• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

MINIX Creator Andrew Tanenbaum Sends Open Letter to Intel Over MINIX Drama

Joined
Sep 22, 2017
Messages
889 (0.34/day)
We recently reported about MINIX, the hidden Unix-like OS that Intel was secretly shipping in all of their modern processors. This came as a shock to most of us and to MINIX creator Andrew Tanenbaum as well. Although Andrew wasn't completely surprised by the news, since Intel approached him couple years back asking him to make a few changes to the MINIX system. He stated in the open letter that he wasn't looking for economic remuneration, but it would have been nice if Intel had told him about their plans to distribute his operating system in their processors.

You can read the complete letter sent to Intel below:

Dear Mr. Krzanich,

Thanks for putting a version of MINIX inside the ME-11 management engine chip used on almost all recent desktop and laptop computers in the world. I guess that makes MINIX the most widely used computer operating system in the world, even more than Windows, Linux, or MacOS. And I didn't even know until I read a press report about it. Also here and here and here and here and here (in Dutch), and a bunch of other places.

I knew that Intel had some potential interest in MINIX several years ago when one of your engineering teams contacted me about some secret internal project and asked a large number of technical questions about MINIX, which I was happy to answer. I got another clue when your engineers began asking me to make a number of changes to MINIX, for example, making the memory footprint smaller and adding #ifdefs around pieces of code so they could be statically disabled by setting flags in the main configuration file. This made it possible to reduce the memory footprint even more by selectively disabling a number of features not always needed, such as floating point support. This made the system, which was already very modular since nearly all of the OS runs as a collection of separate processes (normally in user mode), all of which can be included or excluded in a build, as needed, even more modular.

Also a hint was the discussion about the license. I (implicitly) gathered that the fact that MINIX uses the Berkeley license was very important. I have run across this before, when companies have told me that they hate the GPL because they are not keen on spending a lot of time, energy, and money modifying some piece of code, only to be required to give it to their competitors for free. These discussions were why we put MINIX out under the Berkeley license in 2000 (after prying it loose from my publisher).

After that intitial burst of activity, there was radio silence for a couple of years, until I read in the media (see above) that a modified version of MINIX was running on most x86 computers, deep inside one of the Intel chips. This was a complete surprise. I don't mind, of course, and was not expecting any kind of payment since that is not required. There isn't even any suggestion in the license that it would be appreciated.

The only thing that would have been nice is that after the project had been finished and the chip deployed, that someone from Intel would have told me, just as a courtesy, that MINIX was now probably the most widely used operating system in the world on x86 computers. That certainly wasn't required in any way, but I think it would have been polite to give me a heads up, that's all.

If nothing else, this bit of news reaffirms my view that the Berkeley license provides the maximum amount of freedom to potential users. If they want to publicize what they have done, fine. By all means, do so. If there are good reasons not to release the modfied code, that's fine with me, too.

Yours truly,

Andrew S. Tanenbaum

Note added later: Some people have pointed out online that if MINIX had a GPL license, Intel might not have used it since then it would have had to publish the modifications to the code. Maybe yes, maybe no, but the modifications were no doubt technical issues involving which mode processes run in, etc. My understanding, however, is that the small size and modular microkernel structure were the primary attractions. Many people (including me) don't like the idea of an all-powerful management engine in there at all (since it is a possible security hole and a dangerous idea in the first place), but that is Intel's business decision and a separate issue from the code it runs. A company as big as Intel could obviously write its own OS if it had to. My point is that big companies with lots of resources and expertise sometimes use microkernels, especially in embedded systems. The L4 microkernel has been running inside smartphone chips for years. I certainly hope Intel did thorough security hardening and testing before deploying the chip, since apparently an older version of MINIX was used. Older versions were primarily for education and newer ones were for high availability. Military-grade security was never a goal.

