We do often include affiliate links to earn us some pennies. See more here.

Seems AMD and Intel may be feeling the pressure from Arm? Today both companies announced the forming of a new x86 ecosystem advisory group to help shape the future of the platform.

It's not just them though they've pulled in Linus Torvalds (creator of Linux) and Tim Sweeney (Epic Games), along with companies including: Broadcom, Dell, Google, Hewlett Packard Enterprise, HP Inc., Lenovo, Meta, Microsoft, Oracle, and Red Hat as founding members.

From the press release:

“We are on the cusp of one of the most significant shifts in the x86 architecture and ecosystem in decades – with new levels of customization, compatibility and scalability needed to meet current and future customer needs,” said Pat Gelsinger, Intel CEO. “We proudly stand together with AMD and the founding members of this advisory group, as we ignite the future of compute, and we deeply appreciate the support of so many industry leaders.”

“Establishing the x86 Ecosystem Advisory Group will ensure that the x86 architecture continues evolving as the compute platform of choice for both developers and customers,” said Lisa Su, AMD Chair and CEO. “We are excited to bring the industry together to provide direction on future architectural enhancements and extend the incredible success of x86 for decades to come.”

Their plan is to come together to find new ways to expand the x86 ecosystem with their intended outcomes to be:

  • Enhancing customer choice and compatibility across hardware and software, while accelerating their ability to benefit from new, cutting-edge features.
  • Simplifying architectural guidelines to enhance software consistency and standardize interfaces across x86 product offerings from Intel and AMD.
  • Enabling greater and more efficient integration of new capabilities into operating systems, frameworks and applications.

More in the press releases: AMD / Intel.

Article taken from GamingOnLinux.com.
13 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly checked on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly. You can also follow my personal adventures on Bluesky.
See more from me
All posts need to follow our rules. For users logged in: please hit the Report Flag icon on any post that breaks the rules or contains illegal / harmful content. Guest readers can email us for any issues.
47 comments
Page: «2/3»
  Go to:

F.Ultra Oct 19
View PC info
  • Supporter
So the companies that screw me over with Intel ME and AMD PSP are joining forces ? Consider me wanting to get off X86 to RiscV or Power9 even more than before.

yes it is popular to scare people that have no clue on how things work that these are somehow secret spy things when they in reality are nothing but managing devices for enterprise IT departments (just like how we in the server space have full on BMC cards instead).

ME is also what powers fTPM, bios signing and PlayReady drm.
These are all used to restrict your freedom to use your device how you like right now.
ME has been used by Israelian hackers to hack devices.
The procedure for using it requires you to receive an identification key from Intel based on information Intel generated, there is no indication that you can lock Intel out.
Maybe the American government isn't using it as a back door right here, right now, but the only reason we have to believe that is Intels' word.
ME is the reason modern devices can't install coreboot.

Also if it was just for remote management they would've put not such ridiculous amount of effort to counter all the efforts that have been done to remove it, because this is how it went: first you could simply remove the hardware, than they patched that and you could only remove the software, than they patched that and you couldn't, but someone found the secret government switch to turn it off and than they patched that and now the we have clean room reverse engineer it to turn it off without bricking our devices.

Also I'm not an It department and Intel knows that, because they sell a different bussiness and consumer line.
This is a feature they know I will never need, but they added it anyway.

The PlayReady drm does not use Intel ME, it uses SGX which is a completely different thing. fTPM exists only on AMD so again not Intel ME. Nor does it do bios signing.

Various hackers around the world have used every single piece of hw and sw to hack devices so not sure why Intel ME should be singled out for that reason. And for that matter I cannot find any information at all about anyone having hacked Intel ME, Israeli or otherwise, is this you confusing this with something else again or do you have any links?

You also seem a bit confused about coreboot, there are no Intel ME mechanism to prevent the installation of coreboot. The only connection between Intel ME and coreboot is that since Intel ME have it's firmware stored in the BIOS, Intel ME is disabled by coreboot since coreboot does not contain the necessary firmware.

Intel ME have never been a separate piece of hw, it have always been builtin to the cpu and it really have to be in order for it to function the way it's supposed to work.

I think that you are confusing Intel ME with TPM here since TPM started out as a separate chip and was then moved into the CPU after it was discovered that the connection between the TPM and the CPU could be eavesdropped and manipulated in a way that rendered TPM useless.

Intel ME is builtin to every single cpu since #1 Intel does not know which specific cpu a business tends to purchase for their office machines that their IT department wants to perform remote administration on and #2 it would be extremely expensive to have two separate chip fabs for non-ME and have-ME line of CPU:s of the same core design.

I would hope that people would understand that IF intel decided to put some hidden backdoor into their processors that they would have done that _hidden_ and not in a piece of hw that they openly advertise (and with complete guides on how to use like this one: Getting Started with Intel® Active Management Technology. Also to date not a single person have been able to see any Intel ME trying to communicate with the outside world (aka phone home), had this ever occurred you would not have missed it since it would have been screamed from rooftops.


In the modules section of the wikipedia BootGuard(bios signing), Protected Audio Video Path, frimware TPM(fTPM) and Secureboot(os signing) are explicitly mentioned as ME modules together with AMT(remote management feature).
You seem to be right about your playready thing though.

I'm not confusing ME with the TPM. That's why I specified it served fTPM(the f stands for firmware).
I was though conflating Coreboot with Libreboot. Libreboot/Canoeboot can't run on modern devices, because it doesn't include the properietary ME code.

The problem with the hacking, is that I can flash a new os when my os is hacked, but not a new ME.

wikipedia explanation of how Intel bootguard prevents coreboot.

Intel sells the Xeon line for enterprise applications and the I line for consumer applications they can simply only include it in Xeon processors.

The lack of phoning home is indeed the best proof we have about it not being a backdoor, which to me proofs mostly that they're not listening in on the devices of the kind of people who monitor and publish their web traffic.
Intel publishing it isn't that surprising.
Several researchers pull processors apart for new undocumented features finding something new without an explanation is really suspicious, while "we're trying to compete with openssh" is a lot less suspicious.

ok, had somehow missed that boot guard was part of ME, thanks for pointing that out. Yes XEONS are for server and workstation use but 99% of office machines are not Xeons and remote management is something that large companies use to manage their large fleet of office machines. Myself I only use the server side version (so a full BMC on Xeons and Epycs) since where I work we let every one manage their own pc as they see fit, but the servers we have in a remote location and ssh is not fun when the machine is stuck in bios, powered off or kernel hang.
LoudTechie Oct 19
So the companies that screw me over with Intel ME and AMD PSP are joining forces ? Consider me wanting to get off X86 to RiscV or Power9 even more than before.

yes it is popular to scare people that have no clue on how things work that these are somehow secret spy things when they in reality are nothing but managing devices for enterprise IT departments (just like how we in the server space have full on BMC cards instead).

ME is also what powers fTPM, bios signing and PlayReady drm.
These are all used to restrict your freedom to use your device how you like right now.
ME has been used by Israelian hackers to hack devices.
The procedure for using it requires you to receive an identification key from Intel based on information Intel generated, there is no indication that you can lock Intel out.
Maybe the American government isn't using it as a back door right here, right now, but the only reason we have to believe that is Intels' word.
ME is the reason modern devices can't install coreboot.

Also if it was just for remote management they would've put not such ridiculous amount of effort to counter all the efforts that have been done to remove it, because this is how it went: first you could simply remove the hardware, than they patched that and you could only remove the software, than they patched that and you couldn't, but someone found the secret government switch to turn it off and than they patched that and now the we have clean room reverse engineer it to turn it off without bricking our devices.

Also I'm not an It department and Intel knows that, because they sell a different bussiness and consumer line.
This is a feature they know I will never need, but they added it anyway.

The PlayReady drm does not use Intel ME, it uses SGX which is a completely different thing. fTPM exists only on AMD so again not Intel ME. Nor does it do bios signing.

Various hackers around the world have used every single piece of hw and sw to hack devices so not sure why Intel ME should be singled out for that reason. And for that matter I cannot find any information at all about anyone having hacked Intel ME, Israeli or otherwise, is this you confusing this with something else again or do you have any links?

You also seem a bit confused about coreboot, there are no Intel ME mechanism to prevent the installation of coreboot. The only connection between Intel ME and coreboot is that since Intel ME have it's firmware stored in the BIOS, Intel ME is disabled by coreboot since coreboot does not contain the necessary firmware.

Intel ME have never been a separate piece of hw, it have always been builtin to the cpu and it really have to be in order for it to function the way it's supposed to work.

I think that you are confusing Intel ME with TPM here since TPM started out as a separate chip and was then moved into the CPU after it was discovered that the connection between the TPM and the CPU could be eavesdropped and manipulated in a way that rendered TPM useless.

Intel ME is builtin to every single cpu since #1 Intel does not know which specific cpu a business tends to purchase for their office machines that their IT department wants to perform remote administration on and #2 it would be extremely expensive to have two separate chip fabs for non-ME and have-ME line of CPU:s of the same core design.

I would hope that people would understand that IF intel decided to put some hidden backdoor into their processors that they would have done that _hidden_ and not in a piece of hw that they openly advertise (and with complete guides on how to use like this one: Getting Started with Intel® Active Management Technology. Also to date not a single person have been able to see any Intel ME trying to communicate with the outside world (aka phone home), had this ever occurred you would not have missed it since it would have been screamed from rooftops.


In the modules section of the wikipedia BootGuard(bios signing), Protected Audio Video Path, frimware TPM(fTPM) and Secureboot(os signing) are explicitly mentioned as ME modules together with AMT(remote management feature).
You seem to be right about your playready thing though.

I'm not confusing ME with the TPM. That's why I specified it served fTPM(the f stands for firmware).
I was though conflating Coreboot with Libreboot. Libreboot/Canoeboot can't run on modern devices, because it doesn't include the properietary ME code.

The problem with the hacking, is that I can flash a new os when my os is hacked, but not a new ME.

wikipedia explanation of how Intel bootguard prevents coreboot.

Intel sells the Xeon line for enterprise applications and the I line for consumer applications they can simply only include it in Xeon processors.

The lack of phoning home is indeed the best proof we have about it not being a backdoor, which to me proofs mostly that they're not listening in on the devices of the kind of people who monitor and publish their web traffic.
Intel publishing it isn't that surprising.
Several researchers pull processors apart for new undocumented features finding something new without an explanation is really suspicious, while "we're trying to compete with openssh" is a lot less suspicious.

ok, had somehow missed that boot guard was part of ME, thanks for pointing that out. Yes XEONS are for server and workstation use but 99% of office machines are not Xeons and remote management is something that large companies use to manage their large fleet of office machines. Myself I only use the server side version (so a full BMC on Xeons and Epycs) since where I work we let every one manage their own pc as they see fit, but the servers we have in a remote location and ssh is not fun when the machine is stuck in bios, powered off or kernel hang.

99% of office machines are not Xeons
: extra reason for Intel not to include enterprise specific features in them. A Xeon is an upsell(more expensive), you want those precious enterprise features, pay for them.
On the SSH point:
A. SSH is only not fun in those situations when it's not on a separate already booted controller(just like intel AMT), but that is actually quite easy to build.
Most server racks already have separate controllers.
B. Well, yes that's why they can argue it to be an attempt at competing with SSH. SSH might be free as in freedom and free beer and have more features, but it requires to set up your own separate microcontroller to manage ring 0 crashes.

