Look at ME!
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
Title |
| |
Subtitle |
| |
Title of Series | ||
Number of Parts | 490 | |
Author | ||
License | CC Attribution 2.0 Belgium: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
Identifiers | 10.5446/47275 (DOI) | |
Publisher | ||
Release Date | ||
Language |
Content Metadata
Subject Area | ||
Genre | ||
Abstract |
|
00:00
FirmwareIntelHost Identity ProtocolOpen sourceComputer hardwareMathematical analysisComputer networkMicrocontrollerDirection (geometry)BitRepository (publishing)Computer fileError messageLink (knot theory)LaptopData managementMultiplication signMereologyPerspective (visual)Open sourceFirmwareMicrocontrollerComputer animation
02:23
MicrocontrollerGame controllerGraphics processing unitMobile WebDiagramBlock (periodic table)Module (mathematics)IntelComputing platformData managementChi-squared distributionGame controllerConnectivity (graph theory)LaptopCore dumpServer (computing)Power (physics)KreisprozessDifferent (Kate Ryan album)Computing platformFingerprintComputer hardwareInterface (computing)Operating systemBefehlsprozessorData managementSoftwareComputer animation
04:35
FirmwareOpen sourceBootingPhysical systemOpen setRootComputer hardwareIntelSet (mathematics)Inclusion mapSatelliteLink (knot theory)Kernel (computing)Open setDisk read-and-write headProjective planeOpen sourceFirmwareCoprocessorElectronic mailing listGame controllerPerspective (visual)Core dumpLevel (video gaming)BitBootingPhysical systemComputing platformBefehlsprozessorComputer hardwareLaptopMereologyRepository (publishing)Data managementFlash memorySlide ruleComputer wormComputer animation
07:11
Data managementComputing platformIntelExecution unitGame controllerPhysical systemSystem on a chipConnected spaceBefehlsprozessorRun time (program lifecycle phase)Service (economics)FirmwareFormal verificationEnterprise architectureSoftware maintenancePredictionSystem programmingBootingSequenceTrigonometrySet (mathematics)MicrocontrollerPower (physics)MultiplicationExtension (kinesiology)Computing platformMereologyData managementBefehlsprozessorComputer hardwareFirmwareElectric generatorBootingRevision controlOpen sourceMultiplication signDifferent (Kate Ryan album)LaptopServer (computing)Web 2.0CASE <Informatik>Software bugOperating systemSoftwareMedical imagingInterface (computing)BitGame controllerVector spaceCore dumpCursor (computers)Information securityRight angleAuditory maskingStructural loadEntire functionInformationComputer animation
14:29
Point (geometry)BitData managementLaptopCore dumpRegular graphComputer animation
14:58
Term (mathematics)InformationData managementComputer hardwareIntelInformation securityComputing platformExtension (kinesiology)SoftwareBootingImplementationHill differential equationDevice driverKernel (computing)CoprocessorControl flowData storage deviceVideoconferencingProxy serverKeyboard shortcutFirmwareConfiguration spaceInterface (computing)PasswordDefault (computer science)MereologyComputer hardwareBootingSource codeSoftwareInformation securityOperating systemExtension (kinesiology)FirmwareData managementMultiplication signElement (mathematics)Electronic mailing listFile archiverBefehlsprozessorInterface (computing)Term (mathematics)Revision controlInformationMedical imagingComputer animation
17:40
IntelMultiplication signSlide ruleReverse engineeringComputer animation
18:01
IntelRevision controlTransport Layer SecurityEvent horizonAbelian categoryFirmwareComputing platformServer (computing)Service (economics)Router (computing)Binary fileLaptopFile archiverOpen sourceFirmwareRevision controlMedical imagingMereologyComputing platformEmailData managementReverse engineeringCodeServer (computing)Computer animation
19:50
FirmwareBinary fileCondition numberDistribution (mathematics)Product (business)Helmholtz decompositionSoftwareIntelPlastikkarteStandard deviationImplementationInformationBootingMaxima and minimaSlide ruleFirmwareWave packetBinary codeInformationComputer animation
20:31
Perspective (visual)Binary fileSource codeStiff equationEuclidean vectorComplex (psychology)Software developerSoftwareLaptopCASE <Informatik>Endliche ModelltheorieBinary codePhysical lawComputer animation
21:46
WikiReverse engineeringModule (mathematics)Huffman codingSign (mathematics)Internet forumRAIDIntelVoltmeterExistenceCore dumpInterface (computing)Magnetic stripe cardInformation securityHTTP cookieComputer hardwareSoftwareDimensional analysisCryptographyCache (computing)FirmwarePerspective (visual)Mathematical analysisReverse engineeringBitDimensional analysisInformationInformation securityNumerical taxonomyEndliche ModelltheorieComputer animation
24:11
Partition (number theory)FirmwareTable (information)DialectFirmwareElectronic mailing listMedical imagingBitData structureComputer animation
24:51
Partition (number theory)CodeDirectory serviceModule (mathematics)Hash functionData structureRAIDInternet forumOpcodeAssembly languageComputer-generated imageryRevision controlString (computer science)Line (geometry)InformationInformation securityFirmwareDifferent (Kate Ryan album)QuicksortMultiplication signOpen sourceComputer animation
25:42
BootingRouter (computing)IntelComputer hardwareWage labourProjective planeOpen sourceComputer animation
26:02
Point cloudFacebookOpen sourceMultiplication signRow (database)Slide ruleComputer animation
Transcript: English(auto-generated)
00:06
All right. Hi, everyone. I will just skip the introduction because you see my name and you might have seen me before. I would like to start with a bit of a disclaimer. So, I will be speaking about a very specific company which is Intel at this part.
