Look at ME! - Intel ME Investigation
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Number of Parts | 254 | |
| Author | ||
| License | CC Attribution 4.0 International: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/53031 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
| |
| Keywords |
36C3: Resource Exhaustion208 / 254
1
7
8
9
10
11
24
26
27
28
35
39
40
41
43
44
47
49
50
55
56
60
62
63
64
68
71
72
74
75
77
78
79
82
88
93
99
100
102
106
109
111
112
113
118
119
122
124
125
127
132
133
135
136
137
138
140
141
142
143
144
145
146
150
151
156
157
158
161
162
164
165
166
167
170
173
175
177
179
180
182
183
187
201
202
208
213
219
224
226
233
234
235
237
239
240
241
244
246
247
249
251
253
00:00
IntelCASE <Informatik>Computer animationJSON
00:21
CybersexOpen sourceFirmwareIntelData managementWebsiteDependent and independent variablesLecture/Conference
00:45
WebsiteData managementIntelLecture/Conference
01:09
Virtual machineReverse engineeringInternet forumEvent horizonMultilaterationMathematical analysisProjective planeField (computer science)InformationPoint (geometry)Computer animation
02:22
FirmwareOpen sourceIntelComputer hardwareMathematical analysisEntire functionFirmwareComputer hardwareField (computer science)Point (geometry)Open sourceMathematical analysisComputing platformComputer animation
03:10
Right angleWhiteboardMicrocontrollerComputer animation
03:36
Computer networkWhiteboardLaptopSoftwareInternetworkingPoint (geometry)NumberComputer animation
04:08
MotherboardIntelCore dumpDDR SDRAMNetwork socketModule (mathematics)Game controllerGraphics processing unitProcess capability indexData managementMobile WebBlock (periodic table)Digital signalElectronic visual displayEmbedded systemSoftware development kitSoftware-defined radioMIDIPCI ExpressFunctional (mathematics)MicrocontrollerGraphics processing unitModule (mathematics)Line (geometry)Digital electronicsMultiplication signComputing platformSlide rulePower (physics)Game controllerServer (computing)Random matrixPoint (geometry)Graph coloringData centerBitLaptopInterface (computing)Operator (mathematics)Endliche ModelltheorieCore dumpLevel (video gaming)Latent heatIntelOperating systemBit rateKeyboard shortcutOrder (biology)BootingCartesian coordinate systemData managementProgram flowchart
06:56
BootingOpen sourceFirmwarePhysical systemOpen sourceProjective planeField (computer science)Limit (category theory)Computer programmingOperating systemQuicksortBitImplementationDevice driverWeb 2.0Virtual machineInformationGame controllerGoogolComputer hardwareRoutingCore dumpGraphical user interfaceLaptopPhysical systemBootingExtension (kinesiology)Open setFirmwareInterface (computing)BefehlsprozessorKernel (computing)Computer animation
08:58
IntelComputer hardwareCoprocessorWeightComputing platformCuboidGame controllerPeripheralComputer animationProgram flowchart
09:49
WärmestrahlungData storage deviceLocal area networkData managementRevision controlComputing platformPeripheralEndliche ModelltheorieComputer animation
10:24
FirmwareSystem programmingInformation securitySoftware maintenanceLaptopData managementDescriptive statisticsComputer hardwareFirmware
10:49
BefehlsprozessorData managementFormal verificationFirmwarePhysical systemMereologyRun time (program lifecycle phase)Service (economics)IntelConnected spaceData managementSingle-precision floating-point formatBitBootingBefehlsprozessorMereologyServer (computing)Virtual machineMicrocontrollerIntelMultiplication signGodKey (cryptography)Different (Kate Ryan album)Personal computerComputer hardwareInformation securityImplementationBasis <Mathematik>LaptopOffice suiteGame controllerCore dumpPolar coordinate systemFirmware
13:38
BootingIntelFirmwareOperating systemBootingVirtual machineBitParallel portRevision controlPatch (Unix)Physical systemCore dumpGame controllerData managementStructural loadBefehlsprozessorPower (physics)Phase transitionMultilaterationDataflowOperator (mathematics)CASE <Informatik>Device driverMultiplication signMereologyProgram flowchart
15:13
Kernel (computing)Device driverComputer hardwareData storage deviceControl flowProxy serverVideoconferencingKeyboard shortcutGame controllerSingle-precision floating-point formatBitMusical ensembleKreisprozessPoint (geometry)Kernel (computing)Data managementMereologyInterface (computing)Operating systemGoodness of fitPhysical systemDevice driverProxy serverComputer hardwareMedical imagingSoftware developerVideoconferencingSource code
