[Cryptography] Intel Management Engine pwnd (was: How to find hidden/undocumented instructions
ryacko at gmail.com
Wed Nov 22 21:45:24 EST 2017
On Wed, Nov 22, 2017 at 6:37 PM, Jerry Leichter <leichter at lrw.com> wrote:
> > There is no logical reason why most of the Intel management engine is
> implemented in software.
> > It should be a coprocessor with most components implemented in hardware.
> Why would you expect a hardware implementation to be more secure?
> The problem is that the management engine has very complex functionality,
> including a complex interface. We don't have ways to ensure the security
> of systems with that level of complexity - no matter how it happens to be
> In fact it's unlikely a system that complex *could* be implemented
> directly in hardware for any reasonable price, if at all. That's why
> microcode was invented. And ... there's tons of it in any x86
> implementation. Is that hardware or software? Is that distinction even
> -- Jerry
You are right, and Joanna Rutkowska is wrong. I guess stateless isn't what
it is cracked up to be.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography