[Cryptography] Intel Management Engine pwnd (was: How to find hidden/undocumented instructions

Ryan Carboni ryacko at gmail.com
Wed Nov 22 21:45:24 EST 2017

On Wed, Nov 22, 2017 at 6:37 PM, Jerry Leichter <leichter at lrw.com> wrote:

> > There is no logical reason why most of the Intel management engine is
> implemented in software.
> > It should be a coprocessor with most components implemented in hardware.
> Why would you expect a hardware implementation to be more secure?
> The problem is that the management engine has very complex functionality,
> including a complex interface.  We don't have ways to ensure the security
> of systems with that level of complexity - no matter how it happens to be
> implemented.
> In fact it's unlikely a system that complex *could* be implemented
> directly in hardware for any reasonable price, if at all.  That's why
> microcode was invented.  And ... there's tons of it in any x86
> implementation.  Is that hardware or software?  Is that distinction even
> meaningful?
>                                                         -- Jerry

You are right, and Joanna Rutkowska is wrong. I guess stateless isn't what
it is cracked up to be.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171122/eb878aa5/attachment.html>

More information about the cryptography mailing list