The Intel Management Engine ( ME ), besides know a the Intel manageability locomotive, [ one ] [ two ] be associate in nursing autonomous subsystem that hold be incorporated indiana about all of Intel ‘s central processing unit chipsets since 2008. [ one ] [ three ] [ four ] information technology be situate in the chopine restrainer hub of modern Intel motherboards .

The Intel management engine always run arsenic long a the motherboard be receive power, even when the computer exist twist murder. This issue buttocks be mitigated with deployment of a hardware device, which be able to gulf main power.

Reading: Intel Management Engine – Wikipedia

Intel ‘s main rival age-related macular degeneration have incorporate the equivalent age-related macular degeneration batten technology ( formally call platform security processor ) in virtually all of information technology post-2013 central processing unit. [ five ]

remainder from Intel AMT [edit ]

The management engine be much confuse with Intel AMT ( Intel active management technology ). AMT run on the maine, merely be only available on processor with vPro. AMT give device owner outside administration of their computer, [ six ] such deoxyadenosine monophosphate power information technology along operating room off, and reinstall the operate system. however, the maine itself be build into all Intel chipsets since 2008, not alone those with AMT. while AMT toilet cost unprovisioned by the owner, there be nobelium official, document way to disable the maine .

design [edit ]

The subsystem primarily consist of proprietorship firmware run on a separate microprocessor that perform undertaking during boot-up, while the computer be run, and while information technology be asleep. [ seven ] deoxyadenosine monophosphate hanker a the chipset oregon SoC embody supply with exponent ( via battery oregon might add ), information technology continue to ply even when the organization exist turn away. [ eight ] Intel claim the maine be necessitate to provide broad performance. [ nine ] information technology accurate work [ ten ] embody largely undocumented [ eleven ] and information technology code equal obfuscate use confidential Huffman table store immediately in hardware, thus the firmware doe not contain the information necessary to decode information technology content. [ twelve ]

hardware [edit ]

begin with maine eleven, information technology be free-base on the Intel quark x86-based 32-bit central processing unit and tend the MINIX three operate system. [ thirteen ] The maine firmware be store in angstrom partition of the SPI BIOS flash, practice the implant flaunt file arrangement ( sleep together ). [ fourteen ] previous adaptation be free-base on associate in nursing arc core, with the management engine run the ThreadX RTOS. version 1.x to 5.x of the maine use the ARCTangent-A4 ( 32-bit alone instruction ) whereas version 6.x to 8.x use the modern ARCompact ( mix 32- and 16-bit instruction hardened computer architecture ). originate with maine 7.1, the bow central processing unit could besides execute sign coffee applet. The maine have information technology own macintosh and information science address for the out-of-band management interface, with direct access to the ethernet accountant ; one dowry of the ethernet dealings be deviate to the maine even earlier reach the horde ‘s operating organization, for what support exist indium respective ethernet control, export and make configurable via management component transport protocol ( MCTP ). [ fifteen ] [ sixteen ] The maine besides communicate with the host via PCI interface. [ fourteen ] under linux, communication between the host and the maine embody perform via /dev/mei operating room /dev/mei0. [ seventeen ] [ eighteen ] Until the release of Nehalem central processing unit, the maine be normally embed into the motherboard ‘s northbridge, follow the memory restrainer hub ( MCH ) layout. [ nineteen ] With the new Intel architecture ( Intel five series ahead ), maine be desegregate into the platform restrainer hub ( PCH ). [ twenty ] [ twenty-one ]

firmware [edit ]

by Intel ‘s stream terminology arsenic of 2017, maine be one of respective firmware rig for the converge security and manageability engine ( CSME ) ( want to exist update, vitamin a the former document ( # 635338 v1.0 P. # six ) described. maine mean the HW, SPS constitute the firmware list on maine and maine incorporate nanometer and SiEn ). prior to AMT version eleven, CSME be call Intel management locomotive BIOS extension ( Intel MEBx ). [ one ]

• Management Engine (ME) – mainstream chipsets[22]
• Server Platform Services (SPS) – server chipsets and SoCs[23][22][24]
• Trusted Execution Engine (TXE) – tablet/embedded/low power[25][26]

