Wut? MINIX is embedded in every modern Intel CPU

[ChesterX]

 

Quote

If you have a modern Intel CPU (released in the last few years) with Intel’s Management Engine built in, you’ve got another complete operating system running that you might not have had any clue was in there: MINIX. 

That’s right. MINIX. The Unix-like OS originally developed by Andrew Tanenbaumas an educational tool — to demonstrate operating system programming — is built into every new Intel CPU.

 

https://www.networkworld.com/article/3236064/servers/minix-the-most-popular-os-in-the-world-thanks-to-intel.html

[vanished]

-moved to CPUs-

[Guest Generallee]

Oh noes

[Cookybiscuit]

Been this way for years. It's what the FBI and CIA use to spy on your PC, it's how darknet drug dealers get caught and also what your boss uses to see what porn you watch.

[Leonard]

Recalling in the past that this issue is for CPUs after Ivy Bridge CPUs where Intel moved the ME straight on the CPU and Sandy and Ivy has it on the chipset.

[Tabs]

To be honest, I'm happier with the core of IME being based on Minix than some in-house proprietary system. I don't think anyone was under the impression that IME was just a dumb code block or an extension to the microcode to enable the management engine features.

 

There are groups out there who work on removing IME capability from certain systems, mostly older ones currently, due to the many, many, MANY examples of security and privacy implications of having a "black box" running on your machine that you have no access to. Even when disabled the code still gets checked and run at boot time, otherwise the processor won't even boot.

 

Maybe knowing it's based on Minix will help somewhat in the deobfuscation/decryption/analysis of exactly what ME does and how. Right now we just have to trust Intels documentation on what it does, but they are very tight lipped on how it does it.

[NoxiousOdor]

I'm glad I am still on Westmere

[Guest]

2 hours ago, WhisperingKnickers said:

I'm glad I am still on Westmere

You probably have a different, more obscure (micro?)OS than what we have

[snortingfrogs]

Apparently Intel is running MINIX on their CPU's (IME) and has been doing so far a while and Google don't like it very much.

 

 

Quote

 

If you have a modern Intel CPU (released in the last few years) with Intel’s Management Engine built in, you’ve got another complete operating system running that you might not have had any clue was in there: MINIX.

That’s right. MINIX. The Unix-like OS originally developed by Andrew Tanenbaum as an educational tool — to demonstrate operating system programming — is built into every new Intel CPU.

MINIX is running on “Ring -3” (that’s “negative 3”) on its own CPU. A CPU that you, the user/owner of the machine, have no access to. The lowest “Ring” you have any real access to is “Ring 0,” which is where the kernel of your OS (the one that you actually chose to use, such as Linux) resides. Most user applications take place in “Ring 3” (without the negative).

The first thing that jumps out at me here: This means MINIX (specifically a version of MINIX 3) is in all likelihood the most popular OS shipping today on modern Intel-based computers (desktops, laptops and servers). That, right there, is absolutely crazy.
 

 

 

Source: https://www.networkworld.com/article/3236064/servers/minix-the-most-popular-os-in-the-world-thanks-to-intel.html

 

Quote

 

The following features exist within Ring -3:

- Full networking stack
- File systems
- Many drivers (including USB, networking, etc.)
- A web server
 

 

 

This is a bit scary actually, mostly the web server part.

It's running a webserver on the CPU that one have no access to or control over.

[NoxiousOdor]

2 minutes ago, tjcater said:

You probably have a different, more obscure (micro?)OS than what we have

Yeah haha I wouldn't doubt it

[Guest]

Here is the MINIX creator's open letter after finding out (link)

[Crunchy Dragon]

Oh that's interesting. I do agree with your last point, the day we lose control over technology is the day Skynet surfaces and destroys humanity

[Bananasplit_00]

hmmm wonder if there is any way to access this, like any way to exploit x86 or whatever to get to -3 and have a play about

[Guest]

7 minutes ago, tjcater said:

Here is the MINIX creator's open letter after finding out (link)

 

[Guest]

1 minute ago, Bananasplit_00 said:

hmmm wonder if there is any way to access this, like any way to exploit x86 or whatever to get to -3 and have a play about

 

On 9/11/2017 at 10:25 AM, tjcater said:

An older video that expands on a flaw with X86:

 

Forgot what ringbus this exploit gets you too, but there have been quite a few to get into the - range.

[PCGuy_5960]

[Bananasplit_00]

Just now, tjcater said:

 

Forgot what ringbus this exploit gets you too, but there have been quite a few to get into the - range.

yah i know you can get into the negatives using some exploits, but if you can get to negative three i dont know, and once you get there i have honestly no idea what you would find. how this was discovered dosent seem clear to me though, did google say it? im really interested in that part of this whole story

[Guest]

Just now, Bananasplit_00 said:

how this was discovered dosent seem clear to me though, did google say it?

The memory sinkhole or the MINIX part? (If sinkhole then it was somewhere in the video, but don't know at what time stamp)

[Bananasplit_00]

Just now, tjcater said:

The memory sinkhole or the MINIX part? (If sinkhole then it was somewhere in the video, but don't know at what time stamp)

the sinkhole video i think i saw when it came out tbh, but the MINIX part. if its running in such secret how did it come out?

[wONKEyeYEs]

Can the intel management engine software be removed?

Would this help with privacy issues?

 

[Bananasplit_00]

1 minute ago, wONKEyeYEs said:

Can the intel management engine software be removed?

Would this help with privacy issues?

 

google have been working on removeing it, i dont think they have managed to yet

[GoodBytes]

The post requires original input explaining the news (in your own words that is). Until it is fixed, the thread is moved out of the Tech News section.

[wONKEyeYEs]

Just now, Bananasplit_00 said:

google have been working on removeing it, i dont think they have managed to yet

So going to Apps in Win10 and removing the intel management engine components

would be futile?

 

 

[Bananasplit_00]

1 minute ago, wONKEyeYEs said:

So going to Apps in Win10 and removing the intel management engine components

would be futile?

 

 

that still leaves the master controller, and this MINUX running its webserver

[Guest]

Just now, Bananasplit_00 said:

if its running in such secret how did it come out?

Intel running an OS underneath hasn't been much of a secret as they have been doing this kinda of thing for a while (Just not well documented), but it was just recently found out that ME11(What the recent intel CPUs use) ran MINIX after someone/some group played around with the OEM “Intel ME System Tools” and investigated further. (Source)