• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Intel CPU On-chip Management Engine Runs on MINIX

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
47,421 (7.51/day)
Location
Hyderabad, India
System Name RBMK-1000
Processor AMD Ryzen 7 5700G
Motherboard ASUS ROG Strix B450-E Gaming
Cooling DeepCool Gammax L240 V2
Memory 2x 8GB G.Skill Sniper X
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) ASUS SupremeFX S1220A
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Gamdias Hermes E2
Software Windows 11 Pro
With the transition to multi-core processors, and multi-core processors with integrated core-logic (chipset), the need arose for a low-level SoC embedded into the processor with just enough compute power to make sure all the components you pay for start-up and function as advertised. Enter the Intel ME (management engine). This is a full-fledged computer within your Intel processor, which isn't exposed to you. It runs on its very own tiny x86 CPU core that isn't exposed, and its software is driven on an infinitesimally small ROM and RAM. Since you can't have software without some sort of operating-system, Intel chose MINIX for the job.

MINIX is a Unix-like OS with an extremely small memory footprint. The OS was designed by Andrew Tanenbaum, originally as an educational tool to demonstrate that machines can still be built with extremely tiny code. If you're familiar with the "ring-level" system of hardware-access privilege by software, ring 0 would designate the "highest" level of access. A software with ring 0 access can erase your disk, flash your system BIOS, and even make your CPU run at any C-state. The OS kernel needs these privileges, and hence is a ring 0 software. Most user software, like the web-browser you're reading this on, runs at ring 3 (with the browser's own sandbox, the user-level, and API level forming inner levels). Intel ME runs at ring -3 (negative 3), and your OS has no power over it. Most system BIOS updates for Intel motherboards include a ROM update for ME. ME governs the functioning of the rest of the processor, its start-up, and booting. It also governs silicon-level security and management features that can't be compromised by malware.



View at TechPowerUp Main Site
 
Last edited:

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
47,421 (7.51/day)
Location
Hyderabad, India
System Name RBMK-1000
Processor AMD Ryzen 7 5700G
Motherboard ASUS ROG Strix B450-E Gaming
Cooling DeepCool Gammax L240 V2
Memory 2x 8GB G.Skill Sniper X
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) ASUS SupremeFX S1220A
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Gamdias Hermes E2
Software Windows 11 Pro
FAQ: omgz, can I unlock this 5th core on my quad-core chip?
Ans. No. An x86 core can be built with as few as 135,000 transistors (out of the 1.4 billion transistors on a "Haswell" quad-core die, for example). It's not a fifth core. It's a specialized small core that executes ME.
 
Joined
Oct 2, 2015
Messages
3,152 (0.93/day)
Location
Argentina
System Name Ciel / Akane
Processor AMD Ryzen R5 5600X / Intel Core i3 12100F
Motherboard Asus Tuf Gaming B550 Plus / Biostar H610MHP
Cooling ID-Cooling 224-XT Basic / Stock
Memory 2x 16GB Kingston Fury 3600MHz / 2x 8GB Patriot 3200MHz
Video Card(s) Gainward Ghost RTX 3060 Ti / Dell GTX 1660 SUPER
Storage NVMe Kingston KC3000 2TB + NVMe Toshiba KBG40ZNT256G + HDD WD 4TB / NVMe WD Blue SN550 512GB
Display(s) AOC Q27G3XMN / Samsung S22F350
Case Cougar MX410 Mesh-G / Generic
Audio Device(s) Kingston HyperX Cloud Stinger Core 7.1 Wireless PC
Power Supply Aerocool KCAS-500W / Gigabyte P450B
Mouse EVGA X15 / Logitech G203
Keyboard VSG Alnilam / Dell
Software Windows 11
Embrace the botnet.
 
