Friday, November 10th 2017
MINIX Creator Andrew Tanenbaum Sends Open Letter to Intel Over MINIX Drama
We recently reported about MINIX, the hidden Unix-like OS that Intel was secretly shipping in all of their modern processors. This came as a shock to most of us and to MINIX creator Andrew Tanenbaum as well. Although Andrew wasn't completely surprised by the news, since Intel approached him couple years back asking him to make a few changes to the MINIX system. He stated in the open letter that he wasn't looking for economic remuneration, but it would have been nice if Intel had told him about their plans to distribute his operating system in their processors.
You can read the complete letter sent to Intel below:
Dear Mr. Krzanich,
Thanks for putting a version of MINIX inside the ME-11 management engine chip used on almost all recent desktop and laptop computers in the world. I guess that makes MINIX the most widely used computer operating system in the world, even more than Windows, Linux, or MacOS. And I didn't even know until I read a press report about it. Also here and here and here and here and here (in Dutch), and a bunch of other places.
I knew that Intel had some potential interest in MINIX several years ago when one of your engineering teams contacted me about some secret internal project and asked a large number of technical questions about MINIX, which I was happy to answer. I got another clue when your engineers began asking me to make a number of changes to MINIX, for example, making the memory footprint smaller and adding #ifdefs around pieces of code so they could be statically disabled by setting flags in the main configuration file. This made it possible to reduce the memory footprint even more by selectively disabling a number of features not always needed, such as floating point support. This made the system, which was already very modular since nearly all of the OS runs as a collection of separate processes (normally in user mode), all of which can be included or excluded in a build, as needed, even more modular.
Also a hint was the discussion about the license. I (implicitly) gathered that the fact that MINIX uses the Berkeley license was very important. I have run across this before, when companies have told me that they hate the GPL because they are not keen on spending a lot of time, energy, and money modifying some piece of code, only to be required to give it to their competitors for free. These discussions were why we put MINIX out under the Berkeley license in 2000 (after prying it loose from my publisher).
After that intitial burst of activity, there was radio silence for a couple of years, until I read in the media (see above) that a modified version of MINIX was running on most x86 computers, deep inside one of the Intel chips. This was a complete surprise. I don't mind, of course, and was not expecting any kind of payment since that is not required. There isn't even any suggestion in the license that it would be appreciated.
The only thing that would have been nice is that after the project had been finished and the chip deployed, that someone from Intel would have told me, just as a courtesy, that MINIX was now probably the most widely used operating system in the world on x86 computers. That certainly wasn't required in any way, but I think it would have been polite to give me a heads up, that's all.
If nothing else, this bit of news reaffirms my view that the Berkeley license provides the maximum amount of freedom to potential users. If they want to publicize what they have done, fine. By all means, do so. If there are good reasons not to release the modfied code, that's fine with me, too.
Yours truly,
Andrew S. Tanenbaum
Note added later: Some people have pointed out online that if MINIX had a GPL license, Intel might not have used it since then it would have had to publish the modifications to the code. Maybe yes, maybe no, but the modifications were no doubt technical issues involving which mode processes run in, etc. My understanding, however, is that the small size and modular microkernel structure were the primary attractions. Many people (including me) don't like the idea of an all-powerful management engine in there at all (since it is a possible security hole and a dangerous idea in the first place), but that is Intel's business decision and a separate issue from the code it runs. A company as big as Intel could obviously write its own OS if it had to. My point is that big companies with lots of resources and expertise sometimes use microkernels, especially in embedded systems. The L4 microkernel has been running inside smartphone chips for years. I certainly hope Intel did thorough security hardening and testing before deploying the chip, since apparently an older version of MINIX was used. Older versions were primarily for education and newer ones were for high availability. Military-grade security was never a goal.
Second note added later: The online discussion got completely sidetracked from my original points as noted above. For the record, I would like to state that when Intel contacted me, they didn't say what they were working on. Companies rarely talk about future products without NDAs. I figured it was a new Ethernet chip or graphics chip or something like that. If I had suspected they might be building a spy engine, I certainly wouldn't have cooperated, even though all they wanted was reducing the memory footprint (= chip area for them). I think creating George Orwell's 1984 is an extremely bad idea, even if Orwell was off by about 30 years. People should have complete control over their own computers, not Intel and not the government. In the U.S. the Fourth Amendment makes it very clear that the government is forbidden from searching anyone's property without a search warrant. Many other countries have privacy laws that are in the same spirit. Putting a possible spy in every computer is a terrible development.