Second note added later: The online discussion got completely sidetracked from my original points as noted above. For the record, I would like to state that when Intel contacted me, they didn't say what they were working on. Companies rarely talk about future products without NDAs. I figured it was a new Ethernet chip or graphics chip or something like that. If I had suspected they might be building a spy engine, I certainly wouldn't have cooperated, even though all they wanted was reducing the memory footprint (= chip area for them). I think creating George Orwell's 1984 is an extremely bad idea, even if Orwell was off by about 30 years. People should have complete control over their own computers, not Intel and not the government. In the U.S. the Fourth Amendment makes it very clear that the government is forbidden from searching anyone's property without a search warrant. Many other countries have privacy laws that are in the same spirit. Putting a possible spy in every computer is a terrible development.

View at TechPowerUp Main Site
 
Last edited:
Joined
Nov 4, 2005
Messages
12,006 (1.72/day)
System Name Compy 386
Processor 7800X3D
Motherboard Asus
Cooling Air for now.....
Memory 64 GB DDR5 6400Mhz
Video Card(s) 7900XTX 310 Merc
Storage Samsung 990 2TB, 2 SP 2TB SSDs, 24TB Enterprise drives
Display(s) 55" Samsung 4K HDR
Audio Device(s) ATI HDMI
Mouse Logitech MX518
Keyboard Razer
Software A lot.
Benchmark Scores Its fast. Enough.
All this is going to do is to get the source code cracked, each and every pin analyzed, each and every block of an Intel processor scanned with an electron microscope to see if its hard coded during wafer manufacturing, and exploits will soon abound.
 
Joined
May 27, 2015
Messages
11 (0.00/day)
I'm out of the loop.

What is the issue for customers about the ME ?

It's a micro-code known for years.
Common in OC to have to reinstall the ME if overclocking is degraded (risky operation, only for competition).
 
Joined
Oct 2, 2004
Messages
13,791 (1.87/day)
All this is going to do is to get the source code cracked, each and every pin analyzed, each and every block of an Intel processor scanned with an electron microscope to see if its hard coded during wafer manufacturing, and exploits will soon abound.

AMD just became a lot more interesting to pretty much entire world all of a sudden...
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
27,936 (3.71/day)
Processor Ryzen 7 5700X
Memory 48 GB
Video Card(s) RTX 4080
Storage 2x HDD RAID 1, 3x M.2 NVMe
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 10 64-bit
OMG :eek: TPU mentioned as 2nd source in his letter. I remember reading Tanenbaum's books and dissecting his operating system concepts in university.
 
Joined
Mar 23, 2016
Messages
4,844 (1.52/day)
Processor Core i7-13700
Motherboard MSI Z790 Gaming Plus WiFi
Cooling Cooler Master RGB something
Memory Corsair DDR5-6000 small OC to 6200
Video Card(s) XFX Speedster SWFT309 AMD Radeon RX 6700 XT CORE Gaming
Storage 970 EVO NVMe M.2 500GB,,WD850N 2TB
Display(s) Samsung 28” 4K monitor
Case Phantek Eclipse P400S
Audio Device(s) EVGA NU Audio
Power Supply EVGA 850 BQ
Mouse Logitech G502 Hero
Keyboard Logitech G G413 Silver
Software Windows 11 Professional v23H2
All this is going to do is to get the source code cracked, each and every pin analyzed, each and every block of an Intel processor scanned with an electron microscope to see if its hard coded during wafer manufacturing, and exploits will soon abound.
It's not the CPU that has the Intel Management Engine but the Platform Controller Hub (PCH.)


The Intel Management Engine was also moved to the PCH starting with the Nehalem processors and 5-Series chipsets.
 

silentbogo

Moderator
Staff member
Joined
Nov 20, 2013
Messages
5,552 (1.37/day)
Location
Kyiv, Ukraine
System Name WS#1337
Processor Ryzen 7 5700X3D
Motherboard ASUS X570-PLUS TUF Gaming
Cooling Xigmatek Scylla 240mm AIO
Memory 64GB DDR4-3600(4x16)
Video Card(s) MSI RTX 3070 Gaming X Trio
Storage ADATA Legend 2TB
Display(s) Samsung Viewfinity Ultra S6 (34" UW)
Case ghetto CM Cosmos RC-1000
Audio Device(s) ALC1220
Power Supply SeaSonic SSR-550FX (80+ GOLD)
Mouse Logitech G603
Keyboard Modecom Volcano Blade (Kailh choc LP)
VR HMD Google dreamview headset(aka fancy cardboard)
Software Windows 11, Ubuntu 24.04 LTS
I remember reading Tanenbaum's books and dissecting his operating system concepts in university.
Still have the third edition of "Modern Operating Systems", along with Crowley's "Operating Systems: Design Oriented Approach".
Though, I gave up on college way before I got those :laugh:

AMD just became a lot more interesting to pretty much entire world all of a sudden...
Don't worry, they've got one of their own.