Joined
Nov 13, 2007
Messages
10,923 (1.74/day)
Location
Austin Texas
System Name stress-less
Processor 9800X3D @ 5.42GHZ
Motherboard MSI PRO B650M-A Wifi
Cooling Thermalright Phantom Spirit EVO
Memory 64GB DDR5 6000 1:1 CL30-36-36-96 FCLK 2000
Video Card(s) RTX 4090 FE
Storage 2TB WD SN850, 4TB WD SN850X
Display(s) Alienware 32" 4k 240hz OLED
Case Jonsbo Z20
Audio Device(s) Yes
Power Supply RIP Corsair SF750... Waiting for SF1000
Mouse DeathadderV2 X Hyperspeed
Keyboard 65% HE Keyboard
Software Windows 11
Benchmark Scores They're pretty good, nothing crazy.
incoming hax are incoming.
 
Joined
Nov 18, 2010
Messages
7,607 (1.47/day)
Location
Rīga, Latvia
System Name HELLSTAR
Processor AMD RYZEN 9 5950X
Motherboard ASUS Strix X570-E
Cooling 2x 360 + 280 rads. 3x Gentle Typhoons, 3x Phanteks T30, 2x TT T140 . EK-Quantum Momentum Monoblock.
Memory 4x8GB G.SKILL Trident Z RGB F4-4133C19D-16GTZR 14-16-12-30-44
Video Card(s) Sapphire Pulse RX 7900XTX. Water block. Crossflashed.
Storage Optane 900P[Fedora] + WD BLACK SN850X 4TB + 750 EVO 500GB + 1TB 980PRO+SN560 1TB(W11)
Display(s) Philips PHL BDM3270 + Acer XV242Y
Case Lian Li O11 Dynamic EVO
Audio Device(s) SMSL RAW-MDA1 DAC
Power Supply Fractal Design Newton R3 1000W
Mouse Razer Basilisk
Keyboard Razer BlackWidow V3 - Yellow Switch
Software FEDORA 41
I've been arguing about this for a who still believed in cmos reset lol. It ain't that simple for years.
 

cdawall

where the hell are my stars
Joined
Jul 23, 2006
Messages
27,683 (4.10/day)
Location
Houston
System Name Moving into the mobile space
Processor 7940HS
Motherboard HP trash
Cooling HP trash
Memory 2x8GB
Video Card(s) 4070 mobile
Storage 512GB+2TB NVME
Display(s) some 165hz thing that isn't as nice as it sounded
Joined
Aug 20, 2007
Messages
21,632 (3.40/day)
Location
Olympia, WA
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon, Phanteks and Corsair Maglev blower fans...
Memory 64GB (2x 32GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 5800X Optane 800GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
Joined
Sep 7, 2017
Messages
3,244 (1.20/day)
System Name Grunt
Processor Ryzen 5800x
Motherboard Gigabyte x570 Gaming X
Cooling Noctua NH-U12A
Memory Corsair LPX 3600 4x8GB
Video Card(s) Gigabyte 6800 XT (reference)
Storage Samsung 980 Pro 2TB
Display(s) Samsung CFG70, Samsung NU8000 TV
Case Corsair C70
Power Supply Corsair HX750
Software Win 10 Pro
I didn't even know minix could be used commercially. I thought that was the point of linux and others.

I heard about existing exploits elsewhere. They all recommend and/or come up with ways of disabling it. This is the first I've seen the news in a positive light.
 
Joined
Aug 20, 2007
Messages
21,632 (3.40/day)
Location
Olympia, WA
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon, Phanteks and Corsair Maglev blower fans...
Memory 64GB (2x 32GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 5800X Optane 800GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
I didn't even know minix could be used commercially. I thought that was the point of linux and others.

They all can be used commercially if source code is provided upon request. That's pretty much the GPL in a nutshell.


Also, the source article is not nearly as positive as this post:

Google wants to remove MINIX from its internal servers
According to Google, which is actively working to remove Intel’s Management Engine (MINIX) from their internal servers (for obvious security reasons), the following features exist within Ring -3:

  • Full networking stack
  • File systems
  • Many drivers (including USB, networking, etc.)
  • A web server
That’s right. A web server. Your CPU has a secret web server that you are not allowed to access, and, apparently, Intel does not want you to know about.

