Intel's Active Management Technology (AMT) / Management Engine (ME) and AMD's Secure Technology / Platform Security Processor (PSP) both present a massive threat to computer security and user privacy. These highly controversial technologies have been integrated into nearly every processor produced by Intel since 2008 and by AMD since 2013 and they are difficult or impossible to disable. These chips-within-chips run their own operating system and Intel's AMT/ME apparently has access to all of the hardware in the chain above it, including storage, cameras and microphones, and can access, and be accessed from, the network. Furthermore, the Intel AMT subsystem remains powered on even when the machine is "off". It seems less is known about AMD's Secure Technology / PSP.
Microsoft, which acquired the source code repository GitHub in 2018 for $7.5 billion, is attempting to spread its satanic filth beyond what Intel and AMD have done with the introduction of Pluton, an alleged hardware and software security solution integrated into Intel and AMD CPUs. At least some personal computers which have Pluton integrated will not boot any operating system other than Microsoft Windows.
Linux Users Beware !! Microsoft Gaining More Control Of Your Hardware
In the video below, 'GEOSHIFTER' provides the port numbers he believes are used by the Intel AMT/ME system. While one can block these ports in their router, there is no guarantee that doing so will be effective, especially if the router also uses an Intel chipset. In my case i use a Linksys WRT 1900 ACS router which does not use an Intel or AMD processor and which has plenty of horsepower to handle VPN encryption. The stock firmware was replaced with OpenWRT, however the better option would be to buy a router from a company like Turris or Vikings since they sell routers without proprietary firmware.
Video: Intel/AMD - What is really inside? No more privacy?
Firmware - Infogalactic: the planetary knowledge core
Mark Shuttleworth, founder of the Ubuntu Linux distribution, has described proprietary firmware as a security risk, saying that "firmware on your device is the NSA's best friend" and calling firmware "a trojan horse of monumental proportions". He has asserted that low-quality, nonfree firmware is a major threat to system security: "Your biggest mistake is to assume that the NSA is the only institution abusing this position of trust – in fact, it's reasonable to assume that all firmware is a cesspool of insecurity, courtesy of incompetence of the highest degree from manufacturers, and competence of the highest degree from a very wide range of such agencies". As a potential solution to this problem, he has called for declarative firmware, which would describe "hardware linkage and dependencies" and "should not include executable code".
Libreboot – Frequently Asked Questions
Introduced in June 2006 in Intel's 965 Express Chipset Family of (Graphics and) Memory Controller Hubs, or (G)MCHs, and the ICH8 I/O Controller Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip. In Q3 2009, the first generation of Intel Core i3/i5/i7 (Nehalem) CPUs and the 5 Series Chipset family of Platform Controller Hubs, or PCHs, brought a more tightly integrated ME (now at version 6.0) inside the PCH chip, which itself replaced the ICH. Thus, the ME is present on all Intel desktop, mobile (laptop), and server systems since mid 2006.
The ME consists of an ARC processor core (replaced with other processor cores in later generations of the ME), code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through an Intel Gigabit Ethernet Controller. Its boot program, stored on the internal ROM, loads a firmware "manifest" from the PC's SPI flash chip. This manifest is signed with a strong cryptographic key, which differs between versions of the ME firmware. If the manifest isn't signed by a specific Intel key, the boot ROM won't load and execute the firmware and the ME processor core will be halted.
The ME firmware is compressed and consists of modules that are listed in the manifest along with secure cryptographic hashes of their contents. One module is the operating system kernel, which is based on a proprietary real-time operating system (RTOS) kernel called "ThreadX". The developer, Express Logic, sells licenses and source code for ThreadX. Customers such as Intel are forbidden from disclosing or sublicensing the ThreadX source code. Another module is the Dynamic Application Loader (DAL), which consists of a Java virtual machine and set of preinstalled Java classes for cryptography, secure storage, etc. The DAL module can load and execute additional ME modules from the PC's HDD or SSD. The ME firmware also includes a number of native application modules within its flash memory space, including Intel Active Management Technology (AMT), an implementation of a Trusted Platform Module (TPM), Intel Boot Guard, and audio and video DRM systems.
The Active Management Technology (AMT) application, part of the Intel "vPro" brand, is a Web server and application code that enables remote users to power on, power off, view information about, and otherwise manage the PC. It can be used remotely even while the PC is powered off (via Wake-on-Lan). Traffic is encrypted using SSL/TLS libraries, but recall that all of the major SSL/TLS implementations have had highly publicized vulnerabilities. The AMT application itself has known vulnerabilities, which have been exploited to develop rootkits and keyloggers and covertly gain encrypted access to the management features of a PC. Remember that the ME has full access to the PC's RAM. This means that an attacker exploiting any of these vulnerabilities may gain access to everything on the PC as it runs: all open files, all running applications, all keys pressed, and more.
