MINIX (Mini-Unix) is a micro-kernel O/S based upon the AT&T’s 1979 release of Unix Version 7. It was developed by Andrew Tanenbaum in 1987 for use on PC platforms. Version 7 is significantly older than AT&T’s Unix System 5 Release 3/Release 4 variants that are the basis for most Unix, Linux, and BSD systems today. However, MINIX was the platform from which Linux was derived.
Who would’ve though that some 30 years later, MINIX would be used inside every Intel CPU? Indeed, the Intel AMT (Active Management Technology) uses the Intel ME (Management Engine) for management purposes. This is powered by the MINIX micro-kernel. ZDnet has an interesting article about this here.
In today’s Intel architecture, the functions of the old Southbridge chip were moved to the Platform Controller Hub (PCH) along with some of the functions of the now-defunct Northbridge chip. The functions of the Intel Management Engine (IME) are in the PCH.
In evaluating the embedded web server exploits in Intel AMT version 9.8 and 10, researchers have been taking a closer look at the Management Engine. After all, it has access to all I/O data flowing in the computer. The ME allows for remote access and control of machine. ME can can automatically download and update firmware for the CPU and motherboard subsystems. Intel ME provides all kinds of remote monitoring capabilities.
The European research firm, Positive Technologies, has been leading the research into Intel’s Management Engine. They have a write-up on disabling the Intel Management Engine here. Of interest is that their research uncovered a hidden switch that allows booting of the NSA’s High Assurance Platform (HAP). The HAP platform allows secure booting and operation across multiple information domains (Unclassified, Secret, Top Secret, etc). HAP workstations and servers from both Dell and HP are available to government customers. Some information regarding the HAP initiative can be found here.
Gadzooks! The NSA is becoming much like the ingredients in Mama Ragu’s Spaghetti sauce:
“Hey. It’s in there!”