[Cryptography] Intel Management Engine pwnd (was: How to find hidden/undocumented instructions
Ryan Carboni
ryacko at gmail.com
Wed Nov 22 21:45:24 EST 2017
On Wed, Nov 22, 2017 at 6:37 PM, Jerry Leichter <leichter at lrw.com> wrote:
> > There is no logical reason why most of the Intel management engine is
> implemented in software.
> > It should be a coprocessor with most components implemented in hardware.
> Why would you expect a hardware implementation to be more secure?
>
> The problem is that the management engine has very complex functionality,
> including a complex interface. We don't have ways to ensure the security
> of systems with that level of complexity - no matter how it happens to be
> implemented.
>
> In fact it's unlikely a system that complex *could* be implemented
> directly in hardware for any reasonable price, if at all. That's why
> microcode was invented. And ... there's tons of it in any x86
> implementation. Is that hardware or software? Is that distinction even
> meaningful?
> -- Jerry
>
>
>
You are right, and Joanna Rutkowska is wrong. I guess stateless isn't what
it is cracked up to be.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171122/eb878aa5/attachment.html>
More information about the cryptography
mailing list