[Cryptography] Intel Management Engine pwnd
Jerry Leichter
leichter at lrw.com
Fri Nov 24 21:54:12 EST 2017
> According to geeks who worked on the product, there are several such
> switches in the CPU and chipset. The missing bit is a DOCUMENTED off
> or disconnect switch that actually works. Why Intel refuses to do
> this is a mystery to me -- and as Frank Zappa presciently suggested,
> when you can't figure out why somebody would do something, the answer
> is probably MONEY. Which would indicate that Intel have probably been
> paid off by somebody (NSA, the Chinese government, ???) to force a
> covert backdoor on every user of their products....
Reports from those who've hacked at this are that some parts can't be turned off or the system just doesn't work. (You can get the chips to boot, but they shut down within half an hour.)
Whether influence was applied to get the chips into this state, who can say; but the switch that *is* there - which turns *most* of the stuff off - was apparently added for our friends at NSA.
The problem with this kind of setup is that once the capability to include complex algorithms in the infrastructure of the chip is there, people will use it. Modern Intel chips have some very sophisticated power management algorithms. Turning those algorithms off would require running the chips at well below their rated capacities or they can overheat. So whatever may have started Intel down the path of making some of this stuff mandatory ... by now, the requirement is embedded deep in the designs.
-- Jerry
More information about the cryptography
mailing list