Source:
Andrew S. Tanenbaum
Dear Mr. Krzanich,
Thanks for putting a version of MINIX inside the ME-11 management engine chip used on almost all recent desktop and laptop computers in the world. I guess that makes MINIX the most widely used computer operating system in the world, even more than Windows, Linux, or MacOS. And I didn't even know until I read a press report about it. Also here and here and here and here and here (in Dutch), and a bunch of other places.
I knew that Intel had some potential interest in MINIX several years ago when one of your engineering teams contacted me about some secret internal project and asked a large number of technical questions about MINIX, which I was happy to answer. I got another clue when your engineers began asking me to make a number of changes to MINIX, for example, making the memory footprint smaller and adding #ifdefs around pieces of code so they could be statically disabled by setting flags in the main configuration file. This made it possible to reduce the memory footprint even more by selectively disabling a number of features not always needed, such as floating point support. This made the system, which was already very modular since nearly all of the OS runs as a collection of separate processes (normally in user mode), all of which can be included or excluded in a build, as needed, even more modular.
Also a hint was the discussion about the license. I (implicitly) gathered that the fact that MINIX uses the Berkeley license was very important. I have run across this before, when companies have told me that they hate the GPL because they are not keen on spending a lot of time, energy, and money modifying some piece of code, only to be required to give it to their competitors for free. These discussions were why we put MINIX out under the Berkeley license in 2000 (after prying it loose from my publisher).
After that intitial burst of activity, there was radio silence for a couple of years, until I read in the media (see above) that a modified version of MINIX was running on most x86 computers, deep inside one of the Intel chips. This was a complete surprise. I don't mind, of course, and was not expecting any kind of payment since that is not required. There isn't even any suggestion in the license that it would be appreciated.
The only thing that would have been nice is that after the project had been finished and the chip deployed, that someone from Intel would have told me, just as a courtesy, that MINIX was now probably the most widely used operating system in the world on x86 computers. That certainly wasn't required in any way, but I think it would have been polite to give me a heads up, that's all.
If nothing else, this bit of news reaffirms my view that the Berkeley license provides the maximum amount of freedom to potential users. If they want to publicize what they have done, fine. By all means, do so. If there are good reasons not to release the modfied code, that's fine with me, too.
Yours truly,
Andrew S. Tanenbaum
Note added later: Some people have pointed out online that if MINIX had a GPL license, Intel might not have used it since then it would have had to publish the modifications to the code. Maybe yes, maybe no, but the modifications were no doubt technical issues involving which mode processes run in, etc. My understanding, however, is that the small size and modular microkernel structure were the primary attractions. Many people (including me) don't like the idea of an all-powerful management engine in there at all (since it is a possible security hole and a dangerous idea in the first place), but that is Intel's business decision and a separate issue from the code it runs. A company as big as Intel could obviously write its own OS if it had to. My point is that big companies with lots of resources and expertise sometimes use microkernels, especially in embedded systems. The L4 microkernel has been running inside smartphone chips for years. I certainly hope Intel did thorough security hardening and testing before deploying the chip, since apparently an older version of MINIX was used. Older versions were primarily for education and newer ones were for high availability. Military-grade security was never a goal.
Second note added later: The online discussion got completely sidetracked from my original points as noted above. For the record, I would like to state that when Intel contacted me, they didn't say what they were working on. Companies rarely talk about future products without NDAs. I figured it was a new Ethernet chip or graphics chip or something like that. If I had suspected they might be building a spy engine, I certainly wouldn't have cooperated, even though all they wanted was reducing the memory footprint (= chip area for them). I think creating George Orwell's 1984 is an extremely bad idea, even if Orwell was off by about 30 years. People should have complete control over their own computers, not Intel and not the government. In the U.S. the Fourth Amendment makes it very clear that the government is forbidden from searching anyone's property without a search warrant. Many other countries have privacy laws that are in the same spirit. Putting a possible spy in every computer is a terrible development.
