Google Working To Remove MINIX-Based ME From Intel Platforms

Google Working To Remove MINIX-Based ME From Intel Platforms

Intel’s Management Engine (ME) technology is built into almost all modern Intel CPUs. At the Embedded Linux Conference, a Google engineer named Ronald Minnich revealed that the ME is actually running its own entire MINIX OS and that Google is working on removing it. Due to MINIX’s presence on every Intel system, the barebones Unix-like OS is the most widely deployed operating system in the world.

Intel’s ME technology is a hardware-level system within Intel CPUs that consists of closed-source firmware running on a dedicated microprocessor. There isn’t much public knowledge of the workings of the ME, especially in its current state. It’s not even clear where the hardware is physically located anymore. At its inception in 2006, the ME was reportedly located on the MCH (northbridge), but when that became integrated into the CPU beginning with Nehalem, ME was moved to the PCH (current-day “southbridge”).

Where the ME’s code is stored also isn’t clear. Intel has said that it, at least at one point, was loaded into system DDR RAM. The ME has access to many, if not all, of the platform’s integrated devices, such as Intel network controllers. It can also access the main system RAM (the DDR RAM) through DMA. Much has changed in Intel’s platform since some of this was reported, however, so the state of ME now isn’t well understood. Intel, of course, keeps many of the details veiled in secrecy for security purposes.

The statements above, in themselves, are not the reasons for why Google wants to remove ME from its Intel CPUs. Low-level code executing independently from the system OS is necessary for features such as network boot or wake-from-USB. This type of code is firmware and its existence is a given on modern hardware. The driver gives a regular app a way to use the hardware through the OS, but the driver itself controls the hardware by communicating with its firmware. The firmware is a program, so it needs a processor and RAM to run.

What’s concerning Google is the complexity of the ME. Public interest in the subject piqued earlier this year when a vulnerability was discovered in Intel’s Active Management Technology (AMT), but that’s just a software that runs on ME--ME is actually an entire OS.

Minnich’s presentation touched on his team’s discovery that the OS in question is a closed version of the open-source MINIX OS. The real focus, though, is what’s in it and the consequences. According the Minnich, that list includes web server capabilities, a file system, drivers for disk and USB access, and, possibly, some hardware DRM-related capabilities. It’s not known if all this code is explicitly included for current or future ME capabilities, or if it’s because Intel simply saw more potential value in keeping rather than removing it.

If we understand it correctly, then it’s not to say that ME is an OS “under” the system OS. Rather, it’s an OS running in parallel that is capable of accessing the same hardware at the same time as the system OS. The ME is not aware of the system OS, which treats it as a firmware and communicates with it through a driver.

As we hear so often now, though, no system is ever truly secure. There will always be bugs and creative people who can exploit those bugs. An OS full of latent capabilities to access hardware is just giving those people more room to be creative. The possibilities of what could happen if attackers figure out how to load their own software onto the ME’s OS are endless. Minnich and his team (and a number of others) are interested in removing ME to limit potential attackers’ capabilities.

Update, 11/9/17, 7:40am PT: We originally misstated that MINIX is barebones Linux. We've corrected the error.