Also a more generic reason I have against, "but it's for enterprise IT".
In enterprise IT the users don't own their time and/or devices any limitation of software freedoms makes sense in such a situation, because it would directly cost the one who does own these things the software freedom they get from owning these assets.
As a private buyer I do own my time/devices as such I want to control them.
F.Ultra Oct 20
View PC info
  • Supporter
So the companies that screw me over with Intel ME and AMD PSP are joining forces ? Consider me wanting to get off X86 to RiscV or Power9 even more than before.

yes it is popular to scare people that have no clue on how things work that these are somehow secret spy things when they in reality are nothing but managing devices for enterprise IT departments (just like how we in the server space have full on BMC cards instead).

ME is also what powers fTPM, bios signing and PlayReady drm.
These are all used to restrict your freedom to use your device how you like right now.
ME has been used by Israelian hackers to hack devices.
The procedure for using it requires you to receive an identification key from Intel based on information Intel generated, there is no indication that you can lock Intel out.
Maybe the American government isn't using it as a back door right here, right now, but the only reason we have to believe that is Intels' word.
ME is the reason modern devices can't install coreboot.

Also if it was just for remote management they would've put not such ridiculous amount of effort to counter all the efforts that have been done to remove it, because this is how it went: first you could simply remove the hardware, than they patched that and you could only remove the software, than they patched that and you couldn't, but someone found the secret government switch to turn it off and than they patched that and now the we have clean room reverse engineer it to turn it off without bricking our devices.

Also I'm not an It department and Intel knows that, because they sell a different bussiness and consumer line.
This is a feature they know I will never need, but they added it anyway.

The PlayReady drm does not use Intel ME, it uses SGX which is a completely different thing. fTPM exists only on AMD so again not Intel ME. Nor does it do bios signing.

Various hackers around the world have used every single piece of hw and sw to hack devices so not sure why Intel ME should be singled out for that reason. And for that matter I cannot find any information at all about anyone having hacked Intel ME, Israeli or otherwise, is this you confusing this with something else again or do you have any links?

You also seem a bit confused about coreboot, there are no Intel ME mechanism to prevent the installation of coreboot. The only connection between Intel ME and coreboot is that since Intel ME have it's firmware stored in the BIOS, Intel ME is disabled by coreboot since coreboot does not contain the necessary firmware.

Intel ME have never been a separate piece of hw, it have always been builtin to the cpu and it really have to be in order for it to function the way it's supposed to work.

I think that you are confusing Intel ME with TPM here since TPM started out as a separate chip and was then moved into the CPU after it was discovered that the connection between the TPM and the CPU could be eavesdropped and manipulated in a way that rendered TPM useless.

Intel ME is builtin to every single cpu since #1 Intel does not know which specific cpu a business tends to purchase for their office machines that their IT department wants to perform remote administration on and #2 it would be extremely expensive to have two separate chip fabs for non-ME and have-ME line of CPU:s of the same core design.

I would hope that people would understand that IF intel decided to put some hidden backdoor into their processors that they would have done that _hidden_ and not in a piece of hw that they openly advertise (and with complete guides on how to use like this one: Getting Started with Intel® Active Management Technology. Also to date not a single person have been able to see any Intel ME trying to communicate with the outside world (aka phone home), had this ever occurred you would not have missed it since it would have been screamed from rooftops.


In the modules section of the wikipedia BootGuard(bios signing), Protected Audio Video Path, frimware TPM(fTPM) and Secureboot(os signing) are explicitly mentioned as ME modules together with AMT(remote management feature).
You seem to be right about your playready thing though.

I'm not confusing ME with the TPM. That's why I specified it served fTPM(the f stands for firmware).
I was though conflating Coreboot with Libreboot. Libreboot/Canoeboot can't run on modern devices, because it doesn't include the properietary ME code.

The problem with the hacking, is that I can flash a new os when my os is hacked, but not a new ME.

wikipedia explanation of how Intel bootguard prevents coreboot.

Intel sells the Xeon line for enterprise applications and the I line for consumer applications they can simply only include it in Xeon processors.

The lack of phoning home is indeed the best proof we have about it not being a backdoor, which to me proofs mostly that they're not listening in on the devices of the kind of people who monitor and publish their web traffic.
Intel publishing it isn't that surprising.
Several researchers pull processors apart for new undocumented features finding something new without an explanation is really suspicious, while "we're trying to compete with openssh" is a lot less suspicious.

ok, had somehow missed that boot guard was part of ME, thanks for pointing that out. Yes XEONS are for server and workstation use but 99% of office machines are not Xeons and remote management is something that large companies use to manage their large fleet of office machines. Myself I only use the server side version (so a full BMC on Xeons and Epycs) since where I work we let every one manage their own pc as they see fit, but the servers we have in a remote location and ssh is not fun when the machine is stuck in bios, powered off or kernel hang.

99% of office machines are not Xeons
: extra reason for Intel not to include enterprise specific features in them. A Xeon is an upsell(more expensive), you want those precious enterprise features, pay for them.
On the SSH point:
A. SSH is only not fun in those situations when it's not on a separate already booted controller(just like intel AMT), but that is actually quite easy to build.
Most server racks already have separate controllers.
B. Well, yes that's why they can argue it to be an attempt at competing with SSH. SSH might be free as in freedom and free beer and have more features, but it requires to set up your own separate microcontroller to manage ring 0 crashes.

Also a more generic reason I have against, "but it's for enterprise IT".
In enterprise IT the users don't own their time and/or devices any limitation of software freedoms makes sense in such a situation, because it would directly cost the one who does own these things the software freedom they get from owning these assets.
As a private buyer I do own my time/devices as such I want to control them.

Office desktops outsells consumer desktops by orders of magnitude and is where the money is for companies like Intel. Them removing ME from their consumer grade CPU:s and trying to get companies to upgrade to Xeons would only lead to one outcome: every single company would switch to AMD.
Marlock Oct 20
tl;dr: 1st gen Intel ME was a clusterfuck
https://duckduckgo.com/?q=intel+ime+minix+breach

the first gen Intel ME (aka IME as referred to back then) listened to a fixed port at the ethernet connection even while the OS wasn't booted into, and even while the main processor was off... but more importantly also while the main OS was running, prior to OS listening and handling anything

it also had a nasty bug allowing anyone who did the correct secret knock sequence to access IME's remote control features without proper authentication

and this was impossible to disable, so all vulnerable devices were doomed to live behind an external device acting as a firewall that blocked access to the relevant port... except this is impossible for an IT dept to do for employees working from home and/or traveling with a company laptop instead of sitting in a company office behind a company-managed network infrastructure (VPNs are in the OS, after IME already did its thing), and devices like the first Intel NUC were sold to home users without the technical knowledge and means to do this for a single device, despite Intel's claims that the chip was only sold to companies so no biggie

not all affected devices received a firmware update to plug the security hole for good... this had to come from each manufacturer for each affected board/device model

hence a pretty widespread mistrust of such remote management features...


Last edited by Marlock on 20 October 2024 at 10:26 am UTC
Marlock Oct 20
i'm glad to read Linus Torvalds is on this board

maybe this gives linux a better fighting grounds to prevent the next wave of Microsoft Pluton coprocessors and boot-to-windows-only BIOS defaults from fucking FOSS alternative OSs from booting and running properly in next-gen x86 devices
LoudTechie Oct 20
So the companies that screw me over with Intel ME and AMD PSP are joining forces ? Consider me wanting to get off X86 to RiscV or Power9 even more than before.

yes it is popular to scare people that have no clue on how things work that these are somehow secret spy things when they in reality are nothing but managing devices for enterprise IT departments (just like how we in the server space have full on BMC cards instead).

ME is also what powers fTPM, bios signing and PlayReady drm.
These are all used to restrict your freedom to use your device how you like right now.
ME has been used by Israelian hackers to hack devices.
The procedure for using it requires you to receive an identification key from Intel based on information Intel generated, there is no indication that you can lock Intel out.
Maybe the American government isn't using it as a back door right here, right now, but the only reason we have to believe that is Intels' word.
ME is the reason modern devices can't install coreboot.

Also if it was just for remote management they would've put not such ridiculous amount of effort to counter all the efforts that have been done to remove it, because this is how it went: first you could simply remove the hardware, than they patched that and you could only remove the software, than they patched that and you couldn't, but someone found the secret government switch to turn it off and than they patched that and now the we have clean room reverse engineer it to turn it off without bricking our devices.

Also I'm not an It department and Intel knows that, because they sell a different bussiness and consumer line.
This is a feature they know I will never need, but they added it anyway.

The PlayReady drm does not use Intel ME, it uses SGX which is a completely different thing. fTPM exists only on AMD so again not Intel ME. Nor does it do bios signing.

Various hackers around the world have used every single piece of hw and sw to hack devices so not sure why Intel ME should be singled out for that reason. And for that matter I cannot find any information at all about anyone having hacked Intel ME, Israeli or otherwise, is this you confusing this with something else again or do you have any links?

You also seem a bit confused about coreboot, there are no Intel ME mechanism to prevent the installation of coreboot. The only connection between Intel ME and coreboot is that since Intel ME have it's firmware stored in the BIOS, Intel ME is disabled by coreboot since coreboot does not contain the necessary firmware.

Intel ME have never been a separate piece of hw, it have always been builtin to the cpu and it really have to be in order for it to function the way it's supposed to work.

I think that you are confusing Intel ME with TPM here since TPM started out as a separate chip and was then moved into the CPU after it was discovered that the connection between the TPM and the CPU could be eavesdropped and manipulated in a way that rendered TPM useless.

Intel ME is builtin to every single cpu since #1 Intel does not know which specific cpu a business tends to purchase for their office machines that their IT department wants to perform remote administration on and #2 it would be extremely expensive to have two separate chip fabs for non-ME and have-ME line of CPU:s of the same core design.

I would hope that people would understand that IF intel decided to put some hidden backdoor into their processors that they would have done that _hidden_ and not in a piece of hw that they openly advertise (and with complete guides on how to use like this one: Getting Started with Intel® Active Management Technology. Also to date not a single person have been able to see any Intel ME trying to communicate with the outside world (aka phone home), had this ever occurred you would not have missed it since it would have been screamed from rooftops.


In the modules section of the wikipedia BootGuard(bios signing), Protected Audio Video Path, frimware TPM(fTPM) and Secureboot(os signing) are explicitly mentioned as ME modules together with AMT(remote management feature).
You seem to be right about your playready thing though.

I'm not confusing ME with the TPM. That's why I specified it served fTPM(the f stands for firmware).
I was though conflating Coreboot with Libreboot. Libreboot/Canoeboot can't run on modern devices, because it doesn't include the properietary ME code.

The problem with the hacking, is that I can flash a new os when my os is hacked, but not a new ME.

wikipedia explanation of how Intel bootguard prevents coreboot.

Intel sells the Xeon line for enterprise applications and the I line for consumer applications they can simply only include it in Xeon processors.

The lack of phoning home is indeed the best proof we have about it not being a backdoor, which to me proofs mostly that they're not listening in on the devices of the kind of people who monitor and publish their web traffic.
Intel publishing it isn't that surprising.
Several researchers pull processors apart for new undocumented features finding something new without an explanation is really suspicious, while "we're trying to compete with openssh" is a lot less suspicious.

ok, had somehow missed that boot guard was part of ME, thanks for pointing that out. Yes XEONS are for server and workstation use but 99% of office machines are not Xeons and remote management is something that large companies use to manage their large fleet of office machines. Myself I only use the server side version (so a full BMC on Xeons and Epycs) since where I work we let every one manage their own pc as they see fit, but the servers we have in a remote location and ssh is not fun when the machine is stuck in bios, powered off or kernel hang.

