✨ Feature Suggestion | Add information about Intel ME and AMD PSP #1507

New Issue

Open

opened 2019-11-21 18:19:30 +00:00 by coopbri · 3 comments

coopbri commented 2019-11-21 18:19:30 +00:00 (Migrated from github.com)

Copy Link

Description:

I think it would be beneficial to include information about the Intel Management Engine (ME) and the AMD Platform Security Processor (PSP), perhaps within the Operating Systems page.

Both the Intel ME and the AMD PSP are processors within modern processors that contain proprietary blobs. They have very low-level access, even below the typical operating system ("Ring -1" access; standard operating system kernels are considered to have Ring 0 access -- see Wikipedia article: Protection Ring). As such, the typical operating system (Windows, Mac, Linux, FreeBSD, etc.) cannot "see" the activity of the ME/PSP; they are backdoors by design. Both coprocessors are closely integrated with the BIOS/UEFI boot process, and absolutely no ME/PSP code is public. Both employ a security through obscurity threat model.

Some more details on each are outlined below:

Intel ME

• Based on Intel Active Management Technology
• Runs a full TCP/IP network stack, allowing remote access
  • Bypasses any standard operating system firewall (again due to Ring -1 access)
• Has full access to computer memory
• Encrypted with RSA-2048 key
• Runs a modified, proprietary version of Andrew Tanenbaum's MINIX operating system
• Can be partially removed ("deblobbed") on some architectures with ME Cleaner script: https://github.com/corna/me_cleaner
  • Newer chipsets (Haswell and later) cannot use this method due to "Intel Boot Guard"
• If disabled (by flashing or otherwise), PC will power off after ~30 minutes
• More reading/reference material
  • Wikipedia article
  • Libreboot Intel ME FAQ
  • Intel ME Critical Firmware Update SA-00086
  • Andrew Tanenbaum's statement on Intel asking about MINIX (highly recommend checking this out)
  • Article with Damien Zammit's (EFF) comments

AMD PSP

• Based on AMD Secure Technology
• Lies on ARM core processor inside of AMD processors
• Cryptographically signed, similar to ME
• Exists on 16h systems and later (circa 2013 - present)
• More reading/reference material
  • Wikipedia article
  • Libreboot AMD PSP FAQ
  • Reddit thread about releasing the PSP source code
  • Reddit thread with AMD employee AMA, including CEO Dr. Lisa Su

Perhaps it would be useful to provide only known information (e.g. that they exist and not much is known about them in the public space), and mention that this is largely due to them being proprietary and tightly-guarded features.

## Description: I think it would be beneficial to include information about the Intel Management Engine (ME) and the AMD Platform Security Processor (PSP), perhaps within the Operating Systems page. Both the Intel ME and the AMD PSP are processors within modern processors that contain proprietary blobs. They have very low-level access, even below the typical operating system ("Ring -1" access; standard operating system kernels are considered to have Ring 0 access -- see [Wikipedia article: Protection Ring](https://en.wikipedia.org/wiki/Protection_ring)). As such, the typical operating system (Windows, Mac, Linux, FreeBSD, etc.) cannot "see" the activity of the ME/PSP; they are backdoors by design. Both coprocessors are closely integrated with the BIOS/UEFI boot process, and absolutely no ME/PSP code is public. Both employ a _security through obscurity_ threat model. <br> Some more details on each are outlined below: ### Intel ME - Based on Intel Active Management Technology - Runs a full TCP/IP network stack, allowing remote access - Bypasses any standard operating system firewall (again due to Ring -1 access) - Has full access to computer memory - Encrypted with RSA-2048 key - Runs a modified, proprietary version of Andrew Tanenbaum's MINIX operating system - Can be partially removed ("deblobbed") on some architectures with ME Cleaner script: [https://github.com/corna/me_cleaner](https://github.com/corna/me_cleaner) - Newer chipsets (Haswell and later) cannot use this method due to "Intel Boot Guard" - If disabled (by flashing or otherwise), PC will power off after ~30 minutes - More reading/reference material - [Wikipedia article](https://en.wikipedia.org/wiki/Intel_Management_Engine) - [Libreboot Intel ME FAQ](https://libreboot.org/faq.html#intelme) - [Intel ME Critical Firmware Update SA-00086](https://www.intel.com/content/www/us/en/support/articles/000025619/software.html) - [Andrew Tanenbaum's statement on Intel asking about MINIX](https://www.cs.vu.nl/~ast/intel/) __(highly recommend checking this out)__ - [Article with Damien Zammit's (EFF) comments](https://news.softpedia.com/news/intel-x86-cpus-come-with-a-secret-backdoor-that-nobody-can-touch-or-disable-505347.shtml) ### AMD PSP - Based on AMD Secure Technology - Lies on ARM core processor inside of AMD processors - Cryptographically signed, similar to ME - Exists on 16h systems and later (circa 2013 - present) - More reading/reference material - [Wikipedia article](https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor) - [Libreboot AMD PSP FAQ](https://libreboot.org/faq.html#amd-platform-security-processor-psp) - [Reddit thread about releasing the PSP source code](https://www.reddit.com/r/privacy/comments/5z4phx/petition_for_amd_to_opensource_the_psp_backdoor/) - [Reddit thread with AMD employee AMA, including CEO Dr. Lisa Su](https://www.reddit.com/r/Amd/comments/5x4hxu/we_are_amd_creators_of_athlon_radeon_and_other/defi2oq/) <br> Perhaps it would be useful to provide only known information (e.g. that they exist and not much is known about them in the public space), and mention that this is largely due to them being proprietary and tightly-guarded features.

