[Cryptography] Intel Management Engine pwnd (was: How to find hidden/undocumented instructions

Jerry Leichter leichter at lrw.com
Wed Nov 22 21:37:43 EST 2017

> There is no logical reason why most of the Intel management engine is implemented in software.
> It should be a coprocessor with most components implemented in hardware.
Why would you expect a hardware implementation to be more secure?

The problem is that the management engine has very complex functionality, including a complex interface.  We don't have ways to ensure the security of systems with that level of complexity - no matter how it happens to be implemented.

In fact it's unlikely a system that complex *could* be implemented directly in hardware for any reasonable price, if at all.  That's why microcode was invented.  And ... there's tons of it in any x86 implementation.  Is that hardware or software?  Is that distinction even meaningful?
                                                        -- Jerry

More information about the cryptography mailing list