99% of office machines are not Xeons
: extra reason for Intel not to include enterprise specific features in them. A Xeon is an upsell(more expensive), you want those precious enterprise features, pay for them.
On the SSH point:
A. SSH is only not fun in those situations when it's not on a separate already booted controller(just like intel AMT), but that is actually quite easy to build.
Most server racks already have separate controllers.
B. Well, yes that's why they can argue it to be an attempt at competing with SSH. SSH might be free as in freedom and free beer and have more features, but it requires to set up your own separate microcontroller to manage ring 0 crashes.

Also a more generic reason I have against, "but it's for enterprise IT".
In enterprise IT the users don't own their time and/or devices any limitation of software freedoms makes sense in such a situation, because it would directly cost the one who does own these things the software freedom they get from owning these assets.
As a private buyer I do own my time/devices as such I want to control them.

Office desktops outsells consumer desktops by orders of magnitude and is where the money is for companies like Intel. Them removing ME from their consumer grade CPU:s and trying to get companies to upgrade to Xeons would only lead to one outcome: every single company would switch to AMD.


A. For at least a decennium AMD didn't have their own ME/AMT alternative(yes, it does now, but that is much later), so there would still be little reason and on the workstation devices AMD was never a real alternative anyway(, because no seller of prebuild workstation devices includes them, allegedly because intel pays them to).
B. Also Office desktops don't need the, "but I can edit the bios" feature, since there will always be someone who can follow simple instructions behind it and the os can flash the bios if you want to run an update.
For servers it's needed, because you might need to flash a new custom and unsigned bios, but for workstations you don't need that.

Edit: They included the option to turn it off for the American army, they could have simply left the option when it was discovered and used.
It required a special motherboard, so enterprise workstation devices could have avoided it easily by simply not blowing that fuse.
Residential consumers aren't an as profitable market as big enterprise contract, but they're the size of American Army contracts.


Last edited by LoudTechie on 20 October 2024 at 1:21 pm UTC
F.Ultra Oct 20
View PC info
  • Supporter
So the companies that screw me over with Intel ME and AMD PSP are joining forces ? Consider me wanting to get off X86 to RiscV or Power9 even more than before.

yes it is popular to scare people that have no clue on how things work that these are somehow secret spy things when they in reality are nothing but managing devices for enterprise IT departments (just like how we in the server space have full on BMC cards instead).

ME is also what powers fTPM, bios signing and PlayReady drm.
These are all used to restrict your freedom to use your device how you like right now.
ME has been used by Israelian hackers to hack devices.
The procedure for using it requires you to receive an identification key from Intel based on information Intel generated, there is no indication that you can lock Intel out.
Maybe the American government isn't using it as a back door right here, right now, but the only reason we have to believe that is Intels' word.
ME is the reason modern devices can't install coreboot.

Also if it was just for remote management they would've put not such ridiculous amount of effort to counter all the efforts that have been done to remove it, because this is how it went: first you could simply remove the hardware, than they patched that and you could only remove the software, than they patched that and you couldn't, but someone found the secret government switch to turn it off and than they patched that and now the we have clean room reverse engineer it to turn it off without bricking our devices.

Also I'm not an It department and Intel knows that, because they sell a different bussiness and consumer line.
This is a feature they know I will never need, but they added it anyway.

The PlayReady drm does not use Intel ME, it uses SGX which is a completely different thing. fTPM exists only on AMD so again not Intel ME. Nor does it do bios signing.

Various hackers around the world have used every single piece of hw and sw to hack devices so not sure why Intel ME should be singled out for that reason. And for that matter I cannot find any information at all about anyone having hacked Intel ME, Israeli or otherwise, is this you confusing this with something else again or do you have any links?

You also seem a bit confused about coreboot, there are no Intel ME mechanism to prevent the installation of coreboot. The only connection between Intel ME and coreboot is that since Intel ME have it's firmware stored in the BIOS, Intel ME is disabled by coreboot since coreboot does not contain the necessary firmware.

Intel ME have never been a separate piece of hw, it have always been builtin to the cpu and it really have to be in order for it to function the way it's supposed to work.

I think that you are confusing Intel ME with TPM here since TPM started out as a separate chip and was then moved into the CPU after it was discovered that the connection between the TPM and the CPU could be eavesdropped and manipulated in a way that rendered TPM useless.

Intel ME is builtin to every single cpu since #1 Intel does not know which specific cpu a business tends to purchase for their office machines that their IT department wants to perform remote administration on and #2 it would be extremely expensive to have two separate chip fabs for non-ME and have-ME line of CPU:s of the same core design.

I would hope that people would understand that IF intel decided to put some hidden backdoor into their processors that they would have done that _hidden_ and not in a piece of hw that they openly advertise (and with complete guides on how to use like this one: Getting Started with Intel® Active Management Technology. Also to date not a single person have been able to see any Intel ME trying to communicate with the outside world (aka phone home), had this ever occurred you would not have missed it since it would have been screamed from rooftops.


In the modules section of the wikipedia BootGuard(bios signing), Protected Audio Video Path, frimware TPM(fTPM) and Secureboot(os signing) are explicitly mentioned as ME modules together with AMT(remote management feature).
You seem to be right about your playready thing though.

I'm not confusing ME with the TPM. That's why I specified it served fTPM(the f stands for firmware).
I was though conflating Coreboot with Libreboot. Libreboot/Canoeboot can't run on modern devices, because it doesn't include the properietary ME code.

The problem with the hacking, is that I can flash a new os when my os is hacked, but not a new ME.

wikipedia explanation of how Intel bootguard prevents coreboot.

Intel sells the Xeon line for enterprise applications and the I line for consumer applications they can simply only include it in Xeon processors.

The lack of phoning home is indeed the best proof we have about it not being a backdoor, which to me proofs mostly that they're not listening in on the devices of the kind of people who monitor and publish their web traffic.
Intel publishing it isn't that surprising.
Several researchers pull processors apart for new undocumented features finding something new without an explanation is really suspicious, while "we're trying to compete with openssh" is a lot less suspicious.

ok, had somehow missed that boot guard was part of ME, thanks for pointing that out. Yes XEONS are for server and workstation use but 99% of office machines are not Xeons and remote management is something that large companies use to manage their large fleet of office machines. Myself I only use the server side version (so a full BMC on Xeons and Epycs) since where I work we let every one manage their own pc as they see fit, but the servers we have in a remote location and ssh is not fun when the machine is stuck in bios, powered off or kernel hang.

99% of office machines are not Xeons
: extra reason for Intel not to include enterprise specific features in them. A Xeon is an upsell(more expensive), you want those precious enterprise features, pay for them.
On the SSH point:
A. SSH is only not fun in those situations when it's not on a separate already booted controller(just like intel AMT), but that is actually quite easy to build.
Most server racks already have separate controllers.
B. Well, yes that's why they can argue it to be an attempt at competing with SSH. SSH might be free as in freedom and free beer and have more features, but it requires to set up your own separate microcontroller to manage ring 0 crashes.

Also a more generic reason I have against, "but it's for enterprise IT".
In enterprise IT the users don't own their time and/or devices any limitation of software freedoms makes sense in such a situation, because it would directly cost the one who does own these things the software freedom they get from owning these assets.
As a private buyer I do own my time/devices as such I want to control them.

Office desktops outsells consumer desktops by orders of magnitude and is where the money is for companies like Intel. Them removing ME from their consumer grade CPU:s and trying to get companies to upgrade to Xeons would only lead to one outcome: every single company would switch to AMD.


A. For at least a decennium AMD didn't have their own ME/AMT alternative(yes, it does now, but that is much later), so there would still be little reason and on the workstation devices AMD was never a real alternative anyway(, because no seller of prebuild workstation devices includes them, allegedly because intel pays them to).
B. Also Office desktops don't need the, "but I can edit the bios" feature, since there will always be someone who can follow simple instructions behind it and the os can flash the bios if you want to run an update.
For servers it's needed, because you might need to flash a new custom and unsigned bios, but for workstations you don't need that.

Edit: They included the option to turn it off for the American army, they could have simply left the option when it was discovered and used.
It required a special motherboard, so enterprise workstation devices could have avoided it easily by simply not blowing that fuse.
Residential consumers aren't an as profitable market as big enterprise contract, but they're the size of American Army contracts.

Intel added ME in 2008 and AMD added PSP in 2013 so both have had this for 11 years now, and those 5 years in between was Intel taking 100% of the company sales due to AMD not being viable here, Intel breaking that advantage by moving it to Xeons only would be an insanely stupid move.

Also this "they could not have hidden it" is kinda moot, the number of people that can scan down to nanometres AND also make some sense out of interconnections among 4.2bn transistors are easily counted and those same people would be far more capable of finding any nefarious design in the small area of the ME thanks to Intel showing exactly where on the chip it is. This whole fear mongering that it was put there due to demand from NSA was shutdown when we got the Snowden files since there isn't a trace of this there plus that it also showed that this is not how they operate, they instead perform targeted attacks where they capture hardware in transit and modify it before it reaches the customer (which is much more logical since it reduces the number of possible whistleblowers).

There are not "it can edit the bios" feature, not more than what you can do from userspace.

I can find no information on that the US army required Intel ME to be disabled. What I do know happened however is that the NSA requires that it is disabled to meet their "High Assurance Platform Mode" standard but that is not strange, that is simply them requiring all venues where code can be injected and run that is not neccessary for their operation to be disabled, in a HAP the very term remote administration is a big nono to begin with.

To date no one have found a shred of evidence that Intel ME or AMD PSP is used as a backdoor for anyone despite having existed for 16 years and it's not that people haven't tried to find any.
Marlock Oct 20
To date no one have found a shred of evidence that Intel ME or AMD PSP is used as a backdoor for anyone despite having existed for 16 years and it's not that people haven't tried to find any
except this is not a valid argument

i have just posted about the ludicrous huge gaping hole in 1st-gen Intel ME security that could let anyone do anything with vPro machines without the OS even being able to detect the action, so there is a public usable exploit PoC and there is no good way to track if it has actually been used in the wild

the only thing you can argue is that it was not put there on purpose which would make the ordeal amount to an immensely gross incompetence on the part of Intel... not really reassuring wrt later iterations of the same concept
LoudTechie Oct 20
So the companies that screw me over with Intel ME and AMD PSP are joining forces ? Consider me wanting to get off X86 to RiscV or Power9 even more than before.

yes it is popular to scare people that have no clue on how things work that these are somehow secret spy things when they in reality are nothing but managing devices for enterprise IT departments (just like how we in the server space have full on BMC cards instead).

ME is also what powers fTPM, bios signing and PlayReady drm.
These are all used to restrict your freedom to use your device how you like right now.
ME has been used by Israelian hackers to hack devices.
The procedure for using it requires you to receive an identification key from Intel based on information Intel generated, there is no indication that you can lock Intel out.
Maybe the American government isn't using it as a back door right here, right now, but the only reason we have to believe that is Intels' word.
ME is the reason modern devices can't install coreboot.

Also if it was just for remote management they would've put not such ridiculous amount of effort to counter all the efforts that have been done to remove it, because this is how it went: first you could simply remove the hardware, than they patched that and you could only remove the software, than they patched that and you couldn't, but someone found the secret government switch to turn it off and than they patched that and now the we have clean room reverse engineer it to turn it off without bricking our devices.

Also I'm not an It department and Intel knows that, because they sell a different bussiness and consumer line.
This is a feature they know I will never need, but they added it anyway.

The PlayReady drm does not use Intel ME, it uses SGX which is a completely different thing. fTPM exists only on AMD so again not Intel ME. Nor does it do bios signing.

Various hackers around the world have used every single piece of hw and sw to hack devices so not sure why Intel ME should be singled out for that reason. And for that matter I cannot find any information at all about anyone having hacked Intel ME, Israeli or otherwise, is this you confusing this with something else again or do you have any links?

You also seem a bit confused about coreboot, there are no Intel ME mechanism to prevent the installation of coreboot. The only connection between Intel ME and coreboot is that since Intel ME have it's firmware stored in the BIOS, Intel ME is disabled by coreboot since coreboot does not contain the necessary firmware.

Intel ME have never been a separate piece of hw, it have always been builtin to the cpu and it really have to be in order for it to function the way it's supposed to work.

I think that you are confusing Intel ME with TPM here since TPM started out as a separate chip and was then moved into the CPU after it was discovered that the connection between the TPM and the CPU could be eavesdropped and manipulated in a way that rendered TPM useless.

Intel ME is builtin to every single cpu since #1 Intel does not know which specific cpu a business tends to purchase for their office machines that their IT department wants to perform remote administration on and #2 it would be extremely expensive to have two separate chip fabs for non-ME and have-ME line of CPU:s of the same core design.

I would hope that people would understand that IF intel decided to put some hidden backdoor into their processors that they would have done that _hidden_ and not in a piece of hw that they openly advertise (and with complete guides on how to use like this one: Getting Started with Intel® Active Management Technology. Also to date not a single person have been able to see any Intel ME trying to communicate with the outside world (aka phone home), had this ever occurred you would not have missed it since it would have been screamed from rooftops.


In the modules section of the wikipedia BootGuard(bios signing), Protected Audio Video Path, frimware TPM(fTPM) and Secureboot(os signing) are explicitly mentioned as ME modules together with AMT(remote management feature).
You seem to be right about your playready thing though.

I'm not confusing ME with the TPM. That's why I specified it served fTPM(the f stands for firmware).
I was though conflating Coreboot with Libreboot. Libreboot/Canoeboot can't run on modern devices, because it doesn't include the properietary ME code.

The problem with the hacking, is that I can flash a new os when my os is hacked, but not a new ME.

wikipedia explanation of how Intel bootguard prevents coreboot.

Intel sells the Xeon line for enterprise applications and the I line for consumer applications they can simply only include it in Xeon processors.

The lack of phoning home is indeed the best proof we have about it not being a backdoor, which to me proofs mostly that they're not listening in on the devices of the kind of people who monitor and publish their web traffic.
Intel publishing it isn't that surprising.
Several researchers pull processors apart for new undocumented features finding something new without an explanation is really suspicious, while "we're trying to compete with openssh" is a lot less suspicious.

ok, had somehow missed that boot guard was part of ME, thanks for pointing that out. Yes XEONS are for server and workstation use but 99% of office machines are not Xeons and remote management is something that large companies use to manage their large fleet of office machines. Myself I only use the server side version (so a full BMC on Xeons and Epycs) since where I work we let every one manage their own pc as they see fit, but the servers we have in a remote location and ssh is not fun when the machine is stuck in bios, powered off or kernel hang.

99% of office machines are not Xeons
: extra reason for Intel not to include enterprise specific features in them. A Xeon is an upsell(more expensive), you want those precious enterprise features, pay for them.
On the SSH point:
A. SSH is only not fun in those situations when it's not on a separate already booted controller(just like intel AMT), but that is actually quite easy to build.
Most server racks already have separate controllers.
B. Well, yes that's why they can argue it to be an attempt at competing with SSH. SSH might be free as in freedom and free beer and have more features, but it requires to set up your own separate microcontroller to manage ring 0 crashes.

Also a more generic reason I have against, "but it's for enterprise IT".
In enterprise IT the users don't own their time and/or devices any limitation of software freedoms makes sense in such a situation, because it would directly cost the one who does own these things the software freedom they get from owning these assets.
As a private buyer I do own my time/devices as such I want to control them.

Office desktops outsells consumer desktops by orders of magnitude and is where the money is for companies like Intel. Them removing ME from their consumer grade CPU:s and trying to get companies to upgrade to Xeons would only lead to one outcome: every single company would switch to AMD.


A. For at least a decennium AMD didn't have their own ME/AMT alternative(yes, it does now, but that is much later), so there would still be little reason and on the workstation devices AMD was never a real alternative anyway(, because no seller of prebuild workstation devices includes them, allegedly because intel pays them to).
B. Also Office desktops don't need the, "but I can edit the bios" feature, since there will always be someone who can follow simple instructions behind it and the os can flash the bios if you want to run an update.
For servers it's needed, because you might need to flash a new custom and unsigned bios, but for workstations you don't need that.

Edit: They included the option to turn it off for the American army, they could have simply left the option when it was discovered and used.
It required a special motherboard, so enterprise workstation devices could have avoided it easily by simply not blowing that fuse.
Residential consumers aren't an as profitable market as big enterprise contract, but they're the size of American Army contracts.

Intel added ME in 2008 and AMD added PSP in 2013 so both have had this for 11 years now, and those 5 years in between was Intel taking 100% of the company sales due to AMD not being viable here, Intel breaking that advantage by moving it to Xeons only would be an insanely stupid move.

Also this "they could not have hidden it" is kinda moot, the number of people that can scan down to nanometres AND also make some sense out of interconnections among 4.2bn transistors are easily counted and those same people would be far more capable of finding any nefarious design in the small area of the ME thanks to Intel showing exactly where on the chip it is. This whole fear mongering that it was put there due to demand from NSA was shutdown when we got the Snowden files since there isn't a trace of this there plus that it also showed that this is not how they operate, they instead perform targeted attacks where they capture hardware in transit and modify it before it reaches the customer (which is much more logical since it reduces the number of possible whistleblowers).

There are not "it can edit the bios" feature, not more than what you can do from userspace.

I can find no information on that the US army required Intel ME to be disabled. What I do know happened however is that the NSA requires that it is disabled to meet their "High Assurance Platform Mode" standard but that is not strange, that is simply them requiring all venues where code can be injected and run that is not neccessary for their operation to be disabled, in a HAP the very term remote administration is a big nono to begin with.

To date no one have found a shred of evidence that Intel ME or AMD PSP is used as a backdoor for anyone despite having existed for 16 years and it's not that people haven't tried to find any.

during that periodthey grew 6 percentand made faster chips, while when they still had market dominance, but slower chips and their competition had AMT too it cost them 10% market share..
I internally explained that with people buying faster cpus, but maybe you're right and the only feature the profitable customers care about is AMT or AMT is needed feature for faster chips.
If any of those is the case I would be quite sad, but maybe you're right.

I don't need to scan down to the silicon level to activate an option in the bios. This is a feature they disabled later when users like myself started using it.
On the ease of hiding
A. Universities have access to such ability and they publish most to all things they find.
B. Also you don't need to scan up to silicon space to find software(and you need software to keep it updateable, which they need and did for something with full control of the entire device).
C. Also it's always active, so it could've been easily detected by power draw.
Generic storage chips take quite a lot more space than a few hard wired instructions and storing it on existing chips means someone only has to scan that chip

I've personally used the permanently disable feature on my older computer where this was still an option.

There are not "it can edit the bios" feature, not more than what you can do from userspace.
Than it has no advantage to openssh in workspace machines and as such they should make it Xeon specific.

On the backdoor question:
A. Bootguard, secureboot and drm are backdoory enough for me personally(they took control of my bios/computer).
B. Distinquishing an actively exploited vulnerability from a backdoor is really hard especially when the attacker has resources on par with intel. It has at least been actively exploited by the PLATINUM group.
C. Often western government attacks are aimed at specific targets(often called "spear fishing"), so just because the kind of people who actively publish their internet traffic aren't currently under attack doesn't mean nobody is and all the other signs are there.
All you need for AMT access is a code provided by intel(I read in on the public procedure).
They put real effort in sabotaging all removing efforts.
We didn't get access to the source code(not even source available).
It has access to the entire device.
The thing was introduced 3 years in the PRISM program(changing the fabs for new chip features costs 2 years).
(Also if you want to get truly paranoid:
For as long they only had it they made the fastest chips in the world and once that stopped they didn't, it doesn't sound like a very speed inducing feature, so maybe they got heavy R&D funding or access to classified technology from the government for introducing it.
I don't think it's the case, but it's an argument someone might use.)


Last edited by LoudTechie on 20 October 2024 at 8:57 pm UTC
LoudTechie Oct 20
To date no one have found a shred of evidence that Intel ME or AMD PSP is used as a backdoor for anyone despite having existed for 16 years and it's not that people haven't tried to find any
except this is not a valid argument

i have just posted about the ludicrous huge gaping hole in 1st-gen Intel ME security that could let anyone do anything with vPro machines without the OS even being able to detect the action, so there is a public usable exploit PoC and there is no good way to track if it has actually been used in the wild

the only thing you can argue is that it was not put there on purpose which would make the ordeal amount to an immensely gross incompetence on the part of Intel... not really reassuring wrt later iterations of the same concept


In that sense I'm willing to argue that this is actually the one argument Intel has for releasing it on the i series too.
Preventing large vulnerabilities is hard. The only realistic way to achieve this is to have the academic community take it on. There are two ways to achieve this, provide a juicy target and open source it.
Intel would never open source their backdoor, so it had to provide a juicy target and "it's currently embedded in your computer, you can't use it, you can't turn it off and it can do anything" is a great way to provide a juicy target.


Last edited by LoudTechie on 20 October 2024 at 8:03 pm UTC
F.Ultra Oct 21
View PC info
  • Supporter
To date no one have found a shred of evidence that Intel ME or AMD PSP is used as a backdoor for anyone despite having existed for 16 years and it's not that people haven't tried to find any
except this is not a valid argument

i have just posted about the ludicrous huge gaping hole in 1st-gen Intel ME security that could let anyone do anything with vPro machines without the OS even being able to detect the action, so there is a public usable exploit PoC and there is no good way to track if it has actually been used in the wild

the only thing you can argue is that it was not put there on purpose which would make the ordeal amount to an immensely gross incompetence on the part of Intel... not really reassuring wrt later iterations of the same concept

ofc I mean "by purpose", what else could I have meant?

listened to a fixed port at the ethernet connection even while the OS wasn't booted into, and even while the main processor was off... but more importantly also while the main OS was running, prior to OS listening and handling anything
Yes that is how all remote access cards work, would be quite worthless otherwise.


Last edited by F.Ultra on 21 October 2024 at 7:16 pm UTC
F.Ultra Oct 21
View PC info
  • Supporter
So the companies that screw me over with Intel ME and AMD PSP are joining forces ? Consider me wanting to get off X86 to RiscV or Power9 even more than before.

yes it is popular to scare people that have no clue on how things work that these are somehow secret spy things when they in reality are nothing but managing devices for enterprise IT departments (just like how we in the server space have full on BMC cards instead).

ME is also what powers fTPM, bios signing and PlayReady drm.
These are all used to restrict your freedom to use your device how you like right now.
ME has been used by Israelian hackers to hack devices.
The procedure for using it requires you to receive an identification key from Intel based on information Intel generated, there is no indication that you can lock Intel out.
Maybe the American government isn't using it as a back door right here, right now, but the only reason we have to believe that is Intels' word.
ME is the reason modern devices can't install coreboot.

Also if it was just for remote management they would've put not such ridiculous amount of effort to counter all the efforts that have been done to remove it, because this is how it went: first you could simply remove the hardware, than they patched that and you could only remove the software, than they patched that and you couldn't, but someone found the secret government switch to turn it off and than they patched that and now the we have clean room reverse engineer it to turn it off without bricking our devices.