👍 3

tjhietala commented 2020-03-20 16:11:05 +00:00 (Migrated from github.com)

Copy Link

The processor formerly known as PSP is these days called AMD Secure Processor (although the old name seems to still persist on the net). Some additional links:

Official site: https://www.amd.com/en/technologies/security

RE tool: https://github.com/PSPReverse/PSPTool

CCC presentations: https://media.ccc.de/v/thms-38-dissecting-the-amd-platform-security-processor
https://media.ccc.de/v/36c3-10942-uncover_understand_own_-_regaining_control_over_your_amd_cpu

The processor formerly known as PSP is these days called AMD Secure Processor (although the old name seems to still persist on the net). Some additional links: Official site: https://www.amd.com/en/technologies/security RE tool: https://github.com/PSPReverse/PSPTool CCC presentations: https://media.ccc.de/v/thms-38-dissecting-the-amd-platform-security-processor https://media.ccc.de/v/36c3-10942-uncover_understand_own_-_regaining_control_over_your_amd_cpu

freddy-m commented 2021-02-23 10:41:02 +00:00 (Migrated from github.com)

Copy Link

@privacytools/editorial thoughts on this? I'm not against it...

@privacytools/editorial thoughts on this? I'm not against it...

tjhietala commented 2021-02-25 21:23:20 +00:00 (Migrated from github.com)

Copy Link

A couple of additional links:

In-depth dive into the security features of the Intel/Windows platform secure boot process

Intel® Converged Security and Management Engine (Intel® CSME) Security White Paper November 2020

A couple of additional links: [In-depth dive into the security features of the Intel/Windows platform secure boot process](https://igor-blue.github.io/2021/02/04/secure-boot.html) [Intel® Converged Security and Management Engine (Intel® CSME) Security White Paper November 2020](https://www.intel.com/content/dam/www/public/us/en/security-advisory/documents/intel-csme-security-white-paper.pdf)

This repo is archived. You cannot comment on issues.

No Branch/Tag Specified

Branches Tags

master

dependabot/bundler/nokogiri-1.13.6

dependabot/bundler/addressable-2.8.0

freddy-m-patch-3

pr-add_RemoveMyPhone_sponsor

pr-browser_cleanup_1257_1328_1430

freddy-m-patch-2

freddy-m-patch-1

pr-vpn_hated_one_video

cdn

update-nitrohorse-image

promote-metager-to-card

hardware

pr-add_azirevpn

pr-add_mailfence

shop

1673

pr/1658

i18n-simple

sponsorship-edits-nov2019

i18n

ipfs

blacklight447-ptio-patch-3

blog

remove-windows-icons

pr/1147

i18n-testing

add-beautify

No results found.

Labels

Clear labels

🔍🤖 Search Engines

approved

approved, waiting for a PR

dependencies

Pull requests that update a dependency file

duplicate

feedback wanted

high priority

I2P

The Invisible Internet Project (I2P)

iOS

low priority

OS

Operating Systems

Self-contained networks

Social media

stale

A label for stalebot if it gets added

streaming

Anything related to media streaming.

todo

Tor

Anything covering the Tor network

WIP

active work in progress, do not merge or PR (yet)!

wontfix

Issues or bugs that will not be fixed and/or do not have significant impact on the project.

XMPP

Extensible Messaging and Presence Protocol

[m]

Matrix protocol

₿ cryptocurrency

ℹ️ help wanted

↔️ file sharing

⚙️ web extensions

Browser Extension related issues

✨ enhancement

❌ software removal

💬 discussion

🤖 Android

🐛 bug

💢 conflicting

📝 correction

Correction of content on the website

🆘 critical

📧 email

🔒 file encryption

📁 file storage

🦊 Firefox

Firefox & forks, about:config etc.

💻 hardware

🌐 hosting

🏠 housekeeping

Anything primarily related to site cleanup.

🔐 password managers

🧰 productivity tools

🔎 research required

🌐 Social News Aggregators

🆕 software suggestion

👥 team chat

🔒 VPN

Virtual Private Network

🌐 website issue

*Technical* issues with the website.

🚫 Windows

👁️ browsers

🖊️ digital notebooks

🗄️ DNS

Domain Name System

🗨️ instant messaging (im)

🇦🇶 translations

Anything covering a translated version of the site

No Label

✨ enhancement

💻 hardware

🔎 research required

Milestone

No items

No Milestone

Assignees

Clear assignees

jonah

No Assignees

1 Participants

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: privacyguides/privacytools.io#1507

No description provided.