What is the issue for customers about the ME ?
Several potentially critical vulnerabilities with no way of patching on older platforms (sources mention some were known for many years).
Also, no way of completely disabling ME without harming the hardware (you are lucky if you'll only get a 15 second POST delay, otherwise your mobo won't even start).
Plus, both AMD and Intel are so secretive about their security tech, that it forces people to think whether ME or AMD SecureChip are really that secure, or whether they simply apply the tactics of "obfuscated security".
 
Joined
Jul 5, 2013
Messages
28,208 (6.74/day)
All this is going to do is to get the source code cracked, each and every pin analyzed, each and every block of an Intel processor scanned with an electron microscope to see if its hard coded during wafer manufacturing, and exploits will soon abound.
The key point most people seem to be missing is that this discovery was prompted by a vulnerability discovered earlier this year. And again, Intel has already publicly confirmed that this technology is not on CPU dies and is elsewhere in specific chipsets. If AMT is disabled, or is enabled and not provisioned, the little "mini SOC" in question sits doing nothing in a sleep-state. Even if the use can not directly access it, it still needs are source of instructions and data to process. If not enabled and provisioned, it does not and can not know how or where to get data or what tasks to carry out. That hardware still depends on software outside it's installed MinixOS, even on such a miniaturized low level. Without the software, it sits dumb, doing nothing. If you know me from elsewhere in the forums, then you know how ultra cautious and security/privacy focused I am, even to the point of being called paranoid[which I won't dispute]. Having said that, I've done my homework on this problem. IF the affected hardware, which limited, has the function disabled, it can not be directly addressed from outside the system, even over a network.

So if you have affected hardware, get into the bios and disable it. If you can't disable it[which I've not seen an instance of yet], than disable and uninstall the drivers for the associated device in the Windows Device Manager. If the software package for the Intel's AMT is installed, uninstall it. This will render the ME non-functional.

Now even though THIS problem can safely be disabled and rendered non-functional, what's really scary is that a slight variation of the design can render it completely unaffected by bios/user settings, leaving us at the mercy of anyone who has the know-how to address and take control of it. At that point the only way to be safe from such control is to keep such a system completely stand alone, IE by never connecting a network.
 
Joined
Dec 29, 2010
Messages
3,809 (0.75/day)
Processor AMD 5900x
Motherboard Asus x570 Strix-E
Cooling Hardware Labs
Memory G.Skill 4000c17 2x16gb
Video Card(s) RTX 3090
Storage Sabrent
Display(s) Samsung G9
Case Phanteks 719
Audio Device(s) Fiio K5 Pro
Power Supply EVGA 1000 P2
Mouse Logitech G600
Keyboard Corsair K95
Joined
Jul 5, 2013
Messages
28,208 (6.74/day)
Several potentially critical vulnerabilities with no way of patching on older platforms (sources mention some were known for many years).
Also, no way of completely disabling ME without harming the hardware (you are lucky if you'll only get a 15 second POST delay, otherwise your mobo won't even start).
Plus, both AMD and Intel are so secretive about their security tech, that it forces people to think whether ME or AMD SecureChip are really that secure, or whether they simply apply the tactics of "obfuscated security".
And people me paranoid. :kookoo: :wtf:
 

cadaveca

My name is Dave
Joined
Apr 10, 2006
Messages
17,232 (2.52/day)
OMG :eek: TPU mentioned as 2nd source in his letter. I remember reading Tanenbaum's books and dissecting his operating system concepts in university.
:respect::respect:You, W1zz, are the GPU god of the enthusiast sphere and we are all your loyal subjects. Of course he (and pretty much any other PC enthusiast) reads TPU!!! :respect::respect:

:lovetpu:

Except AMD are above board about it and not stealing it and hiding it from everyone.
Intel announced this when SandyBridge launched. Hardly hidden, and certainly, not stolen. ROFL.

