Linux on Intel Management Engine?

Under development: PCMCIA, wireless, etc.
Post Reply
Message
Author
User avatar
technosaurus
Posts: 4853
Joined: Mon 19 May 2008, 01:24
Location: Blue Springs, MO
Contact:

Linux on Intel Management Engine?

#1 Post by technosaurus »

If you haven't heard about Intel ME, its basically a backdoor built into newer Intel chips with Minix built in to on chip programmable persistent memory (I'm not sure what type)

Intel presumably used Minix due to Linux's GPL license and the relative size of Minix vs the various BSDs, but if we were to replace Minix with Linux (or even a clean Minix build), we could not only override any security backdoors, but also have an extremely fast boot mechanism based on Coreboot or Libreboot. The 9.0 firmware is over 10Mb and I have gotten a basic Linux with Xvesa, rxvt and jwm in under 1Mb, so there is plenty of room for extra drivers - even some versions of tiny core would fit by default.

Has anyone seen any project like this in the works?
Check out my [url=https://github.com/technosaurus]github repositories[/url]. I may eventually get around to updating my [url=http://bashismal.blogspot.com]blogspot[/url].

s243a
Posts: 2580
Joined: Tue 02 Sep 2014, 04:48
Contact:

#2 Post by s243a »

That sounds like a really cool idea!!!!

amigo
Posts: 2629
Joined: Mon 02 Apr 2007, 06:52

#3 Post by amigo »

The problem lies with getting access to that area of the motherboard. I did see the other day a linux laptop which uses coreboot and claims to have disabled the IME.
Here's the article I saw:
https://www.theinquirer.net/inquirer/ne ... ed-laptops
Gentoo has some info:
https://wiki.gentoo.org/wiki/Sakaki's_E ... ent_Engine

User avatar
technosaurus
Posts: 4853
Joined: Mon 19 May 2008, 01:24
Location: Blue Springs, MO
Contact:

#4 Post by technosaurus »

At the moment, its possible to reflash the firmware on systems that have it "enabled" for the user (mostly business class machines) but the images have to be signed. From what little I have found out though, it uses a builtin ARC processor (yes ARC, not ARM - not a typo) so it would be a lot more complicated to run Linux on it directly - not impossible though, Adapteva's Parallela systems use 2 ARM processors and supplement it with 8-1024 tilera cores and IIRC the PPC system in the PS3 used a controller core.

From what I understand there are some smaller pre-signed images, so if you downsized to the smallest IME image, it would be possible to free up enough space to accommodate coreboot or a bootloader and linux image, though the process isn't simple.
Check out my [url=https://github.com/technosaurus]github repositories[/url]. I may eventually get around to updating my [url=http://bashismal.blogspot.com]blogspot[/url].

Post Reply