Intel Boot Guard is an ME application introduced in Q2 2013 with ME firmware version 9.0 on 4th Generation Intel Core i3/i5/i7 (Haswell) CPUs. It allows a PC OEM to generate an asymmetric cryptographic keypair, install the public key in the CPU, and prevent the CPU from executing boot firmware that isn't signed with their private key. This means that coreboot and libreboot are impossible to port to such PCs, without the OEM's private signing key. Note that systems assembled from separately purchased mainboard and CPU parts are unaffected, since the vendor of the mainboard (on which the boot firmware is stored) can't possibly affect the public key stored on the CPU.
ME firmware versions 4.0 and later (Intel 4 Series and later chipsets) include an ME application for audio and video DRM called "Protected Audio Video Path" (PAVP). The ME receives from the host operating system an encrypted media stream and encrypted key, decrypts the key, and sends the encrypted media decrypted key to the GPU, which then decrypts the media. PAVP is also used by another ME application to draw an authentication PIN pad directly onto the screen. In this usage, the PAVP application directly controls the graphics that appear on the PC's screen in a way that the host OS cannot detect. ME firmware version 7.0 on PCHs with 2nd Generation Intel Core i3/i5/i7 (Sandy Bridge) CPUs replaces PAVP with a similar DRM application called "Intel Insider". Like the AMT application, these DRM applications, which in themselves are defective by design, demonstrate the omnipotent capabilities of the ME: this hardware and its proprietary firmware can access and control everything that is in RAM and even everything that is shown on the screen.
The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that can't be ignored.
Libreboot – Frequently Asked Questions
AMD Platform Security Processor (PSP)
This is basically AMD’s own version of the Intel Management Engine. It has all of the same basic security and freedom issues, although the implementation is wildly different.
The Platform Security Processor (PSP) is built in on the AMD CPUs whose architecture is Late Family 16h (Puma), Zen 17h or later (and also on the AMD GPUs which are GCN 5th gen (Vega) or later). On the CPUs, a PSP controls the main x86 core startup. PSP firmware is cryptographically signed with a strong key similar to the Intel ME. If the PSP firmware is not present, or if the AMD signing key is not present, the x86 cores will not be released from reset, rendering the system inoperable.
The PSP is an ARM core with TrustZone technology, built onto the main CPU die. As such, it has the ability to hide its own program code, scratch RAM, and any data it may have taken and stored from the lesser-privileged x86 system RAM (kernel encryption keys, login data, browsing history, keystrokes, who knows!). To make matters worse, the PSP theoretically has access to the entire system memory space (AMD either will not or cannot deny this, and it would seem to be required to allow the DRM “features” to work as intended), which means that it has at minimum MMIO-based access to the network controllers and any other PCI/PCIe peripherals installed on the system.
In theory any malicious entity with access to the AMD signing key would be able to install persistent malware that could not be eradicated without an external flasher and a known good PSP image. Furthermore, multiple security vulnerabilities have been demonstrated in AMD firmware in the past, and there is every reason to assume one or more zero day vulnerabilities are lurking in the PSP firmware. Given the extreme privilege level (ring -2 or ring -3) of the PSP, said vulnerabilities would have the ability to remotely monitor and control any PSP enabled machine completely outside of the user’s knowledge.
Much like with the Intel Boot Guard (an application of the Intel Management Engine), AMD’s PSP can also act as a tyrant by checking signatures on any boot firmware that you flash, making replacement boot firmware (e.g. libreboot, coreboot) impossible on some boards. Early anecdotal reports indicate that AMD’s boot guard counterpart will be used on most OEM hardware, disabled only on so-called “enthusiast” CPUs.
Libreboot – Frequently Asked Questions
Intel is only going to get worse when it comes to user freedom. Libreboot has no support recent Intel platforms, precisely because of the problems described above. The only way to solve this is to get Intel to change their policies and to be more friendly to the free software community. Reverse engineering won’t solve anything long-term, unfortunately, but we need to keep doing it anyway. Moving forward, Intel hardware is a non-option unless a radical change happens within Intel.
Basically, all Intel hardware from year 2010 and beyond will never be supported by libreboot. The libreboot project is actively ignoring all modern Intel hardware at this point, and focusing on alternative platforms.
Why is the latest AMD hardware unsupported in libreboot?