Now even though THIS problem can safely be disabled and rendered non-functional, what's really scary is that a slight variation of the design can render it completely unaffected by bios/user settings, leaving us at the mercy of anyone who has the know-how to address and take control of it. At that point the only way to be safe from such control is to keep such a system completely stand alone, IE by never connecting a network.

We did kind of have an issue... that perhaps caused the recall of the P67 chipset? Yet this has been out in the wild for a long time now, and there has yet to be any openly obvious issues presented. Although, the tie-in with Hollywood that Intel had for DRM was something I was sure that people would have been more of an uproar about, but even that fizzled out after a few days. People are quick to forget things that were talked about years ago.
 
Joined
Dec 29, 2010
Messages
3,809 (0.75/day)
Processor AMD 5900x
Motherboard Asus x570 Strix-E
Cooling Hardware Labs
Memory G.Skill 4000c17 2x16gb
Video Card(s) RTX 3090
Storage Sabrent
Display(s) Samsung G9
Case Phanteks 719
Audio Device(s) Fiio K5 Pro
Power Supply EVGA 1000 P2
Mouse Logitech G600
Keyboard Corsair K95
Imagine if Tanenbaum got some backing and went after Intel... The stakes are in the billions. Can you imagine the cease and desist order? lol
 
Joined
Nov 4, 2005
Messages
12,006 (1.72/day)
System Name Compy 386
Processor 7800X3D
Motherboard Asus
Cooling Air for now.....
Memory 64 GB DDR5 6400Mhz
Video Card(s) 7900XTX 310 Merc
Storage Samsung 990 2TB, 2 SP 2TB SSDs, 24TB Enterprise drives
Display(s) 55" Samsung 4K HDR
Audio Device(s) ATI HDMI
Mouse Logitech MX518
Keyboard Razer
Software A lot.
Benchmark Scores Its fast. Enough.
It's not the CPU that has the Intel Management Engine but the Platform Controller Hub (PCH.)


Even in the PCH its running on a CPU "core" in the die that now has more power as it can look at packets coming and going and there could be a whole networking device inside it cloned and invisible to the existing GBe to allow access at the hardware level if someone wanted, since it can be updated, it can be hacked, and even if not updated due to some large part of it being ROM, there will be those looking and finding exploits. Imagine a virus/malware that gained access by pretending to be a PCIe device with root access to the file system? A few simple commands and an attacker could have easy access to anyone's files, to the OS its just an installed device and hand over complete access.
 
Joined
Jul 5, 2013
Messages
28,208 (6.74/day)
Even in the PCH its running on a CPU "core" in the die that now has more power as it can look at packets coming and going and there could be a whole networking device inside it cloned and invisible to the existing GBe to allow access at the hardware level if someone wanted, since it can be updated, it can be hacked, and even if not updated due to some large part of it being ROM, there will be those looking and finding exploits. Imagine a virus/malware that gained access by pretending to be a PCIe device with root access to the file system? A few simple commands and an attacker could have easy access to anyone's files, to the OS its just an installed device and hand over complete access.
Again, it has to be enabled AND provisioned. If not it sits doing nothing.
 
Joined
Mar 14, 2014
Messages
1,427 (0.36/day)
Processor 11900K
Motherboard ASRock Z590 OC Formula
Cooling Noctua NH-D15 using 2x140mm 3000RPM industrial Noctuas
Memory G. Skill Trident Z 2x16GB 3600MHz
Video Card(s) eVGA RTX 3090 FTW3
Storage 2TB Crucial P5 Plus
Display(s) 1st: LG GR83Q-B 1440p 27in 240Hz / 2nd: Lenovo y27g 1080p 27in 144Hz
Case Lian Li Lancool MESH II RGB (I removed the RGB)
Audio Device(s) AKG Q701's w/ O2+ODAC (Sounds a little bright)
Power Supply Seasonic Prime 850 TX
Mouse Glorious Model D
Keyboard Glorious MMK2 65% Lynx MX switches
Software Win10 Pro
Except AMD are above board about it and not stealing it and hiding it from everyone.