16:51
Interface (computing)FirmwarePasswordPasswordExtension (kinesiology)Device driverDefault (computer science)LaptopRevision controlLibrary (computing)Asynchronous Transfer ModeVirtual machineMetropolitan area networkSystem administratorFirmwareSeries (mathematics)Lenovo Group
17:52
IntelMultiplication signLine (geometry)Revision controlCuboidInformationData managementError messageDifferent (Kate Ryan album)Link (knot theory)Open source
18:50
Revision controlIntelTransport Layer SecurityAbelian categoryEvent horizon40 (number)Point (geometry)WordRevision controlIntelData managementComputer clusterComputer animation
19:15
Router (computing)Server (computing)Service (economics)FirmwareElectronic mailing listEmailRevision controlServer (computing)Computer animation
19:34
FirmwareBinary fileServer (computing)Service (economics)EmailDirection (geometry)Binary fileBinary codeFirmwareMedical imagingCore dumpRevision controlVotingSource code
20:18
FirmwareInternet service providerMeta elementBinary fileReverse engineeringProduct (business)SoftwareDistribution (mathematics)MathematicsComputer animationSource code
20:44
IntelPlastikkarteFirmwareStandard deviationSample (statistics)BootingImplementationInformationSystem programmingMenu (computing)Metropolitan area networkDemosceneSoftware developerInformationWave packetEvent horizonFirmwareSlide ruleComputer animation
21:21
Open sourceSource codeWordPhysical lawFirmwarePerspective (visual)Multiplication signIntelSource code
21:51
SoftwareSoftwarePhysical systemRule of inferenceDirection (geometry)Computer animation
22:13
Reverse engineeringModule (mathematics)Sign (mathematics)Internet forumIntelOperations researchMagnetic stripe cardCore dumpBefehlsprozessorInterface (computing)Table (information)Reverse engineeringMathematical analysisInformationInformation securityComputer animation
22:40
ImplementationComputer hardwareComputational physicsCryptographyLogicMathematical analysisFirmwareFile Transfer ProtocolPartition (number theory)Table (information)Directory serviceCodeModule (mathematics)Hash functionMetadataData structureInternet forumIEC-BusMereologyComputer architectureEmailOpcodeInformation securityFirmwareData structureBitOpen sourceMereologyComputer animationSource code
23:00
Magnetic stripe cardCurve fittingParametrisierungCodePartition (number theory)Directory serviceGame controllerComputer-generated imageryFlash memoryFirmwareTable (information)Extension (kinesiology)BootingServer (computing)DemosceneProxy serverTime zoneArmRootkitIntelWage labourMereologyOpen sourceFirmwareLevel (video gaming)Term (mathematics)Electronic mailing listSound effectBasis <Mathematik>Projective planeChaos (cosmogony)Hacker (term)Computer animation
23:32
BitMultiplication sign1 (number)Goodness of fitComputer animation
23:57
Multiplication signCASE <Informatik>Lecture/Conference
24:34
Computer animation
Transcript: English(auto-generated)
00:18
OK, let's go.
00:22
You ready? Let's have a handful of cyber revolt, please. All right, hello, everyone. I'm Daniel. You might have seen me before. I sometimes speak about open source firmware. And at some point, I also had
00:42
to start to look into more specific stuff. So this talk here is about the internal management engine. Sometimes also known as the manageability engine, it always depends on what website you find or what person you ask. You might get either response or both.
01:01
So let's see. A little disclaimer first. I am not trying to blame Intel for anything they have done or something. This year is not about whether we can trust Intel as a company or any other chip vendor or vendor in general
01:21
because I cannot read their minds. I don't know their intentions. What we can only do is see what they put out in the public or what we find in the machines that we buy. And on the other hand, we don't really
01:40
know that much because especially with the Intel ME, there is not very much public information. So people try to figure things out. There are forums. There are certain small projects like analysis tools and stuff, but all of these are based on reverse engineering or educated guessing
02:03
or whatever people could just figure out. And me especially, I don't know very much about it actually. So I'm just here because I'm interested in the field. And at some point, there was an event which made me look into it, but more about that later.