Why on this green Earth is there a web server in a hidden part of my CPU? WHY?

The only reason I can think of is if the makers of the CPU wanted a way to serve up content via the internet without you knowing about it. Combine that with the fact that Ring -3 has 100 percent access to everything on the computer, and that should make you just a teensy bit nervous.

The security risks here are off the charts — for home users and enterprises. The privacy implications are tremendous and overwhelming.

Note to Intel: If Google doesn’t trust your CPUs on their own servers, maybe you should consider removing this “feature.” Otherwise, at some point they’ll (likely) move away from your CPUs entirely.

Note to AMD: Now might be a good time to remove similar functionality from your CPU lines to try to win market share from Intel. Better to do so now before Intel removes the “Management Engine.” Strike while the iron’s hot and all that.

Note to Andrew Tanenbaum: Your operating system, MINIX, is now one of the most used on modern computers! That’s kinda cool, right?

Note to everyone else: We’re all MINIX users now.
 
Last edited:
Joined
Sep 7, 2017
Messages
3,244 (1.20/day)
System Name Grunt
Processor Ryzen 5800x
Motherboard Gigabyte x570 Gaming X
Cooling Noctua NH-U12A
Memory Corsair LPX 3600 4x8GB
Video Card(s) Gigabyte 6800 XT (reference)
Storage Samsung 980 Pro 2TB
Display(s) Samsung CFG70, Samsung NU8000 TV
Case Corsair C70
Power Supply Corsair HX750
Software Win 10 Pro
They all can be used commercially if source code is provided upon request. That's pretty much the GPL in a nutshell.

Maybe I got it wrong. Now I recall that Linus made linux cuz Tannenbaum considered it pretty much finished. He didn't have a vision for it to actually rival UNIX. Linus originally just wanted to join the project.

edit: Pretty interesting usenet arguments between the two btw. And funny how humble the two OSes started. I guess you could say they can both rule the roost now.
 
Last edited:
Joined
Mar 24, 2017
Messages
123 (0.04/day)
Location
Italy
Maybe I got it wrong. Now I recall that Linus made linux cuz Tannenbaum considered it pretty much finished. He didn't have a vision for it to actually rival UNIX. Linus originally just wanted to join the project.

Well, not really.
At that time Intel had "just" released the 80x86 platform: 32bit registers and IS + a paged MMU!!
MINIX was an educational OS and was written for 16bit processors. It couldn't do much on the new platforms and the code was licensed(this is important. everyone back then known that AT&T had won a judicial case against UC Berkeley because BSD -Berkeley UNIX port adopted by much of the academic world back then- contained AT&T code -being the original version of UNIX developed from AT&T-. From this legal battle all the GNU/GPL/Stallman history also bloomed).
So Torvald had this 32bit processor with a 16bit OS(MINIX) and was a broken College student that could not afford a BSD or UNIX distribution; what do you do in such cases? You write your own kernel to support the specification and unleash your processor power.
He developed it on MINIX, but he didn't care of the MINIX project because there was no MINIX project at all. Tenembaum used his OS as a teaching support for his OS design classes and at that time had no intrest in keep it up to date for new architectures.
 
Joined
Sep 7, 2017
Messages
3,244 (1.20/day)
System Name Grunt
Processor Ryzen 5800x
Motherboard Gigabyte x570 Gaming X
Cooling Noctua NH-U12A
Memory Corsair LPX 3600 4x8GB
Video Card(s) Gigabyte 6800 XT (reference)
Storage Samsung 980 Pro 2TB
Display(s) Samsung CFG70, Samsung NU8000 TV
Case Corsair C70
Power Supply Corsair HX750
Software Win 10 Pro
Well, not really.
At that time Intel had "just" released the 80x86 platform: 32bit registers and IS + a paged MMU!!
MINIX was an educational OS and was written for 16bit processors. It couldn't do much on the new platforms and the code was licensed(this is important. everyone back then known that AT&T had won a judicial case against UC Berkeley because BSD -Berkeley UNIX port adopted by much of the academic world back then- contained AT&T code -being the original version of UNIX developed from AT&T-. From this legal battle all the GNU/GPL/Stallman history also bloomed).
So Torvald had this 32bit processor with a 16bit OS(MINIX) and was a broken College student that could not afford a BSD or UNIX distribution; what do you do in such cases? You write your own kernel to support the specification and unleash your processor power.
He developed it on MINIX, but he didn't care of the MINIX project because there was no MINIX project at all. Tenembaum used his OS as a teaching support for his OS design classes and at that time had no intrest in keep it up to date for new architectures.