Also I'm not an It department and Intel knows that, because they sell a different bussiness and consumer line.
This is a feature they know I will never need, but they added it anyway.

The PlayReady drm does not use Intel ME, it uses SGX which is a completely different thing. fTPM exists only on AMD so again not Intel ME. Nor does it do bios signing.

Various hackers around the world have used every single piece of hw and sw to hack devices so not sure why Intel ME should be singled out for that reason. And for that matter I cannot find any information at all about anyone having hacked Intel ME, Israeli or otherwise, is this you confusing this with something else again or do you have any links?

You also seem a bit confused about coreboot, there are no Intel ME mechanism to prevent the installation of coreboot. The only connection between Intel ME and coreboot is that since Intel ME have it's firmware stored in the BIOS, Intel ME is disabled by coreboot since coreboot does not contain the necessary firmware.

Intel ME have never been a separate piece of hw, it have always been builtin to the cpu and it really have to be in order for it to function the way it's supposed to work.

I think that you are confusing Intel ME with TPM here since TPM started out as a separate chip and was then moved into the CPU after it was discovered that the connection between the TPM and the CPU could be eavesdropped and manipulated in a way that rendered TPM useless.

Intel ME is builtin to every single cpu since #1 Intel does not know which specific cpu a business tends to purchase for their office machines that their IT department wants to perform remote administration on and #2 it would be extremely expensive to have two separate chip fabs for non-ME and have-ME line of CPU:s of the same core design.

I would hope that people would understand that IF intel decided to put some hidden backdoor into their processors that they would have done that _hidden_ and not in a piece of hw that they openly advertise (and with complete guides on how to use like this one: Getting Started with Intel® Active Management Technology. Also to date not a single person have been able to see any Intel ME trying to communicate with the outside world (aka phone home), had this ever occurred you would not have missed it since it would have been screamed from rooftops.


In the modules section of the wikipedia BootGuard(bios signing), Protected Audio Video Path, frimware TPM(fTPM) and Secureboot(os signing) are explicitly mentioned as ME modules together with AMT(remote management feature).
You seem to be right about your playready thing though.

I'm not confusing ME with the TPM. That's why I specified it served fTPM(the f stands for firmware).
I was though conflating Coreboot with Libreboot. Libreboot/Canoeboot can't run on modern devices, because it doesn't include the properietary ME code.

The problem with the hacking, is that I can flash a new os when my os is hacked, but not a new ME.

wikipedia explanation of how Intel bootguard prevents coreboot.

Intel sells the Xeon line for enterprise applications and the I line for consumer applications they can simply only include it in Xeon processors.

The lack of phoning home is indeed the best proof we have about it not being a backdoor, which to me proofs mostly that they're not listening in on the devices of the kind of people who monitor and publish their web traffic.
Intel publishing it isn't that surprising.
Several researchers pull processors apart for new undocumented features finding something new without an explanation is really suspicious, while "we're trying to compete with openssh" is a lot less suspicious.

ok, had somehow missed that boot guard was part of ME, thanks for pointing that out. Yes XEONS are for server and workstation use but 99% of office machines are not Xeons and remote management is something that large companies use to manage their large fleet of office machines. Myself I only use the server side version (so a full BMC on Xeons and Epycs) since where I work we let every one manage their own pc as they see fit, but the servers we have in a remote location and ssh is not fun when the machine is stuck in bios, powered off or kernel hang.

99% of office machines are not Xeons
: extra reason for Intel not to include enterprise specific features in them. A Xeon is an upsell(more expensive), you want those precious enterprise features, pay for them.
On the SSH point:
A. SSH is only not fun in those situations when it's not on a separate already booted controller(just like intel AMT), but that is actually quite easy to build.
Most server racks already have separate controllers.
B. Well, yes that's why they can argue it to be an attempt at competing with SSH. SSH might be free as in freedom and free beer and have more features, but it requires to set up your own separate microcontroller to manage ring 0 crashes.

Also a more generic reason I have against, "but it's for enterprise IT".
In enterprise IT the users don't own their time and/or devices any limitation of software freedoms makes sense in such a situation, because it would directly cost the one who does own these things the software freedom they get from owning these assets.
As a private buyer I do own my time/devices as such I want to control them.

Office desktops outsells consumer desktops by orders of magnitude and is where the money is for companies like Intel. Them removing ME from their consumer grade CPU:s and trying to get companies to upgrade to Xeons would only lead to one outcome: every single company would switch to AMD.


A. For at least a decennium AMD didn't have their own ME/AMT alternative(yes, it does now, but that is much later), so there would still be little reason and on the workstation devices AMD was never a real alternative anyway(, because no seller of prebuild workstation devices includes them, allegedly because intel pays them to).
B. Also Office desktops don't need the, "but I can edit the bios" feature, since there will always be someone who can follow simple instructions behind it and the os can flash the bios if you want to run an update.
For servers it's needed, because you might need to flash a new custom and unsigned bios, but for workstations you don't need that.

Edit: They included the option to turn it off for the American army, they could have simply left the option when it was discovered and used.
It required a special motherboard, so enterprise workstation devices could have avoided it easily by simply not blowing that fuse.
Residential consumers aren't an as profitable market as big enterprise contract, but they're the size of American Army contracts.

Intel added ME in 2008 and AMD added PSP in 2013 so both have had this for 11 years now, and those 5 years in between was Intel taking 100% of the company sales due to AMD not being viable here, Intel breaking that advantage by moving it to Xeons only would be an insanely stupid move.

Also this "they could not have hidden it" is kinda moot, the number of people that can scan down to nanometres AND also make some sense out of interconnections among 4.2bn transistors are easily counted and those same people would be far more capable of finding any nefarious design in the small area of the ME thanks to Intel showing exactly where on the chip it is. This whole fear mongering that it was put there due to demand from NSA was shutdown when we got the Snowden files since there isn't a trace of this there plus that it also showed that this is not how they operate, they instead perform targeted attacks where they capture hardware in transit and modify it before it reaches the customer (which is much more logical since it reduces the number of possible whistleblowers).

There are not "it can edit the bios" feature, not more than what you can do from userspace.

I can find no information on that the US army required Intel ME to be disabled. What I do know happened however is that the NSA requires that it is disabled to meet their "High Assurance Platform Mode" standard but that is not strange, that is simply them requiring all venues where code can be injected and run that is not neccessary for their operation to be disabled, in a HAP the very term remote administration is a big nono to begin with.

To date no one have found a shred of evidence that Intel ME or AMD PSP is used as a backdoor for anyone despite having existed for 16 years and it's not that people haven't tried to find any.

during that periodthey grew 6 percentand made faster chips, while when they still had market dominance, but slower chips and their competition had AMT too it cost them 10% market share..
I internally explained that with people buying faster cpus, but maybe you're right and the only feature the profitable customers care about is AMT or AMT is needed feature for faster chips.
If any of those is the case I would be quite sad, but maybe you're right.

I don't need to scan down to the silicon level to activate an option in the bios. This is a feature they disabled later when users like myself started using it.
On the ease of hiding
A. Universities have access to such ability and they publish most to all things they find.
B. Also you don't need to scan up to silicon space to find software(and you need software to keep it updateable, which they need and did for something with full control of the entire device).
C. Also it's always active, so it could've been easily detected by power draw.
Generic storage chips take quite a lot more space than a few hard wired instructions and storing it on existing chips means someone only has to scan that chip

I've personally used the permanently disable feature on my older computer where this was still an option.

There are not "it can edit the bios" feature, not more than what you can do from userspace.
Than it has no advantage to openssh in workspace machines and as such they should make it Xeon specific.

On the backdoor question:
A. Bootguard, secureboot and drm are backdoory enough for me personally(they took control of my bios/computer).
B. Distinquishing an actively exploited vulnerability from a backdoor is really hard especially when the attacker has resources on par with intel. It has at least been actively exploited by the PLATINUM group.
C. Often western government attacks are aimed at specific targets(often called "spear fishing"), so just because the kind of people who actively publish their internet traffic aren't currently under attack doesn't mean nobody is and all the other signs are there.
All you need for AMT access is a code provided by intel(I read in on the public procedure).
They put real effort in sabotaging all removing efforts.
We didn't get access to the source code(not even source available).
It has access to the entire device.
The thing was introduced 3 years in the PRISM program(changing the fabs for new chip features costs 2 years).
(Also if you want to get truly paranoid:
For as long they only had it they made the fastest chips in the world and once that stopped they didn't, it doesn't sound like a very speed inducing feature, so maybe they got heavy R&D funding or access to classified technology from the government for introducing it.
I don't think it's the case, but it's an argument someone might use.)

The thing you have missed with PRISM is that it was leaked (on several occasions), now show me the Intel ME / AMD PSP leaks. And please show me a single university with this capability.
  • Supporter Plus
So the companies that screw me over with Intel ME and AMD PSP are joining forces ? Consider me wanting to get off X86 to RiscV or Power9 even more than before.

yes it is popular to scare people that have no clue on how things work that these are somehow secret spy things when they in reality are nothing but managing devices for enterprise IT departments (just like how we in the server space have full on BMC cards instead).

ME is also what powers fTPM, bios signing and PlayReady drm.
These are all used to restrict your freedom to use your device how you like right now.
ME has been used by Israelian hackers to hack devices.
The procedure for using it requires you to receive an identification key from Intel based on information Intel generated, there is no indication that you can lock Intel out.
Maybe the American government isn't using it as a back door right here, right now, but the only reason we have to believe that is Intels' word.
ME is the reason modern devices can't install coreboot.

Also if it was just for remote management they would've put not such ridiculous amount of effort to counter all the efforts that have been done to remove it, because this is how it went: first you could simply remove the hardware, than they patched that and you could only remove the software, than they patched that and you couldn't, but someone found the secret government switch to turn it off and than they patched that and now the we have clean room reverse engineer it to turn it off without bricking our devices.

Also I'm not an It department and Intel knows that, because they sell a different bussiness and consumer line.
This is a feature they know I will never need, but they added it anyway.

The PlayReady drm does not use Intel ME, it uses SGX which is a completely different thing. fTPM exists only on AMD so again not Intel ME. Nor does it do bios signing.

Various hackers around the world have used every single piece of hw and sw to hack devices so not sure why Intel ME should be singled out for that reason. And for that matter I cannot find any information at all about anyone having hacked Intel ME, Israeli or otherwise, is this you confusing this with something else again or do you have any links?

You also seem a bit confused about coreboot, there are no Intel ME mechanism to prevent the installation of coreboot. The only connection between Intel ME and coreboot is that since Intel ME have it's firmware stored in the BIOS, Intel ME is disabled by coreboot since coreboot does not contain the necessary firmware.

Intel ME have never been a separate piece of hw, it have always been builtin to the cpu and it really have to be in order for it to function the way it's supposed to work.

I think that you are confusing Intel ME with TPM here since TPM started out as a separate chip and was then moved into the CPU after it was discovered that the connection between the TPM and the CPU could be eavesdropped and manipulated in a way that rendered TPM useless.

Intel ME is builtin to every single cpu since #1 Intel does not know which specific cpu a business tends to purchase for their office machines that their IT department wants to perform remote administration on and #2 it would be extremely expensive to have two separate chip fabs for non-ME and have-ME line of CPU:s of the same core design.

I would hope that people would understand that IF intel decided to put some hidden backdoor into their processors that they would have done that _hidden_ and not in a piece of hw that they openly advertise (and with complete guides on how to use like this one: Getting Started with Intel® Active Management Technology. Also to date not a single person have been able to see any Intel ME trying to communicate with the outside world (aka phone home), had this ever occurred you would not have missed it since it would have been screamed from rooftops.


