MINIX — The most popular OS in the world, thanks to Intel | Network World

https://www.networkworld.com/article/3236064/servers/minix-the-most-popular-os-in-the-world-thanks-to-intel.html

I did not know this earlier (I knew about another OS inside but did not know which it was):

You might not know it, but inside your Intel system, you have an operating system running in addition to your main OS, MINIX. And it’s raising eyebrows and concerns.

9 Comments

  1. Tomi Engdahl says:

    MINIX: Intel’s Hidden In-chip Operating System
    https://tech.slashdot.org/story/17/11/07/1041236/minix-intels-hidden-in-chip-operating-system?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29

    At a presentation at Embedded Linux Conference Europe, Ronald Minnich, a Google software engineer reported that systems using Intel chips that have AMT, are running MINIX. So, what’s it doing in Intel chips? A lot. These processors are running a closed-source variation of the open-source MINIX 3. We don’t know exactly what version or how it’s been modified since we don’t have the source code.

    MINIX: ​Intel’s hidden in-chip operating system
    http://www.zdnet.com/article/minix-intels-hidden-in-chip-operating-system/

    Buried deep inside your computer’s Intel chip is the MINIX operating system and a software stack, which includes networking and a web server. It’s slow, hard to get at, and insecure as insecure can be.

    Maybe you’re not paranoid. Maybe they are out to get you. Ronald Minnich, a Google software engineer, who discovered a hidden MINIX operating system inside “kind of a billion machines” using Intel processors, might agree with this.

    Why? Let’s start with what.

    “Intel chipsets for some years have included a Management Engine [ME], a small microprocessor that runs independently of the main CPU and operating system. Various pieces of software run on the ME, ranging from code to handle media DRM to an implementation of a TPM. AMT [Active Management Technology] is another piece of software running on the ME.”

    In May, we found out that AMT had a major security flaw, which had been in there for nine — count ‘em — nine years.

    “Fixing this requires a system firmware update in order to provide new ME firmware (including an updated copy of the AMT code),” Garrett wrote. “Many of the affected machines are no longer receiving firmware updates from their manufacturers, and so will probably never get a fix,” he said. “Anyone who ever enables AMT on one of these devices will be vulnerable.”

    Quick! How many of you patched your PC or server’s chip firmware? Right.

    The Electronic Frontier Foundation (EFF) has called for Intel to provide a way for users to disable ME.

    But Minnich found that what’s going on within the chip is even more troubling. At a presentation at Embedded Linux Conference Europe, he reported that systems using Intel chips that have AMT, are running MINIX.

    If you learned about operating systems in the late ’80s and early ’90s, you knew MINIX as Andrew S Tanenbaum’s educational Unix-like operating system. It was used to teach operating system principles. Today, it’s best known as the OS that inspired Linus Torvalds to create Linux.

    So, what’s it doing in Intel chips? A lot. These processors are running a closed-source variation of the open-source MINIX 3.

    We do know that with it there:

    Neither Linux nor any other operating system have final control of the x86 platform
    Between the operating system and the hardware are at least 2 ½ OS kernels (MINIX and UEFI)
    These are proprietary and (perhaps not surprisingly) exploit-friendly
    And the exploits can persist, i.e. be written to FLASH, and you can’t fix that

    In addition, thanks to Minnich and his fellow researchers’ work, MINIX is running on three separate x86 cores on modern chips. There, it’s running:

    TCP/IP networking stacks (4 and 6)
    File systems
    Drivers (disk, net, USB, mouse)
    Web servers

    MINIX also has access to your passwords. It can also reimage your computer’s firmware even if it’s powered off. Let me repeat that. If your computer is “off” but still plugged in, MINIX can still potentially change your computer’s fundamental settings.

    How? MINIX can do all this because it runs at a fundamentally lower level.

    x86-based computers run their software at different privilege levels or “rings”. Your programs run at ring three, and they have the least access to the hardware. The lower the number your program runs at, the more access they have to the hardware. Rings two and one don’t tend to be used. Operating systems run on ring zero. Bare-metal hypervisors, such as Xen, run on ring -1. Unified Extensible Firmware Interface (UEFI) runs on ring -2. MINIX? It runs on ring -3.

    You can’t see it. You can’t control it. It’s just humming away there, running your computer. The result, according to Minnich is “there are big giant holes that people can drive exploits through.” He continued, “Are you scared yet? If you’re not scared yet, maybe I didn’t explain it very well, because I sure am scared.”

    What’s the solution? Well, it’s not “Switch to AMD chips”. Once, AMD chips didn’t have this kind of mystery code hidden inside it, but even the latest Ryzen processors are not totally open. They include the AMD platform security process and that’s also a mysterious black box.

    Reply
  2. Tomi Engdahl says:

    Intel’s super-secret Management Engine firmware now glimpsed, fingered via USB
    As creator of OS on the chips calls out Chipzilla
    https://www.theregister.co.uk/2017/11/09/chipzilla_come_closer_closer_listen_dump_ime/

    Positive Technologies, which in September said it has a way to drill into Intel’s secretive Management Engine technology buried deep in its chipsets, has dropped more details on how it pulled off the infiltration.

    The biz has already promised to demonstrate a so-called God-mode hack this December, saying they’ve found a way for “an attacker of the machine to run unsigned code in the Platform Controller Hub on any motherboard.”

    For those who don’t know, for various processor chipset lines, Intel’s Management Engine sits inside the Platform Controller Hub, and acts as a computer within your computer. It runs its own OS, on its own CPU, and allows sysadmins to remotely control, configure and wipe machines over a network. This is useful when you’re managing large numbers of computers\, especially when an endpoint’s operating system breaks down and the thing won’t even boot properly.