Thanks for the refresher.

I've been messing with Linux on and off since the 90s, but could never find a use for it personally. I really want to like it though, because of how it started, if anything.
 
Joined
Mar 24, 2017
Messages
123 (0.04/day)
Location
Italy
Thanks for the refresher.

I've been messing with Linux on and off since the 90s, but could never find a use for it personally. I really want to like it though, because of how it started, if anything.

Well, I did it only because your recollection seemed to imply that Linus did it out of some sort of denial or refuse.
Instead it all started because the guy is simply bold.
That's it and I quite like this fact.
 
Joined
Sep 7, 2017
Messages
3,244 (1.20/day)
System Name Grunt
Processor Ryzen 5800x
Motherboard Gigabyte x570 Gaming X
Cooling Noctua NH-U12A
Memory Corsair LPX 3600 4x8GB
Video Card(s) Gigabyte 6800 XT (reference)
Storage Samsung 980 Pro 2TB
Display(s) Samsung CFG70, Samsung NU8000 TV
Case Corsair C70
Power Supply Corsair HX750
Software Win 10 Pro
Well, I did it only because your recollection seemed to imply that Linus did it out of some sort of denial or refuse.
Instead it all started because the guy is simply bold.
That's it and I quite like this fact.
No, I agree. That's been on my mind the whole time. I just thought that after Tanenbaum turned things down, he still had the balls and talent to make his own OS. I got events mixed up a bit though.
 
Joined
Feb 18, 2010
Messages
1,850 (0.34/day)
System Name Eldritch
Processor AMD Ryzen 5 5800X3D
Motherboard ASUS TUF X570 Pro Wifi
Cooling Satan's butthole after going to Taco Bell
Memory 64 GB G.Skill TridentZ
Video Card(s) Vega 56
Storage 6*8TB Western Digital Blues in RAID 6, 2*512 GB Samsung 960 Pros
Display(s) Acer CB281HK
Case Phanteks Enthoo Pro PH-ES614P_BK
Audio Device(s) ASUS Xonar DX
Power Supply EVGA Supernova 750 G2
Mouse Razer Viper 8K
Software Debian Bullseye
FAQ: omgz, can I unlock this 5th core on my quad-core chip?
Ans. No. An x86 core can be built with as few as 135,000 transistors (out of the 1.4 billion transistors on a "Haswell" quad-core die, for example). It's not a fifth core. It's a specialized small core that executes ME.
All I need to do is get it to run DOOM and I'll be happy.
 
Joined
Nov 2, 2008
Messages
887 (0.15/day)
Processor Intel Core i3-8100
Motherboard ASRock H370 Pro4
Cooling Cryorig M9i
Memory 16GB G.Skill Aegis DDR4-2400
Video Card(s) Gigabyte GeForce GTX 1060 WindForce OC 3GB
Storage Crucial MX500 512GB SSD
Display(s) Dell S2316M LCD
Case Fractal Design Define R4 Black Pearl
Audio Device(s) Realtek ALC892
Power Supply Corsair CX600M
Mouse Logitech M500
Keyboard Lenovo KB1021 USB
Software Windows 10 Professional x64
btarunnr said:
ME governs the functioning of the rest of the processor, its start-up, and booting. It also governs silicon-level security and management features that can't be compromised by malware.