52 Comments on MINIX Creator Andrew Tanenbaum Sends Open Letter to Intel Over MINIX Drama
What I find most surprising about Minix in Intel CPUs is that they have a multitasking operating system in there (apparently with various privilege levels). I would have thought a monotasking OS would be much more suitable, or even no 'OS' at all, just using the core like a microcontroller.
AMD PSP has been around just a tad less than IME, and in both instances the presence of such technology was well known and presented in advance. Both are supervising the entire system, and both are closed-source.
Neither company actually disclosed the internals of their security tech beyond vague "memory management", "platform updates", "security", "crypto".
Actually, in case of AMD it's even worse.
Intel ME is actively being researched and dissected, plus all of the Intel's ME tools and UEFI tools (meant for OEMs) are easy to find after numerous leaks. In case of AMD - no tools are available, no active research is in process as far as I know.
Some intel motherboards can survive the procedure of removing ME region from BIOS, or replacing it with open-source alternatives. For AMD - no such luck. No PSP firmware means a bricked motherboard.
Plus we don't know if AMD PSP is present on current-gen. gaming consoles (I believe it is and in addition to Crypto and DRM probably handles some more questionable stuff).
There is no open documentation on AMD PSP. And it is absolutely the same.
AMD won't opensource PSP firmware in the foreseeable future, regardless of whether the community demands it, writes petitions, or whether it will simply make them look better than Intel for once.
www.intel.com/content/www/us/en/architecture-and-technology/intel-amt-vulnerability-announcement.html
Plus this is not something you can easily exploit.
Security firm Positive Technologies reports being able to execute unsigned code on computers running the IME through USB. The fully fleshed-out details of the attack are yet to be known, but from what we know, it’s bad.
Essentially, the IME is linked to JTAG (Joint Test Action Group) debugging ports. USB ports also use JTAG. For this attack, Positive Technologies figured how to bridge the gap, although as previously mentioned, they haven’t gone into specifics of how. Fortunately, this particular attack vector only affects Skylake and above CPUs.
I don't know whether they're all talking about the same thing, but it all falls under discussion of the 'Management Engine'.
Anyway, what I do know is that my main system's consumer level motherboard (ASUS Z270G) has no Intel ME or AMT settings in the BIOS, but it's vulnerable enough to require security updates at the firmware level, because just a few days ago ASUS went out of their way to release a specific Management Engine firmware update to address a security issue:
I remember the complete german goverment had to fully replace all hardware since it was rooted at firmware level. This is how they got it. There's spying from all sort of continents all over the world.
Opensource is the way to go. This way, lots of people can contribute to the code, safety and features to make sure it's tested at it's best. Why do you think windows NEEDS so many updates in general. Cause the OS in base is like a cheese hole full of flaws.
Software is becoming more harder and harder to exploit, so they simply aim at low level features. intel IME is such as bad design, nobody knows what exactly is inside of there and what it's puspose is. You might as well simply call it a backdoor since NSA does alot of exploiting on computers in general.
quoting and translating
Neither Windows or Android, the most popular operating system is another and you use it without knowing it. Your Windows, your Mac or your Linux may not be alone. If you have an Intel processor on your computer, whether desktop or laptop or server, chances are you have a hidden operating system. And this system, called MINIX, has even its own secret processor.
AMT, where Intel and MINIX come together
This is where the interesting comes from. Intel AMT (Active Management Technology), also known as Intel Management Engine, is a kind of "secret processor" that works independently of the rest of the computer. It has nothing to do with the processor you use to play or to run the computer. It is a completely differentiated chip.
And in this hidden or secret processor is where Intel has decided to use MINIX. Intel AMT is able to access any region of memory, read and write all files, and even make a web server. All without the rest of the system even knowing of its existence. And everything working with MINIX, that system that was born with an educational purpose
github.com/corna/me_cleaner
once again press release announces something that has been known for 5 years and people loose their minds
Big companies wanted this feature, Intel made it.
Probably Illuminati at work, or pink unicorns