00:23
This here is not about blaming anyone. It's not about saying or pointing out that something is very, very bad anywhere. This is really just about getting a clue of what we can understand from previous work, or what I have personally looked into to understand what
00:43
the Intel management engine is and what it's doing, or what it can do. Yes, and I might have some errors in here. There will be a link to my GitHub repository later, where you can also find all the slides. So, you can just file issues or make pull requests, which is even easier.
01:02
So, we'll just start with a hopefully brief introduction this time. I already gave a similar talk at C3 last year, like a month ago, with very bad timing actually. So, I'm very sorry for that. I will therefore skip some of the parts I had in there. Then, I will speak about the perspective from
01:22
the open source side about creating firmware and working with what we already have from vendors. Then, I will give you some motivation why you should maybe look into what I looked into. I will start with how it actually started for me,
01:42
and then I will give you lots of hints of directions where you could go. Yeah. In the end, I will also come up with a brief conclusion. Hopefully, I will make it there. So, for the introduction part, you all might have already played around a bit with microcontrollers like the Arduino stuff and everything.
02:03
When people ask me about firmware, and they want a very brief explanation of what it actually is, well, I found them to that, and I told them that actually what you have in your laptop today is very much the very same thing as just playing with Arduino, except that you have like 20 Arduinos in here.
02:21
Okay. Of course, they all are connected together. So, you have these 20 or more chips in your laptop, or also if you work on servers or whatever machines, it's still the very same thing just with some minor differences.
02:41
Okay. There are some components which are actually critical to the entire thing. That starts with what we know sometimes as the Southbridge or more general, the chipset, which connects everything nowadays. Intel calls it the platform controller hub now, because that's where all the controllers are coming together.
03:05
There are two variants actually. So, sometimes you have all the CPU cores also in the very same stock, like in this example here in the picture. Sometimes it's two separate chips. I will come to that later. But besides that, there is two things which actually seem
03:23
like they have a lot of power and probably they shouldn't. So, that's why we take a closer look here. One of them is the embedded controller, which on your laptop is for regulating like battery management for example. When you connect your charger,
03:40
you will see an LED actually light up, and that even works without running an operating system. Why is that? Because there is an embedded controller actually doing that. Of course, you could also do that just in hardware directly, but there is much more to it. This controller can also be connected to your keyboard and mouse. Sometimes it's even a dedicated chip.
04:01
It can be connected to your TPM or a fingerprint sensor or whatever, and also basically to everything else. There is also related work, but more on that later. On servers, you have a very similar thing, which is called the BMC, which you can use for power cycling or provisioning from outside.
04:20
Usually, that's on a different network interface. Then there is something which is the management engine, which is also similar to that, and that's what we're focusing on today. But first, I would like to give a very, very brief perspective on
04:41
the open source firmware side of things, starting with the list of projects. So, we have projects that you already heard about here. There is the core boot project, which you can use for initializing your hardware. For example, this laptop here is also running core boot now, like many other devices you might find at this event,
05:01
or people also ask us and they want to flash core boot on their device. So, that can already take control of a lot of the laptop. Then there is the Linux boot project, which can be used as a payload. We already heard about the head project, which is also the Linux boot approach. So, you have a Linux kernel, and then you have some tools which are running on
05:22
that kernel to then actually kick off your operating system. There is the Euro project, also very similar. It has its own tool. So, it's similar in the approach. Then we have for embedded controllers from Google, for all the Chromebooks,
05:40
open source firmware actually, and the same thing as currently being done at System 76. There's repositories online. You can find them on GitHub. Parts are on gitlab.com. Yeah, you will find it. Actually, the slides are also online, and you can just click through all the links. So, all of what I'm listing somewhere is actually links behind it.