Red alert! Intel patches remote execution hole that's been hidden in chips since 2010
1 May 2017
https://www.theregister.co.uk/2017/05/01/intel_amt_me_vulnerability/

If you're lucky, then your motherboard vendor has issued a BIOS update to plug the security hole. If you're unlucky (i.e., have an older business-grade machine), then the hole will never be plugged....
 

cdawall

where the hell are my stars
Joined
Jul 23, 2006
Messages
27,683 (4.10/day)
Location
Houston
System Name Moving into the mobile space
Processor 7940HS
Motherboard HP trash
Cooling HP trash
Memory 2x8GB
Video Card(s) 4070 mobile
Storage 512GB+2TB NVME
Display(s) some 165hz thing that isn't as nice as it sounded
Red alert! Intel patches remote execution hole that's been hidden in chips since 2010
1 May 2017
https://www.theregister.co.uk/2017/05/01/intel_amt_me_vulnerability/

If you're lucky, then your motherboard vendor has issued a BIOS update to plug the security hole. If you're unlucky (i.e., have an older business-grade machine), then the hole will never be plugged....

The update was pushed through windows as a patch. So unless you are on a junk windows 7 machine that has updates turned off it was patched through MS.
 
Joined
Nov 2, 2008
Messages
887 (0.15/day)
Processor Intel Core i3-8100
Motherboard ASRock H370 Pro4
Cooling Cryorig M9i
Memory 16GB G.Skill Aegis DDR4-2400
Video Card(s) Gigabyte GeForce GTX 1060 WindForce OC 3GB
Storage Crucial MX500 512GB SSD
Display(s) Dell S2316M LCD
Case Fractal Design Define R4 Black Pearl
Audio Device(s) Realtek ALC892
Power Supply Corsair CX600M
Mouse Logitech M500
Keyboard Lenovo KB1021 USB
Software Windows 10 Professional x64
The update was pushed through windows as a patch. So unless you are on a junk windows 7 machine that has updates turned off it was patched through MS.

Somehow, I doubt that you read the article; otherwise, you would have seen these tidbits:
These insecure management features have been available in various, but not all, Intel chipsets for nearly a decade, starting with 2010's Intel Q57 family, all the way up to this year's Kaby Lake Core parts. Crucially, the vulnerability lies at the very heart of a machine's silicon, out of sight of the operating system, its applications and any antivirus.

The programming blunder can only be fully addressed with a firmware-level update, and it is present in millions of chips. It is effectively a backdoor into computers all over the world

According to Intel today, this critical security vulnerability, labeled CVE-2017-5689, was discovered and reported in March by Maksim Malyutin at Embedi. To get Intel's patch to close the hole, you'll have to pester your machine's manufacturer for a firmware update, and in the meantime, try the mitigations here. These updates, although developed by Intel, must be cryptographically signed and distributed by the manufacturers. It is hoped they will be pushed out to customers within the next few weeks. They should be installed ASAP.

To patch the problem, you need a BIOS update from the motherboard vendor, not a patch from Microsoft. Over the past few months, I've been doing BIOS updates on Dell OptiPlex and Lenovo ThinkCentre machines at work due to this issue. However, Dell was too cheap/lazy to update older model machines, so they'll remain vulnerable indefinitely. Most home users won't be affected by this issue because their motherboards lack AMT support.
 
Last edited:

cdawall

where the hell are my stars
Joined
Jul 23, 2006
Messages
27,683 (4.10/day)
Location
Houston
System Name Moving into the mobile space
Processor 7940HS
Motherboard HP trash
Cooling HP trash
Memory 2x8GB
Video Card(s) 4070 mobile
Storage 512GB+2TB NVME
Display(s) some 165hz thing that isn't as nice as it sounded
Somehow, I doubt that you read the article; otherwise, you would have seen these tidbits:




To patch the problem, you need a BIOS update from the motherboard vendor, not a patch from Microsoft. Over the past few months, I've been doing BIOS updates on Dell OptiPlex and Lenovo ThinkCentre machines at work due to this issue. However, Dell was too cheap/lazy to update older model machines, so they'll remain vulnerable indefinitely. Most home users won't be affected by this issue because their motherboards lack AMT support.