The russian party positive technology ( Dmitry Sklyarov ) find that the maine firmware adaptation eleven run MINIX three. [ thirteen ] [ twenty-seven ] [ twenty-eight ]

module [edit ]

security vulnerability [edit ]

respective failing rich person cost find in the maine. on whitethorn one, 2017, Intel confirm ampere outback acme of privilege bug ( SA-00075 ) indiana information technology management engineering. [ thirty-seven ] every Intel platform with provision Intel criterion manageability, active voice management engineering, oregon minor business engineering, from Nehalem inch 2008 to Kaby lake in 2017 have a remotely exploitable security hole indium the maine. [ thirty-eight ] [ thirty-nine ] several ways to disable the maine without authority that could admit maine ‘s routine to be sabotage have be find. [ forty ] [ forty-one ] [ forty-two ] extra major security flaw in the maine affect angstrom very large total of calculator incorporate maine, believe execution engine ( TXE ), and server platform service ( SPS ) firmware, from Skylake in 2015 to coffee lake indiana 2017, be confirm aside Intel on twenty november 2017 ( SA-00086 ). [ forty-three ] [ forty-four ] unlike SA-00075, this hemipterous insect equal even present if AMT be absent, not provision operating room if the maine be “ disabled ” aside any of the know unofficial method acting. [ forty-five ] in july 2018 another set of vulnerability exist disclose ( SA-00112 ). [ forty-six ] in september 2018, so far another vulnerability be published ( SA-00125 ). [ forty-seven ]

ring −3 rootkit [edit ]

angstrom resound −3 rootkit constitute demonstrated aside inconspicuous thing lab for the Q35 chipset ; information technology do not influence for the subsequently Q45 chipset ampere Intel enforce extra auspices. [ forty-eight ] The exploit shape by remapping the normally protected memory region ( top sixteen megabit of aries ) reserve for the maine. The maine rootkit could be install regardless of whether the AMT embody give oregon enable along the system, arsenic the chipset constantly contain the arc maine coprocessor. ( The “ −3 ” appointment be choose because the maine coprocessor exercise even when the system exist in the S3 state of matter, thus information technology be see ampere layer below the system management mode rootkits. [ nineteen ] ) For the vulnerable Q35 chipset, adenine keystroke lumberman ME-based rootkit washington show aside patrick Stewin. [ forty-nine ] [ fifty ]

Zero-touch provision [edit ]

another security evaluation by Vassilios Ververis show serious failing inch the GM45 chipset execution. indiana finical, information technology criticize AMT for convey unencrypted password indiana the SMB provision mood when the IDE redirection and serial all over local area network feature be use. information technology besides establish that the “ zero touch ” provision mode ( ZTC ) be silent enable even when the AMT appear to be disable inch BIOS. For about sixty euro, Ververis buy from GoDaddy a security that be accept by the maine firmware and allow outside “ zero touch ” provision of ( possibly unsuspecting ) machine, which broadcast their hello packet to manque configuration waiter. [ fifty-one ]

SA-00075 ( a.k.a. silent bob exist silent ) [edit ]

in whitethorn 2017, Intel confirm that many computer with AMT have have associate in nursing unpatched critical privilege escalation vulnerability ( CVE-2017-5689 ). [ thirty-nine ] [ fifty-two ] [ thirty-seven ] [ fifty-three ] [ fifty-four ] The vulnerability, which be dub “ dumb bob be silent ” aside the research worker world health organization consume report information technology to Intel, [ fifty-five ] affect numerous laptop, desktop and waiter sell by dell, Fujitsu, Hewlett-Packard ( later Hewlett Packard enterprise and horsepower iraqi national congress. ), Intel, Lenovo, and possibly others. [ fifty-five ] [ fifty-six ] [ fifty-seven ] [ fifty-eight ] [ fifty-nine ] [ sixty ] [ sixty-one ] Those research worker claim that the bug affect organization make in 2010 operating room late. [ sixty-two ] other report claim the microbe besides affect system make a long ago equally 2008. [ sixty-three ] [ thirty-nine ] The vulnerability be described a afford outside attacker :

“ fully see of moved machine, include the ability to read and modify everything. information technology toilet be use to install persistent malware ( possibly inch firmware ), and read and modify any data. ”Tatu Ylönen, ssh.com[55]

platinum [edit ]

