Tanenbaum: more comments regarding Intel ME

Re: https://firmwaresecurity.com/2017/11/07/tanenbaum-responds-to-intel-about-minix-based-me/

Andrew adds two more footnotes to his reply to Intel:

[…]Many people (including me) don’t like the idea of an all-powerful management engine in there at all (since it is a possible security hole and a dangerous idea in the first place), but that is Intel’s business decision and a separate issue from the code it runs.[…] I certainly hope Intel did thorough security hardening and testing before deploying the chip, since apparently an older version of MINIX was used.[…]

[…]If I had suspected they might be building a spy engine, I certainly wouldn’t have cooperated, even though all they wanted was reducing the memory footprint (= chip area for them). I think creating George Orwell’s 1984 is an extremely bad idea, even if Orwell was off by about 30 years. People should have complete control over their own computers, not Intel and not the government. In the U.S. the Fourth Amendment makes it very clear that the government is forbidden from searching anyone’s property without a search warrant. Many other countries have privacy laws that are in the same spirit. Putting a possible spy in every computer is a terrible development.[…]

https://www.techpowerup.com/238677/minix-creator-andrew-tanenbaum-sends-open-letter-to-intel-over-minix-drama

Tanenbaum responds to Intel about Minix-based ME

Intel ME running Minix is in the news again…

An Open Letter to Intel

[…]I knew that Intel had some potential interest in MINIX 3 several years ago when one of your engineering teams contacted me about some secret internal project and asked a large number of technical questions about MINIX 3, which I was happy to answer. I got another clue when your engineers began asking me to make a number of changes to MINIX 3, for example, making the memory footprint smaller and adding #ifdefs around pieces of code so they could be statically disabled by setting flags in the main configuration file.[…]

Yours truly,
Andrew S. Tanenbaum

http://www.cs.vu.nl/~ast/intel/

https://en.wikipedia.org/wiki/Andrew_S._Tanenbaum

http://www.minix3.org/

https://firmwaresecurity.com/2017/05/07/intel-me-based-on-minix/

Intel ME: based on Minix?

https://twitter.com/lordbaco/status/861216983488004098

“[…]In addition, when we looked inside the decompressed vfs module, we encountered the strings “FS: bogus child for forking” and “FS: forking on top of in-use child,” which clearly originate from Minix3 code. It would seem that ME 11 is based on the MINIX 3 OS developed by Andrew Tanenbaum :)[…]”

http://blog.ptsecurity.com/2017/04/intel-me-way-of-static-analysis.html

http://www.minix3.org/