That update can still be pushed through windows update. Most of the OptiPlex units listed it during the update cycles

https://docs.microsoft.com/en-us/wi...bringup/windows-uefi-firmware-update-platform
 
Joined
Nov 2, 2008
Messages
887 (0.15/day)
Processor Intel Core i3-8100
Motherboard ASRock H370 Pro4
Cooling Cryorig M9i
Memory 16GB G.Skill Aegis DDR4-2400
Video Card(s) Gigabyte GeForce GTX 1060 WindForce OC 3GB
Storage Crucial MX500 512GB SSD
Display(s) Dell S2316M LCD
Case Fractal Design Define R4 Black Pearl
Audio Device(s) Realtek ALC892
Power Supply Corsair CX600M
Mouse Logitech M500
Keyboard Lenovo KB1021 USB
Software Windows 10 Professional x64

Frick

Fishfaced Nincompoop
Joined
Feb 27, 2006
Messages
19,754 (2.86/day)
Location
w
System Name Black MC in Tokyo
Processor Ryzen 5 7600
Motherboard MSI X670E Gaming Plus Wifi
Cooling Be Quiet! Pure Rock 2
Memory 2 x 16GB Corsair Vengeance @ 6000Mhz
Video Card(s) XFX 6950XT Speedster MERC 319
Storage Kingston KC3000 1TB | WD Black SN750 2TB |WD Blue 1TB x 2 | Toshiba P300 2TB | Seagate Expansion 8TB
Display(s) Samsung U32J590U 4K + BenQ GL2450HT 1080p
Case Fractal Design Define R4
Audio Device(s) Plantronics 5220, Nektar SE61 keyboard
Power Supply Corsair RM850x v3
Mouse Logitech G602
Keyboard Dell SK3205
Software Windows 10 Pro
Benchmark Scores Rimworld 4K ready!
They all can be used commercially if source code is provided upon request. That's pretty much the GPL in a nutshell.


Also, the source article is not nearly as positive as this post:

Heh, I was going to make a joke about it probably even having a full ethernet stack. Everything does. :(
 
Joined
May 19, 2009
Messages
1,868 (0.33/day)
Location
Latvia
System Name Personal \\ Work - HP EliteBook 840 G6
Processor 7700X \\ i7-8565U
Motherboard Asrock X670E PG Lightning
Cooling Noctua DH-15
Memory G.SKILL Trident Z5 RGB Black 32GB 6000MHz CL36 \\ 16GB DDR4-2400
Video Card(s) ASUS RoG Strix 1070 Ti \\ Intel UHD Graphics 620
Storage 2x KC3000 2TB, Samsung 970 EVO 512GB \\ OEM 256GB NVMe SSD
Display(s) BenQ XL2411Z \\ FullHD + 2x HP Z24i external screens via docking station
Case Fractal Design Define Arc Midi R2 with window
Audio Device(s) Realtek ALC1150 with Logitech Z533
Power Supply Corsair AX860i
Mouse Logitech G502
Keyboard Corsair K55 RGB PRO
Software Windows 11 \\ Windows 10
Can be pushed, or is being pushed? I never saw any sign of AMT updates from Microsoft, only from the system vendors. MS isn't in the business of doing BIOS updates to systems (they get enough flack from the updates to their operating systems... ;) ).

Is not being pushed by Microsoft. HP, Dell, Lenovo and others all published their firmware patches.
 