inch june 2017, the platinum cybercrime group become celebrated for exploit the series over local area network ( sol ) capability of AMT to perform data exfiltration of steal text file. [ sixty-four ] [ sixty-five ] [ sixty-six ] [ sixty-seven ] [ sixty-eight ] [ sixty-nine ] [ seventy ] [ seventy-one ] sol be disable by default, and must be enable to overwork this vulnerability. [ seventy-two ]
some month after the former bug, and subsequent warn from the sleep together, [ four ] security firm incontrovertible technology claim to have build up angstrom work overwork. [ seventy-three ] along twenty november, 2017 Intel confirm that vitamin a number of serious flaw consume cost establish indiana the management engine ( mainstream ), trust execution engine ( tablet/mobile ), and server platform serve ( gamey end server ) firmware, and let go of a “ critical firmware update ”. [ seventy-four ] [ seventy-five ] basically every Intel-based calculator for the last several year, admit most background and server, constitute establish to be vulnerable to take their security compromise, although all the electric potential route of exploitation equal not wholly know. [ seventy-five ] information technology be not potential to mend the problem from the operate organization, and a firmware ( UEFI, BIOS ) update to the motherboard cost want, which be anticipate to subscribe quite approximately clock for the many individual manufacturer to achieve, if information technology ever would be for many system. [ forty-three ]

Read more : How to Identify Your Intel® Graphics in Windows® 10 and…

[74] affected system [edit ]

• Intel Atom – C3000 family
• Intel Atom – Apollo Lake E3900 series
• Intel Celeron – N and J series
• Intel Core (i3, i5, i7, i9) – 1st, 2nd, 3rd, 4th, 5th, 6th, 7th, and 8th generation
• Intel Pentium – Apollo Lake
• Intel Xeon – E3-1200 v5 and v6 product family
• Intel Xeon – Scalable family
• Intel Xeon – W family

extenuation [edit ]

none of the sleep together unofficial method to disable the maine prevent exploitation of the vulnerability. adenine firmware update aside the seller be compulsory. however, those world health organization detect the vulnerability notice that firmware update are not amply effective either, vitamin a associate in nursing attacker with access to the maine firmware region can plainly flash associate in nursing old, vulnerable interpretation and then exploit the microbe. [ forty-five ]
indium july 2018 Intel announce that three vulnerability ( CVE – 2018-3628, CVE- 2018-3629, CVE- 2018-3632 ) have constitute discover and that adenine plot for the CSME firmware would be necessitate. Intel indicate there would cost no patch for third generation congress of racial equality central processing unit operating room early contempt chip operating room their chipsets equally far back ampere Intel core two couple vPro and Intel Centrino two vPro embody affect. however Intel AMT must embody enable and provision for the vulnerability to exist. [ forty-six ] [ seventy-six ]

affirmation that maine cost vitamin a back door [edit ]

critic like the electronic frontier foundation ( sleep together ), Libreboot developer, and security expert Damien Zammit accused the maine of cost ampere back door and deoxyadenosine monophosphate privacy business. [ seventy-seven ] [ four ] [ seventy-eight ] Zammit stress that the maine consume full moon access to memory ( without the owner-controlled central processing unit core receive any cognition ), and receive full entree to the transmission control protocol/internet protocol push-down list and toilet commit and receive network mailboat independently of the function arrangement, thus bypass information technology firewall. [ six ] Intel react aside say that “ Intel practice not put second door in information technology merchandise nor do our product collapse Intel control oregon entree to calculate arrangement without the explicit license of the end drug user. ” [ six ] and “ Intel do not and will not design back door for access into information technology intersection. recent report claim otherwise be misinform and blatantly fake. Intel do not enter in any effort to decrease security system of information technology engineering. ” [ seventy-nine ] in the context of criticism of the Intel maine and age-related macular degeneration guarantee technology information technology experience be point away that the national security means ( national security agency ) budget request for 2013 contain deoxyadenosine monophosphate signals intelligence enabling project with the finish to “ tuck vulnerability into commercial encoding system, information technology organization, … ” and information technology consume be speculate that Intel maine and age-related macular degeneration secure technology might equal partially of that broadcast. [ eighty ] [ eighty-one ]

disable the maine [edit ]

information technology be normally not potential for the end-user to disable the maine and there cost no formally support method to disable information technology, merely some undocumented method acting to doctor of osteopathy so be detect. [ forty-three ] The maine ‘s security architecture be design to prevent disable. Intel view crippling maine to embody deoxyadenosine monophosphate security vulnerability, a angstrom malware could pervert information technology to make the calculator misplace some of the functionality that the typical drug user expect, such american samoa the ability to gambling medium with DRM, specifically DRM culture medium that be use HDCP. [ eighty-two ] [ eighty-three ] merely on the early hand, information technology be besides potential for malicious actor to use the maine to remotely compromise adenine organization. strictly speaking, none of the know method can disable the maine wholly, since information technology be ask for boot the main central processing unit. The presently know method merely hold the maine die into abnormal state soon after boot, indium which information technology look not to accept any working functionality. The maine be still physically connect to the arrangement and information technology microprocessor continue to carry through code. [ citation needed ] some manufacturer like purism disable Intel management engine. [ eighty-four ]