06:02
So, yeah, just follow them. For the baseboard management controllers on servers, we also have open source projects. There's Open BMC, and there's UBMC, also very similar actually to the Linux boot approach. So, you also have Linux kernel and just some tools which are then running on that kernel to actually control the system.
06:22
Okay. So, let's look at the Intel x86 platforms a bit. So, I mentioned sometimes you have everything in one sock, sometimes you actually have two separate chips. People are, well, if you look back some years ago, we were used to knowing something called a CPU.
06:41
There's something today which is very, very similar to that which you can see in this picture. It's called the core processor now. There's slightly more than just a CPU in that. You can also see that it's also connected to other devices like your graphics card, for example. So, that's where it's actually doing
07:00
a bit more than really just processing. So, yeah, it has relationships. This is really just a very, very high level overview. Let's take a closer look at one platform which is the Denverton platform. That's one of the few images actually where I could find
07:20
a direct reference to the management engine, which is what we're looking at now. Here in the upper right corner, do I have a cursor here? No. Anyway, so in the upper right corner of this image, you see two engines mentioned. One of them is the management engine,
07:40
one of them is called innovation engine. So, what is it? The management engine, as we know it today, is basically just a microcontroller. So, you can imagine something like Arduino. It's an AD-51 instruction set. There have been multiple hardware versions over the time.
08:00
I think this is now currently the third generation. So, it's not changing very much, but there is still lots of difference among the implementations around it. It actually started with something that was called the active management technology, and that still exists today. So, the first idea was to have something very,
08:23
very similar to a baseboard management controller, but it's still part of the entire thing. So, it's not on a dedicated chip or well, it's actually integrated into everything. It doesn't have its own NIC. You can still use the very one NIC, so the network interface controller
08:41
that you also use for other services. So, sometimes people ask me like, hey, what is this management actually? What is the engine? Is it dangerous? Does it really do everything that I heard about? Because there was references about web servers running in there, which is not untrue,
09:02
and there is rumors about it being capable of actually wiping your entire laptop from outside, which is also not completely untrue. So, what's actually the case is, there is multiple versions of it for multiple purposes, and if you buy like your whatever ASO laptop or something
09:23
for like a few hundred euros, that's not very likely that you have those features in there, because they are not designed for consumers. More on that later. So, now there's a bit more that was actually put in the management engine,
09:42
and that's why today it's actually called CSME. So, CS for converged security and management engine. I will briefly mention those security features as well. But first, let's look at the innovation engine.
10:01
I've only found it in this very one picture I just showed you. From what I have been told, HP Enterprise is actually using it for some purposes, and it's kind of really just a one-to-one copy of the management engine, which is why I'm mentioning this. So, we can just monitor what's happening over time and see if they still exist side by side
10:23
or if they diverge over time, but yeah, this is where it's starting now. But first, let's look at how the entire platform works together. So, I just explained that we have lots of chips in our laptops, and one of them
10:42
is actually the management engine. So, it's actually part of one of your sucks. What is it doing? When you power on your laptop, there is a ROM in that chip. It's usually very, very tiny, and that's also true for many microcontrollers, actually.
11:01
They have something called a mask ROM or a boot ROM. So, that's what's running initially. And it's quite common that you then load another image into RAM, which comes from somewhere else, to then keep running and do more things than really just the boot part. That's called RBE here.
11:21
So, RBE is the first phase, which is just after boot up. It's like a ROM boot extension or something like that. Then there is BOP, the bring up phase, which is supposed to launch the entire platform. So, you should know that the management engine
11:41
is also, well, connected to all the other parts. We just heard about some core boot information, or also general firmware information for the host, which is also connected to lots of devices and needs to initialize stuff. So, it's basically like you have multiple chips
12:02
and multiple firmware images, which are all doing some initialization here and there, and they do not necessarily know about each other. So, that's where sometimes potentially bugs come from. I see some nodding in the room. So, yeah, if you keep looking into firmware, you might come across this also.