In the modules section of the wikipedia BootGuard(bios signing), Protected Audio Video Path, frimware TPM(fTPM) and Secureboot(os signing) are explicitly mentioned as ME modules together with AMT(remote management feature).
You seem to be right about your playready thing though.

I'm not confusing ME with the TPM. That's why I specified it served fTPM(the f stands for firmware).
I was though conflating Coreboot with Libreboot. Libreboot/Canoeboot can't run on modern devices, because it doesn't include the properietary ME code.

The problem with the hacking, is that I can flash a new os when my os is hacked, but not a new ME.

wikipedia explanation of how Intel bootguard prevents coreboot.

Intel sells the Xeon line for enterprise applications and the I line for consumer applications they can simply only include it in Xeon processors.

The lack of phoning home is indeed the best proof we have about it not being a backdoor, which to me proofs mostly that they're not listening in on the devices of the kind of people who monitor and publish their web traffic.
Intel publishing it isn't that surprising.
Several researchers pull processors apart for new undocumented features finding something new without an explanation is really suspicious, while "we're trying to compete with openssh" is a lot less suspicious.

ok, had somehow missed that boot guard was part of ME, thanks for pointing that out. Yes XEONS are for server and workstation use but 99% of office machines are not Xeons and remote management is something that large companies use to manage their large fleet of office machines. Myself I only use the server side version (so a full BMC on Xeons and Epycs) since where I work we let every one manage their own pc as they see fit, but the servers we have in a remote location and ssh is not fun when the machine is stuck in bios, powered off or kernel hang.

99% of office machines are not Xeons
: extra reason for Intel not to include enterprise specific features in them. A Xeon is an upsell(more expensive), you want those precious enterprise features, pay for them.
On the SSH point:
A. SSH is only not fun in those situations when it's not on a separate already booted controller(just like intel AMT), but that is actually quite easy to build.
Most server racks already have separate controllers.
B. Well, yes that's why they can argue it to be an attempt at competing with SSH. SSH might be free as in freedom and free beer and have more features, but it requires to set up your own separate microcontroller to manage ring 0 crashes.

Also a more generic reason I have against, "but it's for enterprise IT".
In enterprise IT the users don't own their time and/or devices any limitation of software freedoms makes sense in such a situation, because it would directly cost the one who does own these things the software freedom they get from owning these assets.
As a private buyer I do own my time/devices as such I want to control them.

Office desktops outsells consumer desktops by orders of magnitude and is where the money is for companies like Intel. Them removing ME from their consumer grade CPU:s and trying to get companies to upgrade to Xeons would only lead to one outcome: every single company would switch to AMD.


A. For at least a decennium AMD didn't have their own ME/AMT alternative(yes, it does now, but that is much later), so there would still be little reason and on the workstation devices AMD was never a real alternative anyway(, because no seller of prebuild workstation devices includes them, allegedly because intel pays them to).
B. Also Office desktops don't need the, "but I can edit the bios" feature, since there will always be someone who can follow simple instructions behind it and the os can flash the bios if you want to run an update.
For servers it's needed, because you might need to flash a new custom and unsigned bios, but for workstations you don't need that.

Edit: They included the option to turn it off for the American army, they could have simply left the option when it was discovered and used.
It required a special motherboard, so enterprise workstation devices could have avoided it easily by simply not blowing that fuse.
Residential consumers aren't an as profitable market as big enterprise contract, but they're the size of American Army contracts.

Intel added ME in 2008 and AMD added PSP in 2013 so both have had this for 11 years now, and those 5 years in between was Intel taking 100% of the company sales due to AMD not being viable here, Intel breaking that advantage by moving it to Xeons only would be an insanely stupid move.

Also this "they could not have hidden it" is kinda moot, the number of people that can scan down to nanometres AND also make some sense out of interconnections among 4.2bn transistors are easily counted and those same people would be far more capable of finding any nefarious design in the small area of the ME thanks to Intel showing exactly where on the chip it is. This whole fear mongering that it was put there due to demand from NSA was shutdown when we got the Snowden files since there isn't a trace of this there plus that it also showed that this is not how they operate, they instead perform targeted attacks where they capture hardware in transit and modify it before it reaches the customer (which is much more logical since it reduces the number of possible whistleblowers).

There are not "it can edit the bios" feature, not more than what you can do from userspace.

I can find no information on that the US army required Intel ME to be disabled. What I do know happened however is that the NSA requires that it is disabled to meet their "High Assurance Platform Mode" standard but that is not strange, that is simply them requiring all venues where code can be injected and run that is not neccessary for their operation to be disabled, in a HAP the very term remote administration is a big nono to begin with.

To date no one have found a shred of evidence that Intel ME or AMD PSP is used as a backdoor for anyone despite having existed for 16 years and it's not that people haven't tried to find any.

during that periodthey grew 6 percentand made faster chips, while when they still had market dominance, but slower chips and their competition had AMT too it cost them 10% market share..
I internally explained that with people buying faster cpus, but maybe you're right and the only feature the profitable customers care about is AMT or AMT is needed feature for faster chips.
If any of those is the case I would be quite sad, but maybe you're right.

I don't need to scan down to the silicon level to activate an option in the bios. This is a feature they disabled later when users like myself started using it.
On the ease of hiding
A. Universities have access to such ability and they publish most to all things they find.
B. Also you don't need to scan up to silicon space to find software(and you need software to keep it updateable, which they need and did for something with full control of the entire device).
C. Also it's always active, so it could've been easily detected by power draw.
Generic storage chips take quite a lot more space than a few hard wired instructions and storing it on existing chips means someone only has to scan that chip

I've personally used the permanently disable feature on my older computer where this was still an option.

There are not "it can edit the bios" feature, not more than what you can do from userspace.
Than it has no advantage to openssh in workspace machines and as such they should make it Xeon specific.

On the backdoor question:
A. Bootguard, secureboot and drm are backdoory enough for me personally(they took control of my bios/computer).
B. Distinquishing an actively exploited vulnerability from a backdoor is really hard especially when the attacker has resources on par with intel. It has at least been actively exploited by the PLATINUM group.
C. Often western government attacks are aimed at specific targets(often called "spear fishing"), so just because the kind of people who actively publish their internet traffic aren't currently under attack doesn't mean nobody is and all the other signs are there.
All you need for AMT access is a code provided by intel(I read in on the public procedure).
They put real effort in sabotaging all removing efforts.
We didn't get access to the source code(not even source available).
It has access to the entire device.
The thing was introduced 3 years in the PRISM program(changing the fabs for new chip features costs 2 years).
(Also if you want to get truly paranoid:
For as long they only had it they made the fastest chips in the world and once that stopped they didn't, it doesn't sound like a very speed inducing feature, so maybe they got heavy R&D funding or access to classified technology from the government for introducing it.
I don't think it's the case, but it's an argument someone might use.)

The thing you have missed with PRISM is that it was leaked (on several occasions), now show me the Intel ME / AMD PSP leaks. And please show me a single university with this capability.
Holy quote tree!
LoudTechie Oct 22
So the companies that screw me over with Intel ME and AMD PSP are joining forces ? Consider me wanting to get off X86 to RiscV or Power9 even more than before.

yes it is popular to scare people that have no clue on how things work that these are somehow secret spy things when they in reality are nothing but managing devices for enterprise IT departments (just like how we in the server space have full on BMC cards instead).

ME is also what powers fTPM, bios signing and PlayReady drm.
These are all used to restrict your freedom to use your device how you like right now.
ME has been used by Israelian hackers to hack devices.
The procedure for using it requires you to receive an identification key from Intel based on information Intel generated, there is no indication that you can lock Intel out.
Maybe the American government isn't using it as a back door right here, right now, but the only reason we have to believe that is Intels' word.
ME is the reason modern devices can't install coreboot.

Also if it was just for remote management they would've put not such ridiculous amount of effort to counter all the efforts that have been done to remove it, because this is how it went: first you could simply remove the hardware, than they patched that and you could only remove the software, than they patched that and you couldn't, but someone found the secret government switch to turn it off and than they patched that and now the we have clean room reverse engineer it to turn it off without bricking our devices.

Also I'm not an It department and Intel knows that, because they sell a different bussiness and consumer line.
This is a feature they know I will never need, but they added it anyway.

The PlayReady drm does not use Intel ME, it uses SGX which is a completely different thing. fTPM exists only on AMD so again not Intel ME. Nor does it do bios signing.

Various hackers around the world have used every single piece of hw and sw to hack devices so not sure why Intel ME should be singled out for that reason. And for that matter I cannot find any information at all about anyone having hacked Intel ME, Israeli or otherwise, is this you confusing this with something else again or do you have any links?

You also seem a bit confused about coreboot, there are no Intel ME mechanism to prevent the installation of coreboot. The only connection between Intel ME and coreboot is that since Intel ME have it's firmware stored in the BIOS, Intel ME is disabled by coreboot since coreboot does not contain the necessary firmware.

Intel ME have never been a separate piece of hw, it have always been builtin to the cpu and it really have to be in order for it to function the way it's supposed to work.

I think that you are confusing Intel ME with TPM here since TPM started out as a separate chip and was then moved into the CPU after it was discovered that the connection between the TPM and the CPU could be eavesdropped and manipulated in a way that rendered TPM useless.

Intel ME is builtin to every single cpu since #1 Intel does not know which specific cpu a business tends to purchase for their office machines that their IT department wants to perform remote administration on and #2 it would be extremely expensive to have two separate chip fabs for non-ME and have-ME line of CPU:s of the same core design.

I would hope that people would understand that IF intel decided to put some hidden backdoor into their processors that they would have done that _hidden_ and not in a piece of hw that they openly advertise (and with complete guides on how to use like this one: Getting Started with Intel® Active Management Technology. Also to date not a single person have been able to see any Intel ME trying to communicate with the outside world (aka phone home), had this ever occurred you would not have missed it since it would have been screamed from rooftops.


In the modules section of the wikipedia BootGuard(bios signing), Protected Audio Video Path, frimware TPM(fTPM) and Secureboot(os signing) are explicitly mentioned as ME modules together with AMT(remote management feature).
You seem to be right about your playready thing though.

I'm not confusing ME with the TPM. That's why I specified it served fTPM(the f stands for firmware).
I was though conflating Coreboot with Libreboot. Libreboot/Canoeboot can't run on modern devices, because it doesn't include the properietary ME code.

The problem with the hacking, is that I can flash a new os when my os is hacked, but not a new ME.

wikipedia explanation of how Intel bootguard prevents coreboot.

Intel sells the Xeon line for enterprise applications and the I line for consumer applications they can simply only include it in Xeon processors.

The lack of phoning home is indeed the best proof we have about it not being a backdoor, which to me proofs mostly that they're not listening in on the devices of the kind of people who monitor and publish their web traffic.
Intel publishing it isn't that surprising.
Several researchers pull processors apart for new undocumented features finding something new without an explanation is really suspicious, while "we're trying to compete with openssh" is a lot less suspicious.

ok, had somehow missed that boot guard was part of ME, thanks for pointing that out. Yes XEONS are for server and workstation use but 99% of office machines are not Xeons and remote management is something that large companies use to manage their large fleet of office machines. Myself I only use the server side version (so a full BMC on Xeons and Epycs) since where I work we let every one manage their own pc as they see fit, but the servers we have in a remote location and ssh is not fun when the machine is stuck in bios, powered off or kernel hang.