It is extremely unlikely that any modern AMD hardware will ever be supported in libreboot, due to severe security and freedom issues; so severe, that the libreboot project recommends avoiding all modern AMD hardware. If you have an AMD based system affected by the problems described below, then you should get rid of it as soon as possible.
NSA May Have Backdoors Built Into Intel And AMD Processors | eTeknix
In an interesting story covered by the Australian Financial Review it is revealed that experts think the NSA has hardware level backdoors built into Intel and AMD processors. Steve Blank, recognised as one of Silicon Valleys leading experts, says that he would be extremely surprised if the American NSA does not have backdoors built into Intel and AMD chips. His reason is that the NSA finds "hacking" through backdoors significantly more simple than trying to crack encryption. For example trying to crack AES 256 bit encryption would require the power of 10 million suns to crack at the current TDP of processors. Steve Blank therefore claims that because cracking encryption is so infeasible the NSA uses hardware level backdoors instead. Steve Blank said that these suspicions arose when he saw the NSA could access Microsoft emails in their pre-encryption state and so he knew there was another way in.
Edit: Jonathan Brossard personally got into contact with us to inform us that such statements made by the AFR about his opinions and research were indeed misleading and not factually accurate at all. Jonathan Brossard claims that if you read his whitepaper from the Black Hat 2012 conference, which can be found here, it will give a totally different understanding of what he was actually saying as opposed to what the AFR interpreted him as saying. We would like to apologise for passing information onto you from the AFR that was factually inaccurate. Jonathan Brossard stated that:
"The CPU microcode update mechanism is a documented feature which helps Intel and AMD fix CPU bugs. Even if this would be an interesting attack vector, you must break strong asymmetric cryptography before you get to push microcode updates to a CPU. The article from the Australian Financial Review is misleading, and doesn't bring the slightest proof that Intel or AMD are sharing those cryptographic keys with [the] NSA. I do not personally think [the] NSA is backdooring Intel (or AMDs) CPUs."
The claim that the Intel or AMD subsystems are a "feature which helps Intel and AMD fix CPU bugs" is utter nonsense, at best, since these "features" have introduced numerous critical vulnerabilities. Furthermore, if there was any truth to this claim, these systems would not be banned in areas of defense.
Security hole in AMD CPUs' hidden secure processor code revealed ahead of patches • The Register
Cfir Cohen, a security researcher from Google's cloud security team, on Wednesday disclosed a vulnerability in the fTMP of AMD's Platform Security Processor (PSP), which resides on its 64-bit x86 processors and provides administrative functions similar to the Management Engine in Intel chipsets.
What is AMD PSP and How Does it Work in Your Processor | ITIGIC
Essentially, AMD PSP is a processor-embedded secure runtime environment subsystem. He is responsible for creating, monitoring, and maintaining the security environment, and his duties include managing the PC boot sequence, initiating security-related mechanisms, and monitoring the system for any suspicious activity or events, implementing an appropriate response to same.
This small processor within the processor has its own ROM and SRAM memory isolated from the rest of the system to avoid any type of attack or leak to the information contained in it. In addition, according to AMD it has an integrated co-processor to encrypt the data under algorithms of all kinds (you have them listed in the image above).
Does this prevent all vulnerabilities?
Definitely not. In fact, in September 2017 a Google security analyst reported a vulnerability in the AMD PSP system itself whereby an attacker could gain access to passwords, certificates and other sensitive system information using AMD’s own security system. The good part is that AMD quickly fixed this problem with a mere firmware update.
In March 2018, AMD’s Zen architecture (used in Ryzen, EPYC, Ryzen Pro and Ryzen Mobile processors) was questioned by an Israeli security company, who claimed that they had managed to “sneak” malware into the AMD system itself. PSP, something that was again fixed by AMD via a firmware update.
Intel chips could let US spies inside: expert
One of Silicon Valley's most respected technology experts, Steve Blank, says he would be "surprised" if the US National Security Agency was not embedding "back doors" inside chips produced by Intel and AMD, two of the world's largest semiconductor firms, giving them the possibility to access and control machines.
The claims come after The Australian Financial Review revealed that computers made by Chinese firm Lenovo are banned from the "secret" and "top secret" networks of the intelligence and defence services of Australia, the US, Britain, Canada and New Zealand because of concerns they are vulnerable to being hacked.
Internationally renowned security research engineer Jonathan Brossard, who unveiled what Forbes described as an "undetectable and incurable" permanent back door at last year's prestigious Black Hat conference, told the Financial Review that he had independently concluded that CPU back doors are "attractive attack vectors".