Stealing and hiding LMAO. Did you miss the part where it is free?
 
Joined
Jun 18, 2010
Messages
2,338 (0.44/day)
Processor Intel i7 970 // Intel i7 2600K
Motherboard Asus Rampage III Formula // Asus P8P67 Deluxe
Cooling Zalman CNPS9900MaxB // Zalman CNPS11X
Memory GSkill 2133 12GB // Corsair V 2400 32GB
Video Card(s) ASUS GTX1080 // MSI GTX1070
Storage Samsung 870EVO // Samsung 840P
Display(s) HP w2207h
Case CoolerMaster Stacker 830se // Lian Li PC-9F
Audio Device(s) onboard
Power Supply Seasonic X 850w Gold // EVGA 850w G2
Mouse Logitech G502SE HERO, G9
Keyboard Dell
Software W10 Pro 22H2
Joined
Mar 6, 2017
Messages
3,358 (1.18/day)
Location
North East Ohio, USA
System Name My Ryzen 7 7700X Super Computer
Processor AMD Ryzen 7 7700X
Motherboard Gigabyte B650 Aorus Elite AX
Cooling DeepCool AK620 with Arctic Silver 5
Memory 2x16GB G.Skill Trident Z5 NEO DDR5 EXPO (CL30)
Video Card(s) XFX AMD Radeon RX 7900 GRE
Storage Samsung 980 EVO 1 TB NVMe SSD (System Drive), Samsung 970 EVO 500 GB NVMe SSD (Game Drive)
Display(s) Acer Nitro XV272U (DisplayPort) and Acer Nitro XV270U (DisplayPort)
Case Lian Li LANCOOL II MESH C
Audio Device(s) On-Board Sound / Sony WH-XB910N Bluetooth Headphones
Power Supply MSI A850GF
Mouse Logitech M705
Keyboard Steelseries
Software Windows 11 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
The difference between what Intel has and what AMD has is AMD gives you a choice, Intel doesn't. The consumer version of Ryzen doesn't have AMD Secure Technology, only a specific line has it. All Intel chips have it and you can't turn it off.

Oops.

Suddenly AMD Ryzen is looking a whole lot more interesting from a pure security point of view.
 
Joined
Jul 13, 2016
Messages
3,323 (1.08/day)
Processor Ryzen 7800X3D
Motherboard ASRock X670E Taichi
Cooling Noctua NH-D15 Chromax
Memory 32GB DDR5 6000 CL30
Video Card(s) MSI RTX 4090 Trio
Storage Too much
Display(s) Acer Predator XB3 27" 240 Hz
Case Thermaltake Core X9
Audio Device(s) Topping DX5, DCA Aeon II
Power Supply Seasonic Prime Titanium 850w
Mouse G305
Keyboard Wooting HE60
VR HMD Valve Index
Software Win 10
Except AMD are above board about it and not stealing it and hiding it from everyone.

It's kind of hard to be below what Intel does to be honest. I knew Intel was a shitty company before but now learning they did this with zero credit to the creators and poached Raja right after they made a deal with AMD. They disgust me and I will never buy another Intel processor if I'm not forced to.
 