02:22
The agenda for today, I will give a very brief introduction. It will be a very bold introduction, though, into the entire field around firmware. Then I will be switching over to the open source firmware stuff we do.
02:41
I will briefly try to explain the hardware we know as Intel's x86 platforms. Then I will try to give you a motivation to also look into what I've been looking into and tell you what made me look into it.
03:01
I will give you some entry points for analysis. And eventually, we will just get a conclusion and start to think about what we just heard. So for the introduction, who of you in the audience has already done something with microcontrollers?
03:21
Please raise your hands. We see lots of hands here. And in fact, we actually have hundreds or thousands or millions of microcontrollers here. So all the lights we see over here, there are ESP8266. That board you see in the middle.
03:41
There is Arduino. And there is something which I like to call not the network of things because apparently, you just need a network. You don't really need the internet for it. And we can connect all of those devices. We can remotely control them. And I'm now going to show you that what you have in your laptop is actually the very same thing.
04:09
Now, this is lots of bullet points. And I'm very sorry for it. But this gives you a feeling of what we are dealing with here.
04:20
In your laptop, you have multiple such controllers which are very similar to the Arduino or ESP microcontrollers that you already know. Some of them are for very, very specific functionality. So everyone knows the USB controllers. We have USB controllers.
04:40
We have PCI where other devices are connected. We have GPUs. We have a whole lot more. But the very core, that's what is known as the chipset and the CPU. It can sometimes also be one single chip,
05:04
like in this graphic here, which I borrowed from Intel. Just adjusted the colors a bit to make it fit with the slides. And here, you can see lots of lines connecting all of those controllers. Now, there's some other controllers which
05:21
I also started to look into. They are called the embedded controller, which is an additional microcontroller on your laptop for power management, for controlling the charging circuit. When you connect your charger to a battery, you will see an LED.
05:42
That's what this device is doing. It might be connected to a keyboard, to your mouse. And there is a very similar concept also for servers. It's called BMC, or Baseboard Management Controller. Its purpose is to remotely control a server so you don't have to actually go to a data center.
06:03
Imagine you are administrating five data centers all across the world. You can literally be in all of them at the same time. So that's why they came up with an interface to remotely control it. And they've made a dedicated chip for it, which is also connected to many devices on the server
06:21
platform. Then there is one thing you might also have heard about, a so-called TPM, a Trusted Platform Module. And its main purpose is to give you a very small trust anchor from which you can run all of your top-level applications,
06:40
below which is an operating system, which is actually running after a bootloader, which is actually started from your firmware, which is actually loaded from your chipset. And that's how deep the rabbit hole goes. Now let's look at open source projects.
07:03
We have projects for all sorts of features around the CPU. The CPU, before your laptop can even start up, it has to be initialized. It also has to know the RAM. When you boot up a machine, it doesn't yet really know anything about RAM.
07:22
That's what the Core Boot project is doing. Now today, we have a bit of a problem, because we don't have enough information to actually program Core Boot for modern machines. So there is a different approach now.
07:42
You know the UEFI, or Unified Extensible Firmware Interface. It's a bit of a different approach also to initialize hardware, but also to hand over to an operating system. But the thing is, there are sorts of drivers in there and stuff.
08:00
So we want to replace that with a Linux kernel. That's what the Linux boot approach is doing. There are different implementations. There is heads. There is U-root. That's how we can start modern machines with a bit more knowledge. For embedded controllers, we have the projects from Google for the Chromebooks.
08:22
There's lots of open source implementations, but they only apply to very specific hardware. You can find all of the stuff on the web, of course. And then System 76 is also currently working in that field for their laptops. And eventually, for the BMCs I just introduced you to,
08:43
there's also two projects. There is the Open BMC project and the U-root project. So that's how far we are. But that's not what I'm talking about today. I'm talking about something else. And that's why we have to take a closer look at Intel's x86
09:03
hardware. This here is an example of a platform which has a dedicated chipset and a processor. This is also a graphic I borrowed from Intel once again. It shows you where all of those peripherals are connected.
09:23
So again, we have USB. We have ethernet. But there is more to it, actually. And you can clearly see that this chipset here, it's quite a large box. And there is a reason for it, because that's where actually most of the chips are connecting.