12:23
Well, and then eventually there is an operating system running in the management engine, but not in every version of the management engine, in some versions of the firmware of the management engine. This is really not necessary because you don't really need it. For example, I, as a consumer,
12:40
I don't provision my laptop at home from my whatever server. I just run my one operating system there, and I'm okay with that. It's not like I need to wipe it from outside or have some fresh images coming in. I don't know. I just take some install medium from a USB stick or something. Well, if all that is done,
13:03
the CPU research vector is actually triggered from what I know. It can be slightly different on some platforms. Some people thought it might be that the CPU is just on hold all the time and then released at this point.
13:20
Now, the CPU can start. It can load microcode updates, and it can just keep running the entire boot process like what we know from all the other firmware initialization we just heard about, like what Coreboot is doing or what your vendor's UEFI is doing. And then side by side with that, there is another chip which is also somewhere integrated,
13:42
the power management controller. It also gets firmware updates actually from the management engine part from what I looked at. It can be that it also differs a bit on platforms, but yeah, I mean, if you want to look more into it, you might figure out differences. And then there is the embedded controller,
14:00
which is really just running side by side in a way, but it's also still connected to everything. So you have to also be able to talk to the embedded controller chip. So if, for example, if you look at the Coreboot project's source code, then you will also find references like, hey, here, we're talking to the embedded controller, for example, to read out some sensors.
14:21
So you know if the laptop is overheating, so maybe you need to scale it on the CPU or something like that, okay? All right, and then at some point you come across this. You might find this sticker on your laptop. It says something about Core i7. That sounds like the regular marketing stuff you hear.
14:41
Ninth generation, so you know, a bit like was made in 2018, 17, 19. I don't know which exact year it is. And then there is this thing called vPro. And that's where I came across when I was looking at the management engine stuff. So what is it?
15:01
It's actually kind of an umbrella marketing term. It does not refer to very specific features, but it may include like a lot of features. Part of that is today also the active management technology which started at some point in time. It can also contain security features.
15:22
So the problem is just we don't have very much information on that. There is the ARK. It's like an archive on Intel's website where it can read a lot about CPUs, like what their exact features are, if they have like integrated graphics, whatever,
15:41
certain features, no? So not all the CPUs are the same. But when it comes to vPro, it does not speak about support, like hardware support. It speaks about eligibility. So not every chip is actually eligible for this.
16:00
What does that mean? It does not mean that the hardware is not able to do this. So we had some discussions very recently, actually. So thank you. We are sitting here, discovered that this boot guard feature that you might have heard about is actually still usable in some of those chips
16:21
which are not officially eligible. Okay, so boot guard is one of those security features I just mentioned. It's able to lock your firmware down so that you can only boot images which they should have certain signatures, checksums, or something like that,
16:41
so you know what you're booting is actually okay. Now usually that comes from your vendor, not from yourself. So you would have to trust your vendor now. There's other features like software guard extensions and the TXT stuff that also Nine Elements Cybersecurity is working on.
17:03
So here's a long list about what all of this management engine technology is actually about. And there's interfaces for it. So you also need to have some part in your firmware and you also have to have some part in your operating system to actually talk to this, right?
17:22
So that's implemented in the Linux kernel, for example. You can look at the source code. In the firmware, there is something called MEBX, so when you boot your laptop, you may also be allowed to talk to it if you have the corporate version of the management engine.
17:42
Here's a small timeline. It's not necessarily accurate, but this is what I kind of came up with after I read from Igor Skorsinski. He also spoke a lot about ME and reverse engineering. Yeah, but I recommend looking at this slide in detail
18:00
when you have some time. Version 12 of the management engine was released quite a while ago. There is some public documentation about it, not very much, but at least some. But recently, well, actually, just at KERS Communication Congress, we found a laptop which also has version 14, but that's not in the archives anywhere so far.
18:23
At least I haven't found anything. So that kind of stops at version 12, which allows you to deactivate this management technology. Yeah, so that's maybe for corporate versions where you may need to disable this to secure your platforms more.
18:40
So these are the variants I know so far, which I have found. There is the consumer version, the corporate version. Some people refer to a slim version. I don't really know where it's found. There is a server platform version, and there is now something which we're now looking into, the ignition variant. And that was my motivation to actually look into this whole stuff.
