:: Re: [DNG] Purism Librem and disabli…
Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Alessandro Selli
Ημερομηνία:  
Προς: dng
Αντικείμενο: Re: [DNG] Purism Librem and disabling Intel ME: it can be done [Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
On Thu, 7 Sep 2017 at 13:41:25 +0200
Alessandro Selli <alessandroselli@???> wrote:

> On Thu, 7 Sep 2017 at 21:17:20 +1000
> Erik Christiansen <dvalin@???> wrote:
>
> > The notion of an extra embedded CPU or two on big Intel chips is not
> > difficult to credit, but where is the postulated entire minix OS loaded
> > from?
>
> It's in the report by the Positive Technologies team:
> http://blog.ptsecurity.com/2017/08/disabling-intel-me.html
>
>     We see increasing interest in Intel ME internals from researchers
>       all over the world. One of the reasons is the transition of this
>     subsystem to new hardware (x86) and software (modified MINIX as an
>     operating system). The x86 platform allows researchers to make use
>       of the full power of binary code analysis tools. Previously, firmware
>     analysis was difficult because earlier versions of ME were based on
>     an ARCompact microcontroller with an unfamiliar set of instructions.


Sorry, i think I misinterpreted your question. Did you ask where in the
Intel hardware is the Minix OS loaded from? In the above report I read that:

    Similarly, we are sure that the ROM integrated into the PCH is
    practically the same as ROMB, which also does not contain any code
    allowing an exit from HAP mode.


PCH is the Platform Controller Hub:

    Intel Management Engine is a proprietary technology that consists of
    a microcontroller integrated into the Platform Controller Hub (PCH)
    chip and a set of built-in peripherals. The PCH carries almost all
    communication between the processor and external devices; therefore
    Intel ME has access to almost all data on the computer.


The "set of built-in peripherals" most notably include the ethernet and the
WiFi controllers, depending on the specific chips involved.
ROMB is the ROM Bypass and that too is builtin the PCH chip:

    Loading starts with the ROM program, which is contained in the
    built-in PCH read-only memory. Unfortunately, no way to read or
    rewrite this memory is known to the general public. However, one can
    find pre-release versions of ME firmware on the Internet containing
    the ROMB (ROM BYPASS) section which, as we can assume, duplicates the
    functionality of ROM.



Bye,


--
Alessandro Selli http://alessandro.route-add.net
VOIP SIP: dhatarattha@???
Chiavi PGP/GPG keys: B7FD89FD, 4A904FD9