Millions of AMD PCs affected by new CPU driver flaw need to be patched ASAP | TechSpot
After finding several security flaws in Intel's System Guard Extensions (SGX), security researchers have now revealed a flaw in AMD's Platform Security Processor (PSP) chipset driver that makes it easy for attackers to seal sensitive data from Ryzen-powered systems.
Meet the Microsoft Pluton processor – The security chip designed for the future of Windows PCs - Microsoft Security Blog
Today, Microsoft alongside our biggest silicon partners are announcing a new vision for Windows security to help ensure our customers are protected today and in the future. In collaboration with leading silicon partners AMD, Intel, and Qualcomm Technologies, Inc., we are announcing the Microsoft Pluton security processor. This chip-to-cloud security technology, pioneered in Xbox and Azure Sphere, will bring even more security advancements to future Windows PCs and signals the beginning of a journey with ecosystem and OEM partners.
Our vision for the future of Windows PCs is security at the very core, built into the CPU, where hardware and software are tightly integrated in a unified approach designed to eliminate entire vectors of attack.
Lenovo shipping new laptops that only boot Windows by default
I finally managed to get hold of a Thinkpad Z13 to examine a functional implementation of Microsoft's Pluton security co-processor. Trying to boot Linux from a USB stick failed out of the box for no obvious reason, but after further examination the cause became clear - the firmware defaults to not trusting bootloaders or drivers signed with the Microsoft 3rd Party UEFI CA key. This means that given the default firmware configuration, nothing other than Windows will boot. It also means that you won't be able to boot from any third-party external peripherals that are plugged in via Thunderbolt.
There's no security benefit to this. If you want security here you're paying attention to the values measured into the TPM, and thanks to Microsoft's own specification for measurements made into PCR 7, switching from booting Windows to booting something signed with the 3rd party signing key will change the measurements and invalidate any sealed secrets. It's trivial to detect this. Distrusting the 3rd party CA by default doesn't improve security, it just makes it harder for users to boot alternative operating systems.
Lenovo, this isn't OK. The entire architecture of UEFI secure boot is that it allows for security without compromising user choice of OS. Restricting boot to Windows by default provides no security benefit but makes it harder for people to run the OS they want to. Please fix it.
'kevinkofler.wordpress.com' left the following comment on the article:
This is exactly what we opponents of the so-called "Secure Boot" have been warning against all this time. Restricted Boot is by design not a security technology, it is a vendor lock-in technology (as also evidenced by the need to get your bootloader signed by Microsoft in the first place, and then they sign it with a different key from their own so that vendors can do exactly what Lenovo is now doing). Your (your and some other GNU/Linux developers') pro-"Secure Boot" attitude is what has lead to this.
In addition to the previously mentioned Turris and Vikings companies, there are other products available can mitigate the security and privacy nightmare of Intel's AMT/ME, AMD's Secure Technology / PSP and Microsoft's Pluton, including certain devices sold by PINE64, System76, SiFive and Raptor Computing Systems. If you know of more, please leave a comment.
Further reading:
- All you ever wanted to know about the AMD Platform Security Processor and were afraid to emulate
- AMD's Secure Processor Firmware Is Now Explorable Thanks to New Tool - ExtremeTech
- coreboot
- Free Yourself from Microsoft and the NSA
- Lenovo's Latest ThinkPad Only Boots Windows By Default - OMG! Linux
- Libreboot
- Meet the Microsoft Pluton processor – The security chip designed for the future of Windows PCs - Microsoft Security Blog
- Oops! Microsoft Accidentally Leaks Backdoor Keys to Bypass UEFI Secure Boot
- The Fight for a Secure Linux BIOS
- UEFI... The Microsoft Kill Switch
I use a dd-wrt router with no Intel chipset and have updated it with your recommendations. I’m wondering though: If the system uses an always-on VPN, does this mitigate risk of these chipsets or in your opinion does that make no difference? I ask because I occasionally have to use my devices on alternate routers that I don’t control.
good question, i don’t know the answer but i would strongly suspect that using a VPN would not mitigate the risk – i use one myself but still blocked the ports, not that blocking ports guarantees anything since i no one seems to have a concrete idea as to what ports are used
Those IME’s should *at least* be around since motherboards use the ATX format (with AT one physically cut power).
Maybe it’s not such a bad idea to read-out the firmware from some old board(s), hoping for a less strong encryption/key – hey, maybe some math’s being used that has an inherent flaw/backdoor!? Like unsoldering a prom/flash or reading it out in place with some hacked together hardware and disassembling it…
At least that would answer how it was “back then” – definitely and maybe provide a chuckle if there’s a backdoor-boomerang to be found….