ARM, here I come! [was AMD]
Posted: 2017-11-09 23:17
Note to Intel: If Google doesn’t trust your CPUs on their own servers, maybe you should consider removing this “feature.” Otherwise, at some point they’ll (likely) move away from your CPUs entirely.
No , it does not worry me, and it is not the fault of Minix 3, nor Andrew Tanenbaum . To start with what Intel is using for it's Management EnginePostby Segfault » 2017-11-09 20:22
So it does not worry you if your CPU opens a tunnel and gives 100% access to your computer to a third party.
That link to "according to Google", is mostly about getting rid of UEFI, it saysGoogle wants to remove MINIX from its internal servers
According to Google, which is actively working to remove Intel’s Management Engine (MINIX) from their internal servers (for obvious security reasons), the following features exist within Ring -3:
I notice this:from: https://en.wikipedia.org/wiki/Andrew_S._TanenbaumOne of these subscribers was a Finnish student named Linus Torvalds who began adding new features to MINIX and tailoring it to his own needs. On October 5, 1991, Torvalds announced his own (POSIX like) kernel, called Linux, which originally used the MINIX file system, but it is not based on MINIX code.[24]
Hmm, It says, "BASED on Minix 3". So isn't this kind of like when someFrom: http://blog.ptsecurity.com/2017/04/inte ... lysis.html In addition, when we looked inside the decompressed vfs module, we encountered the strings “FS: bogus child for forking” and “FS: forking on top of in-use child,” which clearly originate from Minix3 code. It would seem that ME 11 is based on the MINIX 3 OS developed by Andrew Tanenbaum
It is a great little OS, and perfect for, some of my older equipment, and yes itMinix 3 What Is MINIX 3?
MINIX 3 is a free, open-source, operating system designed to be highly reliable, flexible, and secure. It is based on a tiny microkernel running in kernel mode with the rest of the operating system running as a number of isolated, protected, processes in user mode. It runs on x86 and ARM CPUs, is compatible with NetBSD, and runs thousands of NetBSD packages. Get MINIX 3 now and join our community!
Do you mean Advanced Micro, correction: Monitoring, Devices?AMD, here I come!
Indeed, people have been saying this for years, that both Intel and AMD CPUs have 'backdoors' built into them. A casual Google finds articles going back to at least 2013 about similar concerns. Jumping ship to AMD won't make much difference.pylkko wrote:I haven't checked the facts, but according to the Free Software Foundation AMD has an equivalent system baked in.
https://www.fsf.org/blogs/rms/a-message ... foundationThe current generation of Intel and AMD processor
chips are designed with vicious back doors that users cannot shut
off. (In Intel processors, it’s the "management engine".)
No users should trust those processors.
Having 100% control over everything I do not see there would be any difficulties for MINIX to reach out to the internet using any hardware available, it may rely on user OS provided drivers in some cases, though.wizard10000 wrote:One thing I haven't heard anyone mention is that if your NIC isn't Intel I don't see how their ME can connect to anything.
Code: Select all
#mount/dev/cpu1 /data
#cd /data
#pwd
cpu1/data/
cpu1#uname -a
MINIX 3.3.0. (588a35b)
Copyright 2014, Vrije Universiteit, Amsterdam, The
Netherlands
MINIX is open source software, see
http://www.minix3.org
Started VFS: 9 worker thread(s)
e1000#0: Intel PRO/1000 MT 82545EM (8086/100f/00) at
2.0.0
#locate (name removed for protection of the innocent)
#located : print data or save P or S....
#S
#data saved to f673100043291100.dat
#exit
$
OK. The thing is that it is realistically conceiveable that ARM, RISC-V etc. can to some extent replace x86 computers in home use. Last I checked these power9 products were several thousand just for the mother board. I believe the company you link to even had a crowd funding campaign that failed miserably, like they got only one bidder. The product was just way too expensive. It does sound like they are willing to create a fully auditable platform, it just doesn't sound like it could help home users much.steve_v wrote:I'm surprised nobody has mentioned POWER9 yet, This is the FSFs suggested solution to the ME/backdoor drama.
Still in pre-order, but I am tempted to buy one. Looks pretty badass, and I am in the market for a new server.
Perhaps, though the cost of such things is inversely proportional to the number produced. Hence ARM hardware found in every Android phone is cheap, while power9, which is not widely deployed yet, is not.pylkko wrote:The product was just way too expensive.