then you're compromised. DRM relies on giving consumers the decryption key but making it hard for them to figure out how the system works (and sometimes making it hard to isolate the decryption key you've delivered to them).

[paulddraper]

That's because encryption is based on sound mathematical principles.

DRM is based on "physical access is not complete access", which is different.

[sipos]

It does make people less likely to want to buy the chip with the DRM though.

[criddell]

I don't think it would move the needle in that regard. Dell, Apple, and other large makers would never buy a CPU that isn't going to work with Netflix and other streaming services for anything other than servers and servers is the one case where ME and AMT can make sense.

[10165]

Do you mean secretive about how it works or do you mean secretive about its existence?

There is a driver for it in the Linux kernel source tree.

Looks like it came in maybe around v3.9-rc1?

http://elixir.free-electrons.com/linux/v3.9-rc1/source/drive...

Did any Linux users question what this was at that time?

Is this driver part of the "default" Linux kernel configs?

What if the user compiles their kernel without this driver?

Would that change what could or could not be done by someone accessing the "ME" remotely?

[wmf]

The ME isn't much more secret than, say, the memory controller.

[criddell]

The memory controller isn't running a web server that is accessible to anybody on the LAN.