Joined
Mar 23, 2016
Messages
4,844 (1.52/day)
Processor Core i7-13700
Motherboard MSI Z790 Gaming Plus WiFi
Cooling Cooler Master RGB something
Memory Corsair DDR5-6000 small OC to 6200
Video Card(s) XFX Speedster SWFT309 AMD Radeon RX 6700 XT CORE Gaming
Storage 970 EVO NVMe M.2 500GB,,WD850N 2TB
Display(s) Samsung 28” 4K monitor
Case Phantek Eclipse P400S
Audio Device(s) EVGA NU Audio
Power Supply EVGA 850 BQ
Mouse Logitech G502 Hero
Keyboard Logitech G G413 Silver
Software Windows 11 Professional v23H2
Last edited:
Joined
Jul 13, 2016
Messages
3,323 (1.08/day)
Processor Ryzen 7800X3D
Motherboard ASRock X670E Taichi
Cooling Noctua NH-D15 Chromax
Memory 32GB DDR5 6000 CL30
Video Card(s) MSI RTX 4090 Trio
Storage Too much
Display(s) Acer Predator XB3 27" 240 Hz
Case Thermaltake Core X9
Audio Device(s) Topping DX5, DCA Aeon II
Power Supply Seasonic Prime Titanium 850w
Mouse G305
Keyboard Wooting HE60
VR HMD Valve Index
Software Win 10
Stealing and hiding LMAO. Did you miss the part where it is free?

Just because something is free doesn't mean you don't have to credit the authors or provide others with access to the code. There are so many pieces of IP under these kinds of licenses. They only provide it for free so that it can be used perpetually to help others.
 
Joined
Mar 16, 2017
Messages
245 (0.09/day)
Location
behind you
Processor Threadripper 1950X
Motherboard ASRock X399 Professional Gaming
Cooling IceGiant ProSiphon Elite
Memory 48GB DDR4 2934MHz
Video Card(s) MSI GTX 1080
Storage 4TB Crucial P3 Plus NVMe, 1TB Samsung 980 NVMe, 1TB Inland NVMe, 2TB Western Digital HDD
Display(s) 2x 4K60
Power Supply Cooler Master Silent Pro M (1000W)
Mouse Corsair Ironclaw Wireless
Keyboard Corsair K70 MK.2
VR HMD HTC Vive Pro
Software Windows 10, QubesOS
Boy would it be awkward if Mr. Tanenbaum showed up right now.
 
Joined
Sep 7, 2017
Messages
3,244 (1.22/day)
System Name Grunt
Processor Ryzen 5800x
Motherboard Gigabyte x570 Gaming X
Cooling Noctua NH-U12A
Memory Corsair LPX 3600 4x8GB
Video Card(s) Gigabyte 6800 XT (reference)
Storage Samsung 980 Pro 2TB
Display(s) Samsung CFG70, Samsung NU8000 TV
Case Corsair C70
Power Supply Corsair HX750
Software Win 10 Pro
Just because something is free doesn't mean you don't have to credit the authors or provide others with access to the code. There are so many pieces of IP under these kinds of licenses. They only provide it for free so that it can be used perpetually to help others.

BSD is one of the most liberal around. All you have to do is give credit. You can do what you want with the software, free or commercial.

This isn't that different than Sony using a modified FreeBSD in their PS4's.
 
Joined
Mar 14, 2014
Messages
1,427 (0.36/day)
Processor 11900K
Motherboard ASRock Z590 OC Formula
Cooling Noctua NH-D15 using 2x140mm 3000RPM industrial Noctuas
Memory G. Skill Trident Z 2x16GB 3600MHz
Video Card(s) eVGA RTX 3090 FTW3
Storage 2TB Crucial P5 Plus
Display(s) 1st: LG GR83Q-B 1440p 27in 240Hz / 2nd: Lenovo y27g 1080p 27in 144Hz
Case Lian Li Lancool MESH II RGB (I removed the RGB)
Audio Device(s) AKG Q701's w/ O2+ODAC (Sounds a little bright)
Power Supply Seasonic Prime 850 TX
Mouse Glorious Model D
Keyboard Glorious MMK2 65% Lynx MX switches
Software Win10 Pro
Just because something is free doesn't mean you don't have to credit the authors or provide others with access to the code. There are so many pieces of IP under these kinds of licenses. They only provide it for free so that it can be used perpetually to help others.
Just because Joe decided to share something for free and unlicensed, then Bob makes it better for their own specific products does not mean that Bob has to then share w/e they created. It is Bob's and no one else.
 
Joined
Jul 5, 2013
Messages
28,208 (6.74/day)
Just because Joe decided to share something for free and unlicensed, then Bob makes it better for their own specific products does not mean that Bob has to then share w/e they created. It is Bob's and no one else.
That depends very greatly on the license.
 
Top