    Getting into and hijacking the Management Engine means you can take full control of a box, underneath and out of sight of whatever OS, hypervisor or antivirus is installed. This powerful God-mode technology is barely documented and supposedly locked down to prevent miscreants from hijacking and exploiting the engine to silently spy on users or steal corporate data. Positive says it’s found a way to commandeer the Management Engine, which is bad news for organizations with the technology deployed.

    For some details, we’ll have to wait, but what’s known now is bad enough: Positive has confirmed that recent revisions of Intel’s Management Engine (IME) feature Joint Test Action Group (JTAG) debugging ports that can be reached over USB.

    With knowledge of the firmware internals, security vulnerabilities can be found and potentially remotely exploited ta a later date.

    Reply
  3. Tomi Engdahl says:

    Google Working To Remove MINIX-Based ME From Intel Platforms
    https://linux.slashdot.org/story/17/11/09/2121237/google-working-to-remove-minix-based-me-from-intel-platforms

    Intel’s Management Engine (ME) technology is built into almost all modern Intel CPUs. At the Embedded Linux Conference, a Google engineer named Ronald Minnich revealed that the ME is actually running its own entire MINIX OS and that Google is working on removing it. Due to MINIX’s presence on every Intel system, the barebones Unix-like OS is the most widely deployed operating system in the world. Intel’s ME technology is a hardware-level system within Intel CPUs that consists of closed-source firmware running on a dedicated microprocessor. There isn’t much public knowledge of the workings of the ME, especially in its current state. It’s not even clear where the hardware is physically located anymore.

    Google Working To Remove MINIX-Based ME From Intel Platforms
    http://www.tomshardware.com/news/google-removing-minix-management-engine-intel,35876.html

    Intel’s Management Engine (ME) technology is built into almost all modern Intel CPUs. At the Embedded Linux Conference, a Google engineer named Ronald Minnich revealed that the ME is actually running its own entire MINIX OS and that Google is working on removing it. Due to MINIX’s presence on every Intel system, the barebones Unix-like OS is the most widely deployed operating system in the world.

    Intel’s ME technology is a hardware-level system within Intel CPUs that consists of closed-source firmware running on a dedicated microprocessor. There isn’t much public knowledge of the workings of the ME, especially in its current state. It’s not even clear where the hardware is physically located anymore. At its inception in 2006, the ME was reportedly located on the MCH (northbridge), but when that became integrated into the CPU beginning with Nehalem, ME was moved to the PCH (current-day “southbridge”).

    Where the ME’s code is stored also isn’t clear. Intel has said that it, at least at one point, was loaded into system DDR RAM. The ME has access to many, if not all, of the platform’s integrated devices, such as Intel network controllers. It can also access the main system RAM (the DDR RAM) through DMA. Much has changed in Intel’s platform since some of this was reported, however, so the state of ME now isn’t well understood. Intel, of course, keeps many of the details veiled in secrecy for security purposes.

    Reply
  4. Tomi Engdahl says:

    Check also this related posting:

    Intel AMT Firmware Vulnerability CVE-2017-5689
    http://www.epanorama.net/newepa/2017/05/06/intel-amt-firmware-vulnerability-cve-2017-5689/

    Reply
  5. Tomi Engdahl says:

    Experts can hack most CPUs since 2008 over USB by triggering Intel Management Engine flaw
    http://securityaffairs.co/wordpress/65327/hacking/intel-management-engine-flaw-hack.html

    Intel’s management engine – in most Positive Technologies plans to demonstrate at the next Black Hat conference how to hack over USB into Intel Management Engine of most CPUs since 2008.

    Experts from Positive Technologies that in September announced to have devised a technique a to attack the Intel Management Engine, now provided more details about it and plan to demonstrate the God-mode hack in December 2017.

    Reply
  6. Tomi Engdahl says:

    (Nearly) All Your Computers Run MINIX
    https://hackaday.com/2017/11/11/nearly-all-your-computers-run-minix/

    Are you reading this on a machine running a GNU/Linux distribution? A Windows machine? Or perhaps an Apple OS? It doesn’t really matter, because your computer is probably running MINIX anyway.

    the onboard functions. Intel processors have had one for years, it’s called the Management Engine, or ME, and it has its own firmware baked into the chip. It is this firmware, that according to a discovery by [Ronald Minnich], contains a copy of the MINIX operating system.

    Reply
  7. Tomi Engdahl says:

    MINIX: ​Intel’s hidden in-chip operating system
    http://www.zdnet.com/article/minix-intels-hidden-in-chip-operating-system/

    Buried deep inside your computer’s Intel chip is the MINIX operating system and a software stack, which includes networking and a web server. It’s slow, hard to get at, and insecure as insecure can be.

    Reply
  8. Tomi Engdahl says:

    Well, crap. It might have finally happened. [Maxim Goryachy] and [Mark Ermolov] have obtained fully functional JTAG for Intel CSME via USB DCI. What the hell does that mean? It means you can plug something into the USB port of a computer, and run code on the Intel Management Engine (for certain Intel processors, caveats apply, but still…). This is doom. The Intel ME runs below the operating system and has access to everything in your computer. If this is real — right now we only have a screenshot — computer security is screwed, but as far as anyone can tell, me_cleaner fixes the problem. Also, Intel annoyed [Andy Tanenbaum].

    Source: https://hackaday.com/2017/11/12/hackaday-links-supercon-sunday/

    More:
    Tool for partial deblobbing of Intel ME/TXE firmware images
    https://github.com/corna/me_cleaner

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*