On Thu, 7 Sep 2017 at 13:41:25 +0200 Alessandro Selli <[email protected]> wrote:
> On Thu, 7 Sep 2017 at 21:17:20 +1000 > Erik Christiansen <[email protected]> wrote: > > > The notion of an extra embedded CPU or two on big Intel chips is not > > difficult to credit, but where is the postulated entire minix OS loaded > > from? > > It's in the report by the Positive Technologies team: > http://blog.ptsecurity.com/2017/08/disabling-intel-me.html > > We see increasing interest in Intel ME internals from researchers > all over the world. One of the reasons is the transition of this > subsystem to new hardware (x86) and software (modified MINIX as an > operating system). The x86 platform allows researchers to make use > of the full power of binary code analysis tools. Previously, firmware > analysis was difficult because earlier versions of ME were based on > an ARCompact microcontroller with an unfamiliar set of instructions. Sorry, i think I misinterpreted your question. Did you ask where in the Intel hardware is the Minix OS loaded from? In the above report I read that: Similarly, we are sure that the ROM integrated into the PCH is practically the same as ROMB, which also does not contain any code allowing an exit from HAP mode. PCH is the Platform Controller Hub: Intel Management Engine is a proprietary technology that consists of a microcontroller integrated into the Platform Controller Hub (PCH) chip and a set of built-in peripherals. The PCH carries almost all communication between the processor and external devices; therefore Intel ME has access to almost all data on the computer. The "set of built-in peripherals" most notably include the ethernet and the WiFi controllers, depending on the specific chips involved. ROMB is the ROM Bypass and that too is builtin the PCH chip: Loading starts with the ROM program, which is contained in the built-in PCH read-only memory. Unfortunately, no way to read or rewrite this memory is known to the general public. However, one can find pre-release versions of ME firmware on the Internet containing the ROMB (ROM BYPASS) section which, as we can assume, duplicates the functionality of ROM. Bye, -- Alessandro Selli http://alessandro.route-add.net VOIP SIP: [email protected] Chiavi PGP/GPG keys: B7FD89FD, 4A904FD9 _______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