99% of office machines are not Xeons
: extra reason for Intel not to include enterprise specific features in them. A Xeon is an upsell(more expensive), you want those precious enterprise features, pay for them.
On the SSH point:
A. SSH is only not fun in those situations when it's not on a separate already booted controller(just like intel AMT), but that is actually quite easy to build.
Most server racks already have separate controllers.
B. Well, yes that's why they can argue it to be an attempt at competing with SSH. SSH might be free as in freedom and free beer and have more features, but it requires to set up your own separate microcontroller to manage ring 0 crashes.

Also a more generic reason I have against, "but it's for enterprise IT".
In enterprise IT the users don't own their time and/or devices any limitation of software freedoms makes sense in such a situation, because it would directly cost the one who does own these things the software freedom they get from owning these assets.
As a private buyer I do own my time/devices as such I want to control them.

Office desktops outsells consumer desktops by orders of magnitude and is where the money is for companies like Intel. Them removing ME from their consumer grade CPU:s and trying to get companies to upgrade to Xeons would only lead to one outcome: every single company would switch to AMD.


A. For at least a decennium AMD didn't have their own ME/AMT alternative(yes, it does now, but that is much later), so there would still be little reason and on the workstation devices AMD was never a real alternative anyway(, because no seller of prebuild workstation devices includes them, allegedly because intel pays them to).
B. Also Office desktops don't need the, "but I can edit the bios" feature, since there will always be someone who can follow simple instructions behind it and the os can flash the bios if you want to run an update.
For servers it's needed, because you might need to flash a new custom and unsigned bios, but for workstations you don't need that.

Edit: They included the option to turn it off for the American army, they could have simply left the option when it was discovered and used.
It required a special motherboard, so enterprise workstation devices could have avoided it easily by simply not blowing that fuse.
Residential consumers aren't an as profitable market as big enterprise contract, but they're the size of American Army contracts.

Intel added ME in 2008 and AMD added PSP in 2013 so both have had this for 11 years now, and those 5 years in between was Intel taking 100% of the company sales due to AMD not being viable here, Intel breaking that advantage by moving it to Xeons only would be an insanely stupid move.

Also this "they could not have hidden it" is kinda moot, the number of people that can scan down to nanometres AND also make some sense out of interconnections among 4.2bn transistors are easily counted and those same people would be far more capable of finding any nefarious design in the small area of the ME thanks to Intel showing exactly where on the chip it is. This whole fear mongering that it was put there due to demand from NSA was shutdown when we got the Snowden files since there isn't a trace of this there plus that it also showed that this is not how they operate, they instead perform targeted attacks where they capture hardware in transit and modify it before it reaches the customer (which is much more logical since it reduces the number of possible whistleblowers).

There are not "it can edit the bios" feature, not more than what you can do from userspace.

I can find no information on that the US army required Intel ME to be disabled. What I do know happened however is that the NSA requires that it is disabled to meet their "High Assurance Platform Mode" standard but that is not strange, that is simply them requiring all venues where code can be injected and run that is not neccessary for their operation to be disabled, in a HAP the very term remote administration is a big nono to begin with.

To date no one have found a shred of evidence that Intel ME or AMD PSP is used as a backdoor for anyone despite having existed for 16 years and it's not that people haven't tried to find any.

during that periodthey grew 6 percentand made faster chips, while when they still had market dominance, but slower chips and their competition had AMT too it cost them 10% market share..
I internally explained that with people buying faster cpus, but maybe you're right and the only feature the profitable customers care about is AMT or AMT is needed feature for faster chips.
If any of those is the case I would be quite sad, but maybe you're right.

I don't need to scan down to the silicon level to activate an option in the bios. This is a feature they disabled later when users like myself started using it.
On the ease of hiding
A. Universities have access to such ability and they publish most to all things they find.
B. Also you don't need to scan up to silicon space to find software(and you need software to keep it updateable, which they need and did for something with full control of the entire device).
C. Also it's always active, so it could've been easily detected by power draw.
Generic storage chips take quite a lot more space than a few hard wired instructions and storing it on existing chips means someone only has to scan that chip

I've personally used the permanently disable feature on my older computer where this was still an option.

There are not "it can edit the bios" feature, not more than what you can do from userspace.
Than it has no advantage to openssh in workspace machines and as such they should make it Xeon specific.

On the backdoor question:
A. Bootguard, secureboot and drm are backdoory enough for me personally(they took control of my bios/computer).
B. Distinquishing an actively exploited vulnerability from a backdoor is really hard especially when the attacker has resources on par with intel. It has at least been actively exploited by the PLATINUM group.
C. Often western government attacks are aimed at specific targets(often called "spear fishing"), so just because the kind of people who actively publish their internet traffic aren't currently under attack doesn't mean nobody is and all the other signs are there.
All you need for AMT access is a code provided by intel(I read in on the public procedure).
They put real effort in sabotaging all removing efforts.
We didn't get access to the source code(not even source available).
It has access to the entire device.
The thing was introduced 3 years in the PRISM program(changing the fabs for new chip features costs 2 years).
(Also if you want to get truly paranoid:
For as long they only had it they made the fastest chips in the world and once that stopped they didn't, it doesn't sound like a very speed inducing feature, so maybe they got heavy R&D funding or access to classified technology from the government for introducing it.
I don't think it's the case, but it's an argument someone might use.)

The thing you have missed with PRISM is that it was leaked (on several occasions), now show me the Intel ME / AMD PSP leaks. And please show me a single university with this capability.




harvard can do it, without destroying the chip.
This is a paper by an academic who introduces extra methods to reverse engineer chips(which is what this is.
These academics innovated in the space
These guys innovated a way without fancy equipment for always on hardware trojans(the only possible difference between IntelME and a hardware Trojan anybody has been able to present to me is intent, which isn't a property this method exploits, so it could also be used to detect IntelME)
The university of Wyonming can do it at least destructive.
A moment capture of the state of technology on this question.
These academics actually went looking for hardware trojans.
This academic published an AI model for it(you know how much data is needed for AI).


On the part where you demand proof for the obviously classified information: "does Intel spy for a government?"
The person in charge of PRISM met with the leaked companies and you guessed it Intel.
Although this could only have been a government contract negotiation, you've to remember that seem to be the places where the government demands backdoors.

On the, "but it would have leaked" part.
So, because Intel and AMD can look after their own intel they're not spies.
PRISM would've still existed had it not leaked and the only thing that was leaked was a bunch of (quite damning)executive summary slides.
The laws needed for it apply to Intel and AMD too(those one sided codes can be demanded under the FISA).
They already introduced a feature to keep us locked to Windows and Microsoft was mentioned in the PRISM leak and windows spies on its users.
Apple, Microsoft and Meta never leaked about their government spying either, the government did, if those companies did it before the government they would be in violation of the FISA.
Microsoft is one of the few to admit sharing data with the government after the leak, dropbox denies it to this day, while they were explicitly mentioned.
The dumb program of the CIA that assumed that LSD was the key to mind control(It's not) was never leaked, just declassified and took a lot more decades than PRISM and it directly endangered interfered with the life of those keeping it a secret contrary to PRISM.

I do have criticism on the demand for airtight proof for "Intel spies for the government":
Intel and the secret service are very secretive and I've already shown they're contractually(American army turn off switch for Intel ME) close related to Intel ME.
I'm neither a cooperate spy nor an intelligence officer and even if I was I would be limited to using publicly and semi-legally accessible sources and this would obviously be Top Secret and not older than 2007(start of FISA/PRISM).
You expect me to with just 17 years of public information obtain Top Secret information in a form that would be admissible in court and probably cannot be extracted through purely technical means about a manufacturer of devices I cannot safely inspect without violating copyright law(DMCA and drm keys) and has access to some of the most advanced technical means on the entire planet. Also this information is classified by an army that does 45% of all global spending on military in the world.
All coming from the same country whose police concludes that someone spreading indicting information about a powerful company committed suicide with a gun he didn't touch(no gloves and no fingerprints) and where whistleblowers about aerospace companies need witness protection at all.
The press got lucky with the Snowden leaks: the NSA was sloppy and he was brave/stupid.
That's the kind of information that is rare.
If I had that kind of capabilities I wouldn't be studying IT and bothering myself with small targets like Intel ME. I would either be working as a spy or a private investigator for human rights organizations.
Personally I keep the rule:
If the market capacity(Intel has a serious market share), capability(AMT), leverage(FISA and government subsidies like the CHIPS act) and contractual connections(off switch American army and visit PRISM guy) exists, the spying exists until proven otherwise.
I know a judge would require more for an actual conviction, although I believe it would be enough to warrant an official investigation if this violated the law at all(which thanks to FISA it doesn't in the USA. One could try it at an European court though with false advertising accusations. ).
The meeting between Intel representatives and PRISM representatives and the precedent of the Snowden Leaks and the export restricions(the USA can force changes to the products Intel sells. The only thing that can be twisted about is whether this involves security changes) are just a cherry on top in my eyes, these people know phones and the postal service exist they don't need to directly talk to each other to achieve this.


Another way Intel could've easily avoided having to include the ME everywhere:
is one of the ways they limit who can use it right now. If you want to be the one activating an AMT connection you need a vpro device. Intel could have used the same tech to lock the entire feature to the vpro line.(you've to buy vpro computers anyway if you want to use it, they could even have introduced a premium and non-premium version of vpro through binning.)
[They served it to only servers before with IPMI.](file:///tmp/mozilla_martin0/lacon12_intel_amt.pdf)


Other fun timing coincidence I just realised: AMD released psp in the same year as the Snowden Leaks came out 2013.
I don't think this is because of the Snowden leaks(they would've had to have it ready for years if that's how they played it).




Other backdoory behavrior I've found:
Personally I've observed from two x86 computers in my room that if I turned the os off and left Ethernet connected around 20seconds later it would start flashing as if was exchanging.
Intel anti-theft allows someone with access to intel data to remotely brick your pc.


Last edited by LoudTechie on 23 October 2024 at 1:08 pm UTC
LoudTechie Oct 22
So the companies that screw me over with Intel ME and AMD PSP are joining forces ? Consider me wanting to get off X86 to RiscV or Power9 even more than before.

yes it is popular to scare people that have no clue on how things work that these are somehow secret spy things when they in reality are nothing but managing devices for enterprise IT departments (just like how we in the server space have full on BMC cards instead).

ME is also what powers fTPM, bios signing and PlayReady drm.
These are all used to restrict your freedom to use your device how you like right now.
ME has been used by Israelian hackers to hack devices.
The procedure for using it requires you to receive an identification key from Intel based on information Intel generated, there is no indication that you can lock Intel out.
Maybe the American government isn't using it as a back door right here, right now, but the only reason we have to believe that is Intels' word.
ME is the reason modern devices can't install coreboot.

Also if it was just for remote management they would've put not such ridiculous amount of effort to counter all the efforts that have been done to remove it, because this is how it went: first you could simply remove the hardware, than they patched that and you could only remove the software, than they patched that and you couldn't, but someone found the secret government switch to turn it off and than they patched that and now the we have clean room reverse engineer it to turn it off without bricking our devices.

Also I'm not an It department and Intel knows that, because they sell a different bussiness and consumer line.
This is a feature they know I will never need, but they added it anyway.

The PlayReady drm does not use Intel ME, it uses SGX which is a completely different thing. fTPM exists only on AMD so again not Intel ME. Nor does it do bios signing.

Various hackers around the world have used every single piece of hw and sw to hack devices so not sure why Intel ME should be singled out for that reason. And for that matter I cannot find any information at all about anyone having hacked Intel ME, Israeli or otherwise, is this you confusing this with something else again or do you have any links?