Joined
Apr 16, 2010
Messages
3,632 (0.67/day)
Location
Portugal
System Name LenovoⓇ ThinkPad™ T430
Processor IntelⓇ Core™ i5-3210M processor (2 cores, 2.50GHz, 3MB cache), Intel Turbo Boost™ 2.0 (3.10GHz), HT™
Motherboard Lenovo 2344 (Mobile Intel QM77 Express Chipset)
Cooling Single-pipe heatsink + Delta fan
Memory 2x 8GB KingstonⓇ HyperX™ Impact 2133MHz DDR3L SO-DIMM
Video Card(s) Intel HD Graphics™ 4000 (GPU clk: 1100MHz, vRAM clk: 1066MHz)
Storage SamsungⓇ 860 EVO mSATA (250GB) + 850 EVO (500GB) SATA
Display(s) 14.0" (355mm) HD (1366x768) color, anti-glare, LED backlight, 200 nits, 16:9 aspect ratio, 300:1 co
Case ThinkPad Roll Cage (one-piece magnesium frame)
Audio Device(s) HD Audio, RealtekⓇ ALC3202 codec, DolbyⓇ Advanced Audio™ v2 / stereo speakers, 1W x 2
Power Supply ThinkPad 65W AC Adapter + ThinkPad Battery 70++ (9-cell)
Mouse TrackPointⓇ pointing device + UltraNav™, wide touchpad below keyboard + ThinkLight™
Keyboard 6-row, 84-key, ThinkVantage button, spill-resistant, multimedia Fn keys, LED backlight (PT Layout)
Software MicrosoftⓇ WindowsⓇ 10 x86-64 (22H2)
Also, the source article is not nearly as positive as this post:
Google wants to remove MINIX from its internal servers
According to Google, which is actively working to remove Intel’s Management Engine (MINIX) from their internal servers (for obvious security reasons), the following features exist within Ring -3:

  • Full networking stack
  • File systems
  • Many drivers (including USB, networking, etc.)
  • A web server
That’s right. A web server. Your CPU has a secret web server that you are not allowed to access, and, apparently, Intel does not want you to know about.

Why on this green Earth is there a web server in a hidden part of my CPU? WHY?

The only reason I can think of is if the makers of the CPU wanted a way to serve up content via the internet without you knowing about it. Combine that with the fact that Ring -3 has 100 percent access to everything on the computer, and that should make you just a teensy bit nervous.
AMT. Part of vPRO also, in laptops/desktops.
I mean, talk about creating FUD with little knowledge. :rolleyes:
So yes, a full network stack, mainboard drivers (just main board and extra storage, Centrino platform and all that, extra peripherals need not apply), a file system to handle updates and a web server...to enable OOB management.

The security risks here are off the charts — for home users and enterprises. The privacy implications are tremendous and overwhelming.
Home users, yes. Enterprises, not really.
How the hell am I supposed to track/manage a thousand-or-so geographically distant machines without this? (I know about Azure, not there yet but almost)
So I do use it and it is useful.
Now, I do know that what I can see, Intel servers can too and that Intel probably does see all the stuff. They are providing me a service, so I expect that.
That's why every fan forum for elitebooks, thinkpads and latitudes recommends to shut Intel ME/iAMT off from 2nd hand machines. And I do recommend it too. Remote wipe/power manage/access blocking is a thing.

EDIT: And I do believe Google must be doing this because it is redundant anyway, servers already have mainboard built-in OOB management interfaces.
 

cdawall

where the hell are my stars
Joined
Jul 23, 2006
Messages
27,683 (4.10/day)
Location
Houston
System Name Moving into the mobile space
Processor 7940HS
Motherboard HP trash
Cooling HP trash
Memory 2x8GB
Video Card(s) 4070 mobile
Storage 512GB+2TB NVME
Display(s) some 165hz thing that isn't as nice as it sounded
Can be pushed, or is being pushed? I never saw any sign of AMT updates from Microsoft, only from the system vendors. MS isn't in the business of doing BIOS updates to systems (they get enough flack from the updates to their operating systems... ;) ).

Last batch of dells I had run windows updates (those ones from Ms) restarted and literally said "updating firmware do not power off"

I mean I guess it could be doing something else and ms could just be full of it?

I also guess these surface firmware updates pushed through windows update are a lie.

https://www.windowscentral.com/microsoft-pushes-fresh-firmware-updates-surface-book-surface-pro-4

This is still a vender specific situation, but most of these updates are happening in windows update. Quietly so quietly that apparently no one knows about it.
 
Top