09:44
That's why Intel calls it the Platform Controller Hub, or PCH for short. Now let's look closer at the Denverton platform. Denverton is one of those model names for the platforms. Intel always comes up with these names.
10:01
And here we have a very brief summary of what peripherals we have. And if you look very closely in the upper right corner, there is two so-called engines mentioned. One of them is the innovation engine. The other one is the management engine,
10:22
which we're dealing with today. The innovation engine has a very brief description. It says it's something about innovation. It's something about firmware. But actually, I have not yet found any use for it. But it's there in your hardware. So if you have a Denverton chip in your laptop
10:40
or wherever you might find it, you have some features there. But I don't know what they are for. OK, so let's look at the management engine today. Because the thing is, hardware is evolving. The management engine today is not the management engine from a few years ago.
11:02
So with newer hardware, we get different chips over time. They are attached to different other peripherals over time. And they're given different purposes. So basically, the ME itself is just a microcontroller, like Arduino. And it's part of your chipset.
11:24
If you have a combined chipset and main processor, it's in that one single chip. But that's where it is. But that's not where it started. It actually started as the so-called active management technology. The idea was that you could remotely control a device
11:43
and provision it, just like what I described to you as the baseboard management controller for servers. It's the same thing, but for, let's say, laptops, desktop PCs. Imagine you're running a very huge company and you have hundreds of devices to maintain.
12:00
Now you have this BMC thingy for servers and this thing here for your desktop devices. Now the question is, why is it actually connected to all of those peripherals? First of all, there was a bit of a renaming recently. It's no longer just called the ME.
12:22
It's called the CSME, Converged Security and Manageability or Management Engine. It can load your firmware and verify it. And with that firmware, we are now talking about the host CPU firmware,
12:42
that thing that Corbut can be doing, or what your vendor's UEFI firmware is doing. If that firmware is not as expected, which means it's not signed with a certain key from either Intel or your OEM, the equipment manufacturer,
13:03
which can be HP or Asus or whatever, then your laptop may not boot. That's a feature. It's a security feature. Now the problem is, if we want to legitimately replace
13:20
the firmware with our own implementations, we can't do it if this certain feature is activated. It's also known as boot guard. But again, this is not what we're talking about today. I want to look at something else.
13:41
This here is how your machine boots up. On the left hand, you see the flow I just described to you, what the ME is doing. You press the power button on your machine. The ME is coming up. It's initializing itself first with its own firmware.
14:00
That's the RBE phase. A bit more about that later. Then there is a bring up phase, which hands over to the ME operating system. If that version of your ME actually has an operating system, which is not necessarily the case, it will reset the CPU itself.
14:23
It will trigger the firmware on the CPU to start. That's where core boot could take over or your vendor's UEFI firmware. It loads some microcode updates. It comes to the initialization phase where you get the RAM and the CPU
14:43
and eventually all the features you have in your chipset itself until it can boot your host operating system. Now at the same time, there's two more chips even being powered on. One is the PMC, the power management controller, which also gets some updates or patches from the ME firmware
15:04
and the EC, the embedded controller I already described to you, which is just running in parallel. But in fact, these are all connected to each other. And here are some of the features summarized, which we have in ME.
15:20
So the active management technology is implemented, for example, in the Linux kernel. There is a driver for it. It could do hardware monitoring. Like it can monitor if your chips are overheating. It can have other sensors connected to it. It can do power control.
15:41
That's why I just described to you. Just like a PMC, you can power cycle. You can power cycle your system through it. You could update your operating system out of band. So not like using apt-get upgrade or something. No, instead, you would just do it from outside. So you could reformat an entire disk, replace it with a new image.
16:03
You have a bit of storage, and you even have a proxy for a keyboard and mouse and the video interface. So it's like VNC, literally. That's what we know from the public documentation. Now, the interface that is implemented in the Linux kernel
16:23
has been extended a bit. Now we have a dedicated chip, which was pulled out of the ME, the ISH, or Integrated Sensor Hub. It just does the very basic things I just described to you about sensors, just in a dedicated chip.
16:41
That's a good development, actually, because now we don't have a single point of failure, which has everything. We have a single point of failure, which has everything but this part. There is BIOS extensions. In your host firmware, there can also be certain libraries or drivers
17:00
which are connecting to the ME. You can control the ME through it. If you have a business laptop, you might be running the corporate version of the ME firmware. And then you might press F6 or CTRL-P when booting up, and you might get a prompt.