19:02
So in the EK2 mailing list, there was something popping up, which is an ignition firmware binary, and which, well, comes with a very brief explanation, which basically says like, yeah, this is a very minimal thing. It's designed for this and this chips,
19:22
or a platform. Yeah, so if we now take this and the FSP, the firmware support package, which we also heard about, then now we could actually kind of make a full image to have firmware for a laptop, well, without all the reverse engineering,
19:41
which we might not be allowed to do, but still all the glue code around it, and then have some other critical parts actually open source. So let's follow along. Here's the license for it. It explicitly disallows decompilation, disassembly, you know,
20:01
everything which would give us really a direct clue. So this is also briefly mentioned in some other references which I put here, like for example, the FSP training. There is a slide saying, well, Intel knows there's lots of firmware engineers out there.
20:22
It doesn't really directly say that, but it looks like they don't really want to disclose all the information. So as a workaround, they provide the binaries. In the white paper, they are saying that binaries are actually quite good, because that's kind of the middle ground we can meet,
20:42
as long as it works as desired, which is not necessarily always the case. So if you work with Coreboot, you might sometimes came across issues somewhere, especially if you don't have much documentation. This is also where Dexter's Law applies. You might have heard about that one,
21:00
which says that only proprietary vendors actually want proprietary firmware, right? So I, as a consumer, I would never say, hey, I want some software from you, but please, make it close source, make me never look into it or something. Nobody would ever say that. And let's spot the issue. When we're talking about security,
21:21
attackers don't play by those rules, right? So if there is some shady people sitting somewhere in a dark corner, and they want to hack your laptop, they do not care about that, right? But we're on the other side. We actually want to secure our laptops. And now we have this problem. We can't really look into it very much.
21:40
So we cannot really investigate our attack model here. But we can take some first steps. There is previous work. There is some analysis tools. There has been some reverse engineering. So I put all the references here. And now we'll tell you a bit about some attacks
22:03
which actually resulted from some reverse engineering. So for example, there was the Planer Vault attack. This is what some shady people in the dark corner could have come up with. Nobody would have noticed because you were never allowed to look into the stuff, right? I think everybody heard about this.
22:22
If not, look into the stuff. It's just Planer Vault. Search for it. You will find it. Which, well, brings us to this question, can we actually trust the vendors? I have very briefly wanted to come up with something like a definition of trust, which is, well, inherently complicated.
22:42
I just sum it up. So there is, for me, two kinds of trust. There is something which is actually earned, and there is something called blind trust. So blind trust is basically like the, well, this will be a right model, you know? So my question is always, why do I have to disclose,
23:00
like, when I bake cookies, I will have to tell you if it contains nuts, because some people may be allergic. But if I provide you with hardware, I don't have to disclose anything, basically. Yeah, so security actually has many dimensions. You know, we have heard about these security issues. There is something which is called responsible disclosure,
23:22
and also coordinated disclosure. That's the model that the researchers are using, and also, well, most of the companies are using, so they don't publish information upfront. You know, they will take it offline. They will have their internal discussions at some point. There will be information released, hopefully.
23:43
Now, Intel researchers actually just wrote about this. They agree that we need common taxonomy to actually talk about those things, so, you know, that we don't misunderstand each other. This is here, my security perspective. Actually, some people also agreed to that,
24:00
that we need to be able to audit our stuff. If we cannot audit something, we cannot trust it, and therefore, you know, no audit, no trust. So here is a brief introduction to firmware analysis. I like to look at firmware this way. It's a bit like emulating firmware, but, you know, it's really just reading the raw bytes
24:22
which you have in your firmware image. You can do this with very nice tools like XXD and less, right? So that gives you this. This is how the ME firmware is actually partitioned. So it's really just very, very simple data structures from all the tools I already mentioned before.
24:43
You can come to these conclusions. It's really just simple, right? It's really just listings like these regions are here and there. Yeah, there is different sorts of entries in the firmware. You will figure it out if you look further into it. So I'm just listing those here for reference.
25:02
Unfortunately, I'm almost out of time once again. So I will just skip through some of this stuff. And of course, come talk to me because I'm really interested in exchanging more about this. If you can read x86 instructions, of course,
25:21
you can just look at the raw bytes because this is not decompiling or disassembly. It's really just reading, right? Yeah, time's up now. So just for a very brief conclusion, all firmware has to be open source. For security, that's what I propose.
25:41
Some people agree. And to fully on your own hardware, we actually have to do something about this. Here's lots of projects where we have open source stuff. Yeah, and that's where I'm ending here. I would like to actually thank all those projects which are also present here and also my hackerspaces.
26:03
Unfortunately, there is no time for questions. So this slide is for people watching the recording so you have the reference. Thank you.