On Thu, 7 Sep 2017 at 13:41:25 +0200
Alessandro Selli <alessandroselli@???> wrote:
> On Thu, 7 Sep 2017 at 21:17:20 +1000
> Erik Christiansen <dvalin@???> wrote:
>
> > The notion of an extra embedded CPU or two on big Intel chips is not
> > difficult to credit, but where is the postulated entire minix OS loaded
> > from?
>
> It's in the report by the Positive Technologies team:
> http://blog.ptsecurity.com/2017/08/disabling-intel-me.html
>
> We see increasing interest in Intel ME internals from researchers
> all over the world. One of the reasons is the transition of this
> subsystem to new hardware (x86) and software (modified MINIX as an
> operating system). The x86 platform allows researchers to make use
> of the full power of binary code analysis tools. Previously, firmware
> analysis was difficult because earlier versions of ME were based on
> an ARCompact microcontroller with an unfamiliar set of instructions.
Sorry, i think I misinterpreted your question. Did you ask where in the
Intel hardware is the Minix OS loaded from? In the above report I read that:
Similarly, we are sure that the ROM integrated into the PCH is
practically the same as ROMB, which also does not contain any code
allowing an exit from HAP mode.
PCH is the Platform Controller Hub:
Intel Management Engine is a proprietary technology that consists of
a microcontroller integrated into the Platform Controller Hub (PCH)
chip and a set of built-in peripherals. The PCH carries almost all
communication between the processor and external devices; therefore
Intel ME has access to almost all data on the computer.
The "set of built-in peripherals" most notably include the ethernet and the
WiFi controllers, depending on the specific chips involved.
ROMB is the ROM Bypass and that too is builtin the PCH chip:
Loading starts with the ROM program, which is contained in the
built-in PCH read-only memory. Unfortunately, no way to read or
rewrite this memory is known to the general public. However, one can
find pre-release versions of ME firmware on the Internet containing
the ROMB (ROM BYPASS) section which, as we can assume, duplicates the
functionality of ROM.
Bye,
--
Alessandro Selli
http://alessandro.route-add.net
VOIP SIP: dhatarattha@???
Chiavi PGP/GPG keys: B7FD89FD, 4A904FD9