17:21
If you are still in the manufacturing mode or you just bought the machine very fresh, you just type admin. That's the default password. That's publicly documented, by the way. It's not something I found somewhere, but in Intel's own documentation. And then you can start using that feature. So this might apply.
17:41
I haven't confirmed it, but it might apply to the HP Elitebooks, for example, which are for business use or certain Lenovo Thinkpads from the T series. You could try it on your machines, maybe. Now, I've already described to you that there are lots of different variants
18:01
and versions of the management engine. We have a very, very long timeline here. We are talking about years starting from 2004 until now. So it's 15 years since the active management technology was announced until today, where we have version 12 of the management engine.
18:26
The problem with this timeline here is, again, the disclaimer, I cannot really verify all of this information. I have mostly gathered it from different sources. So don't take all of this for granted. Some of this might also just include some educated guessing from my side.
18:44
If you find any errors, you will get the links later. You can file me a box or send your pull request. So we're at version 12 now. For each version of the management engine, there's release notes. They are public. So in ME12, they just drop version 1 for TLS.
19:04
1.2 is now in. And we have a few other features. Some of them I don't even know, but you can look it up on Intel's documentation. Those are the variants we already know. Consumer corporate, a slim version apparently.
19:23
There's the SPS version, which was made for servers. And now there is something called ignition, which actually brings us to our motivation here. This is an email from the EDK2 non-OSI mailing list.
19:41
They announced a version of the ME binary which can finally be distributed. So you can give it to other people. You could do that before. Well, at least not officially. Of course, when you get firmware updates from your supplier, you get those binaries in a way, but it's not like you download them from Intel directly.
20:03
Which means that now we can offer full images of custom firmware based on core boot, based on this ME binary here, and whatever we want to tailor it for. So let's follow the yellow brick road.
20:23
This is the license. The license allows basically only redistribution. You may not make any changes. You may not reverse it. You may not decompile it. You may not disassemble it. Now how do we actually verify that it works as desired
20:42
and as promised? Pay no attention to the man behind the curtain. If you have seen The Wizard of Oz, you know the scene. That's literally what they want. Their philosophy is kind of a shallow thing.
21:02
So they don't really want to be very open with the information. This here is from a training slide. It's an official training that Intel is giving at certain events. They tell people, well, we have lots of firmware developers who want to support them in a way, but not too much actually.
21:22
I have to be a bit quick because I have more slides than time. Here's the vendor's perspective from Intel's FSP white paper. FSP is the firmware support package. They're saying they're working towards, well, releasing something, but actually not.
21:41
So if you have a binary and it works as desired, then it's OK. Otherwise, well, not so much. But they promise it works. And the same applies for ME, I guess, which is where Dexter's Law applies, which is saying that only proprietary software vendors actually want proprietary software.
22:03
And now that's the issue. If somebody is attacking your system, they do not play by the rules. Let's take some first steps into that direction. There's some analysis tools. There's the ME Cleaner, ME Analyzer, and more. There has been some reverse engineering, not from my side,
22:23
because of course the license doesn't allow it. More information can be found in other talks. There was the Plundervolt attack just recently, which was actually based on reverse engineering. Now I'm afraid I have to cut it here.
22:42
We have security issues. We want to analyze firmware. Here's a bit of data structures. I will just briefly skim through those now. You can approach me later for more.
23:02
And I want to briefly come to this conclusion because this is the important part. So, for security, all firmware has to be open source. Here's a list of acronyms, some other talks to refer to again. Thanks to everyone who has actually helped me with this. That's all the hackerspaces I hang out at,
23:22
the Chaos West team and the stage here, of course, and the open source firmware projects. Please come to our assembly. It's right over there, if you want to know more. So, thanks. First, if you have any questions, please approach me now.
23:41
Or, well, just a bit at the assembly. I guess we have time for one very small question now. Yeah, thank you very much. Let's have a hand. There'll be two mics. They're lit. We have time for one question, or maybe two, but short ones.
24:02
Anybody has a question? No? About all the fun you can have and not supposed to have. Okay. Thank you very much. Okay, in which case, let's close it and take your trash, please,
24:26
and be excellent to each other. Thank you very much.