From ME
Jump to: navigation, search

What is ME?

Intel Management Engine (ME) is the firmware implementing Intel's Active Management Technology (AMT).

ME is a firmware blob running inside a special ARC core located inside the Intel Memory Controller Hub (MCH). It runs completely out-of-band with the main CPU, and is entirely transparent to the operating system. The purpose of AMT is to provide a way to manage machines remotely, similar, but more powerful than IPMI. To achieve this task, it is capable of accessing any memory region, while the main CPU needs not be aware, and cannot be aware of ME's existence.

While AMT can be a great value-add, it has several troubling disadvantages. ME is classified by security researchers as "Ring -3". Although ME is cryptographically protected, researchers have been able to exploit weaknesses in the ME firmware and take partial control of the ME. This makes ME a huge security loophole, and it has been classified a very powerful rootkit mechanism, even more potent than SMM rootkits.

So what's the fuss? Just disable it

ME cannot be disabled. Intel systems without ME, or corrupted ME will either refuse to boot, or will shutdown shortly after. There is no way for the CPU firmware or operating system to disable ME. Intel keeps all details about ME absolutely secret. This means there is absolutely no way to tell if the ME on a system has been compromised, and no way to "heal" a compromised ME. There is also no way to know if malicious entities have been able to compromise ME and infect systems. A large portion of ME's security model is classified as "security through obscurity", which researchers view as the worst type of security. If ME's secrets are compromised (and they will eventually be compromised by either researchers or malicious entities), then the entire ME security model will crumple, exposing every recent Intel system to the worst rootkits possible.

What do you plan to do about it

Our goal is to implement a completely libre software replacement for ME. When the implementation of such a security-critical component is available for scrutiny, it will be peer-reviewed and audited by persons around the world. This generally results in stronger security. Our goal is not to replace Intel's ME, but to provide a libre alternative for users who chose to use it.

How do you envision this will work?

The libre ME replacement will only be installable by users who choose to do so. Our goal is to make our ME replacement compatible with the coreboot firmware, such that only users who choose to use coreboot will be able to use our ME. We do not plan to make our ME a generic replacement for any BIOS/EFI, and have no interest in seeing if it will work with anything other than coreboot. Coreboot users will still be able to choose to use Intel's ME. This makes the decision to replace the ME, an entirely conscious decision on the part of the user.