[Cryptography] What is Intel® Core™ vPro™ Technology Animation

Jerry Leichter leichter at lrw.com
Sun Sep 22 17:23:08 EDT 2013

On Sep 21, 2013, at 10:05 PM, d.nix wrote:
> Hah hah hah. Uh, reading between the lines, color me *skeptical* that
> this is really what it claims to be, given the current understanding
> of things...
> http://www.intel.com/content/www/us/en/enterprise-security/what-is-vpro-technology-video.html
The question isn't whether it's what it claims to be.  It is that.  But is it's *more* than it claims to be.

There are a whole bunch of things in recent Intel chips to provide manageability and security.  And there are cases where this is very valuable and necessary - e.g., if you have a large cluster or processors, it's good to be able to remotely configure them no matter what state they are in.  There are many similar examples.  If it's *your* hardware, *your* ability to control it, in detail, is a good thing.  (Yes, if you've been lent the hardware by your employer, it's the *employer* who's the owner, not you, and it's the *employer* who can do what he likes.  This has always been the case to a large degree.  If it makes you uncomfortable - buy your own machine, don't use your work machine for non-work things.)

The *theory* is that the owner can enable or disable these features, and has the keys to access them if enabled.  What we don't know is whether anyone else has a back-door key.  The phrase I always use to describe such situations is "if there's a mode, there's a failure mode".  Such technology could have been present in previous generations of chips, completely invisibly - but it would have required significant effort on Intel's part with no real payback.  But once Intel is adding this stuff anyway ... well, it's only a small effort to provide a special additional back door access.

                                                        -- Jerry

More information about the cryptography mailing list