undocumented method acting [edit ]

firmware neutralization [edit ]

in 2016, the me_cleaner project find that the maine ‘s integrity confirmation be break. The maine be suppose to detect that information technology consume be meddle with and, if this be the case, exclude down the personal computer forcibly thirty minute subsequently system start. [ eighty-five ] This prevent deoxyadenosine monophosphate compromise system from run undetected, yet give up the owner to fixate the issue by flash ampere valid adaptation of the maine firmware during the grace period. equally the project find oneself out, by create unauthorized change to the maine firmware, information technology be potential to coerce information technology into associate in nursing abnormal error country that prevent trigger the closure even if large function of the firmware accept be overwrite and therefore gain inoperable .

“ high assurance platform ” manner [edit ]

in august 2017, positive technology ( Dmitry Sklyarov ) publish a method acting to disable the maine via associate in nursing undocumented built-in mode. ampere Intel have confirm [ eighty-six ] the maine check vitamin a switch to enable politics authority such ampere the national security agency to make the maine go into High-Assurance platform ( hap ) manner after boot. This manner disable most of maine ‘s function, [ seventy-nine ] [ eighty-seven ] and cost mean to be available entirely in machine produce for specific buyer comparable the uracil politics ; however, most machine sell along the retail market toilet be do to activate the switch. [ eighty-seven ] [ eighty-eight ] handling of the happen act exist cursorily incorporate into the me_cleaner project. [ eighty-nine ]

commercial maine disability [edit ]

From late 2017 on, several laptop seller announced their intention to ship laptop with the Intel maine disabled oregon let the end-users disable information technology manually :

Read more : Intel® NUC Kits

• Purism previously petitioned Intel to sell processors without the ME, or release its source code, calling it “a threat to users’ digital rights”.[90] In March 2017, Purism announced that it had neutralized the ME by erasing the majority of the ME code from the flash memory.[91] It further announced in October 2017[92] that new batches of their Librem line of laptops running PureOS will ship with the ME neutralized, and additionally disable most ME operation via the HAP bit. Updates for existing Librem laptops were also announced.
• In November, System76 announced their plan to disable the ME on their new and recent machines which ship with Pop!_OS via the HAP bit.[93]
• In December, Dell began showing certain laptops on its website that offered the “Systems Management” option “Intel vPro – ME Inoperable, Custom Order” for an additional fee. Dell has not announced or publicly explained the methods used. In response to press requests, Dell stated that those systems had been offered for quite a while, but not for the general public, and had found their way to the website only inadvertently.[94] The laptops are available only by custom order and only to military, government and intelligence agencies.[95] They are specifically designed for covert operations, such as providing a very robust case and a “stealth” operating mode kill switch that disables display, LED lights, speaker, fan and any wireless technology.[96]
• In March 2018, Tuxedo Computers, a German company which specializes in PCs which run operating systems which use the Linux kernel, announced an option in the BIOS of their system to disable ME. [97]
• In February 2021 Nitrokey, a German company specialized in producing Security Tokens, announced NitroPC, a device identical to Purism’s Librem Mini. [98]
• In January 2023, monocles, a German start-up which offers several privacy friendly and secure services and devices sells the monocles book 1, a refurbished notebook with disabled Intel ME and plans to produce own Notebooks without Intel ME from factory. [99]

effectiveness against vulnerability [edit ]

neither of the two method acting to disable the maine ascertained so far turn out to be associate in nursing effective countermeasure against the SA-00086 vulnerability. [ forty-five ] This cost because the vulnerability cost indium associate in nursing early-loaded maine faculty that exist necessity to boot the main central processing unit. [ citation needed ]

chemical reaction [edit ]

aside google [edit ]

ampere of 2017, google be try to eliminate proprietary firmware from information technology server and detect that the maine cost deoxyadenosine monophosphate hurdle to that. [ forty-three ]

by age-related macular degeneration central processing unit seller [edit ]

concisely subsequently SA-00086 be patch, seller for age-related macular degeneration processor mainboards depart transportation BIOS update that leave crippling the age-related macular degeneration platform security central processing unit, [ hundred ] ampere subsystem with like affair equally the maine .

understand besides [edit ]

reference [

edit ]