You also seem a bit confused about coreboot, there are no Intel ME mechanism to prevent the installation of coreboot. The only connection between Intel ME and coreboot is that since Intel ME have it's firmware stored in the BIOS, Intel ME is disabled by coreboot since coreboot does not contain the necessary firmware.

Intel ME have never been a separate piece of hw, it have always been builtin to the cpu and it really have to be in order for it to function the way it's supposed to work.

I think that you are confusing Intel ME with TPM here since TPM started out as a separate chip and was then moved into the CPU after it was discovered that the connection between the TPM and the CPU could be eavesdropped and manipulated in a way that rendered TPM useless.

Intel ME is builtin to every single cpu since #1 Intel does not know which specific cpu a business tends to purchase for their office machines that their IT department wants to perform remote administration on and #2 it would be extremely expensive to have two separate chip fabs for non-ME and have-ME line of CPU:s of the same core design.

I would hope that people would understand that IF intel decided to put some hidden backdoor into their processors that they would have done that _hidden_ and not in a piece of hw that they openly advertise (and with complete guides on how to use like this one: Getting Started with Intel® Active Management Technology. Also to date not a single person have been able to see any Intel ME trying to communicate with the outside world (aka phone home), had this ever occurred you would not have missed it since it would have been screamed from rooftops.


In the modules section of the wikipedia BootGuard(bios signing), Protected Audio Video Path, frimware TPM(fTPM) and Secureboot(os signing) are explicitly mentioned as ME modules together with AMT(remote management feature).
You seem to be right about your playready thing though.

I'm not confusing ME with the TPM. That's why I specified it served fTPM(the f stands for firmware).
I was though conflating Coreboot with Libreboot. Libreboot/Canoeboot can't run on modern devices, because it doesn't include the properietary ME code.

The problem with the hacking, is that I can flash a new os when my os is hacked, but not a new ME.

wikipedia explanation of how Intel bootguard prevents coreboot.

Intel sells the Xeon line for enterprise applications and the I line for consumer applications they can simply only include it in Xeon processors.

The lack of phoning home is indeed the best proof we have about it not being a backdoor, which to me proofs mostly that they're not listening in on the devices of the kind of people who monitor and publish their web traffic.
Intel publishing it isn't that surprising.
Several researchers pull processors apart for new undocumented features finding something new without an explanation is really suspicious, while "we're trying to compete with openssh" is a lot less suspicious.

ok, had somehow missed that boot guard was part of ME, thanks for pointing that out. Yes XEONS are for server and workstation use but 99% of office machines are not Xeons and remote management is something that large companies use to manage their large fleet of office machines. Myself I only use the server side version (so a full BMC on Xeons and Epycs) since where I work we let every one manage their own pc as they see fit, but the servers we have in a remote location and ssh is not fun when the machine is stuck in bios, powered off or kernel hang.

99% of office machines are not Xeons
: extra reason for Intel not to include enterprise specific features in them. A Xeon is an upsell(more expensive), you want those precious enterprise features, pay for them.
On the SSH point:
A. SSH is only not fun in those situations when it's not on a separate already booted controller(just like intel AMT), but that is actually quite easy to build.
Most server racks already have separate controllers.
B. Well, yes that's why they can argue it to be an attempt at competing with SSH. SSH might be free as in freedom and free beer and have more features, but it requires to set up your own separate microcontroller to manage ring 0 crashes.

Also a more generic reason I have against, "but it's for enterprise IT".
In enterprise IT the users don't own their time and/or devices any limitation of software freedoms makes sense in such a situation, because it would directly cost the one who does own these things the software freedom they get from owning these assets.
As a private buyer I do own my time/devices as such I want to control them.

Office desktops outsells consumer desktops by orders of magnitude and is where the money is for companies like Intel. Them removing ME from their consumer grade CPU:s and trying to get companies to upgrade to Xeons would only lead to one outcome: every single company would switch to AMD.


A. For at least a decennium AMD didn't have their own ME/AMT alternative(yes, it does now, but that is much later), so there would still be little reason and on the workstation devices AMD was never a real alternative anyway(, because no seller of prebuild workstation devices includes them, allegedly because intel pays them to).
B. Also Office desktops don't need the, "but I can edit the bios" feature, since there will always be someone who can follow simple instructions behind it and the os can flash the bios if you want to run an update.
For servers it's needed, because you might need to flash a new custom and unsigned bios, but for workstations you don't need that.

Edit: They included the option to turn it off for the American army, they could have simply left the option when it was discovered and used.
It required a special motherboard, so enterprise workstation devices could have avoided it easily by simply not blowing that fuse.
Residential consumers aren't an as profitable market as big enterprise contract, but they're the size of American Army contracts.

Intel added ME in 2008 and AMD added PSP in 2013 so both have had this for 11 years now, and those 5 years in between was Intel taking 100% of the company sales due to AMD not being viable here, Intel breaking that advantage by moving it to Xeons only would be an insanely stupid move.

Also this "they could not have hidden it" is kinda moot, the number of people that can scan down to nanometres AND also make some sense out of interconnections among 4.2bn transistors are easily counted and those same people would be far more capable of finding any nefarious design in the small area of the ME thanks to Intel showing exactly where on the chip it is. This whole fear mongering that it was put there due to demand from NSA was shutdown when we got the Snowden files since there isn't a trace of this there plus that it also showed that this is not how they operate, they instead perform targeted attacks where they capture hardware in transit and modify it before it reaches the customer (which is much more logical since it reduces the number of possible whistleblowers).

There are not "it can edit the bios" feature, not more than what you can do from userspace.

I can find no information on that the US army required Intel ME to be disabled. What I do know happened however is that the NSA requires that it is disabled to meet their "High Assurance Platform Mode" standard but that is not strange, that is simply them requiring all venues where code can be injected and run that is not neccessary for their operation to be disabled, in a HAP the very term remote administration is a big nono to begin with.

To date no one have found a shred of evidence that Intel ME or AMD PSP is used as a backdoor for anyone despite having existed for 16 years and it's not that people haven't tried to find any.

during that periodthey grew 6 percentand made faster chips, while when they still had market dominance, but slower chips and their competition had AMT too it cost them 10% market share..
I internally explained that with people buying faster cpus, but maybe you're right and the only feature the profitable customers care about is AMT or AMT is needed feature for faster chips.
If any of those is the case I would be quite sad, but maybe you're right.

I don't need to scan down to the silicon level to activate an option in the bios. This is a feature they disabled later when users like myself started using it.
On the ease of hiding
A. Universities have access to such ability and they publish most to all things they find.
B. Also you don't need to scan up to silicon space to find software(and you need software to keep it updateable, which they need and did for something with full control of the entire device).
C. Also it's always active, so it could've been easily detected by power draw.
Generic storage chips take quite a lot more space than a few hard wired instructions and storing it on existing chips means someone only has to scan that chip

I've personally used the permanently disable feature on my older computer where this was still an option.

There are not "it can edit the bios" feature, not more than what you can do from userspace.
Than it has no advantage to openssh in workspace machines and as such they should make it Xeon specific.

On the backdoor question:
A. Bootguard, secureboot and drm are backdoory enough for me personally(they took control of my bios/computer).
B. Distinquishing an actively exploited vulnerability from a backdoor is really hard especially when the attacker has resources on par with intel. It has at least been actively exploited by the PLATINUM group.
C. Often western government attacks are aimed at specific targets(often called "spear fishing"), so just because the kind of people who actively publish their internet traffic aren't currently under attack doesn't mean nobody is and all the other signs are there.
All you need for AMT access is a code provided by intel(I read in on the public procedure).
They put real effort in sabotaging all removing efforts.
We didn't get access to the source code(not even source available).
It has access to the entire device.
The thing was introduced 3 years in the PRISM program(changing the fabs for new chip features costs 2 years).
(Also if you want to get truly paranoid:
For as long they only had it they made the fastest chips in the world and once that stopped they didn't, it doesn't sound like a very speed inducing feature, so maybe they got heavy R&D funding or access to classified technology from the government for introducing it.
I don't think it's the case, but it's an argument someone might use.)

The thing you have missed with PRISM is that it was leaked (on several occasions), now show me the Intel ME / AMD PSP leaks. And please show me a single university with this capability.
Holy quote tree!

Yeah It's my shame.
I can't resist it.
What I should have done was let them have the last word, but I didn't, because I can't resist flexing my web search skills and am quite addicted to the smug feeling I get from being convinced that I'm right.
Also they're the first actual AMT user I've encountered in my life, so their perspective is actually quite refreshing.


Edit:
I retract all my shame look what I found. It seems to be a description about how to get full read/write access to most of intel ME and at least the advanced method works for us too. The official Intel method(pinmod) works too.


Last edited by LoudTechie on 23 October 2024 at 7:39 am UTC
F.Ultra Oct 23
View PC info
  • Supporter
So the companies that screw me over with Intel ME and AMD PSP are joining forces ? Consider me wanting to get off X86 to RiscV or Power9 even more than before.

yes it is popular to scare people that have no clue on how things work that these are somehow secret spy things when they in reality are nothing but managing devices for enterprise IT departments (just like how we in the server space have full on BMC cards instead).

ME is also what powers fTPM, bios signing and PlayReady drm.
These are all used to restrict your freedom to use your device how you like right now.
ME has been used by Israelian hackers to hack devices.
The procedure for using it requires you to receive an identification key from Intel based on information Intel generated, there is no indication that you can lock Intel out.
Maybe the American government isn't using it as a back door right here, right now, but the only reason we have to believe that is Intels' word.
ME is the reason modern devices can't install coreboot.

Also if it was just for remote management they would've put not such ridiculous amount of effort to counter all the efforts that have been done to remove it, because this is how it went: first you could simply remove the hardware, than they patched that and you could only remove the software, than they patched that and you couldn't, but someone found the secret government switch to turn it off and than they patched that and now the we have clean room reverse engineer it to turn it off without bricking our devices.

Also I'm not an It department and Intel knows that, because they sell a different bussiness and consumer line.
This is a feature they know I will never need, but they added it anyway.

The PlayReady drm does not use Intel ME, it uses SGX which is a completely different thing. fTPM exists only on AMD so again not Intel ME. Nor does it do bios signing.

Various hackers around the world have used every single piece of hw and sw to hack devices so not sure why Intel ME should be singled out for that reason. And for that matter I cannot find any information at all about anyone having hacked Intel ME, Israeli or otherwise, is this you confusing this with something else again or do you have any links?

You also seem a bit confused about coreboot, there are no Intel ME mechanism to prevent the installation of coreboot. The only connection between Intel ME and coreboot is that since Intel ME have it's firmware stored in the BIOS, Intel ME is disabled by coreboot since coreboot does not contain the necessary firmware.

Intel ME have never been a separate piece of hw, it have always been builtin to the cpu and it really have to be in order for it to function the way it's supposed to work.

I think that you are confusing Intel ME with TPM here since TPM started out as a separate chip and was then moved into the CPU after it was discovered that the connection between the TPM and the CPU could be eavesdropped and manipulated in a way that rendered TPM useless.

Intel ME is builtin to every single cpu since #1 Intel does not know which specific cpu a business tends to purchase for their office machines that their IT department wants to perform remote administration on and #2 it would be extremely expensive to have two separate chip fabs for non-ME and have-ME line of CPU:s of the same core design.

I would hope that people would understand that IF intel decided to put some hidden backdoor into their processors that they would have done that _hidden_ and not in a piece of hw that they openly advertise (and with complete guides on how to use like this one: Getting Started with Intel® Active Management Technology. Also to date not a single person have been able to see any Intel ME trying to communicate with the outside world (aka phone home), had this ever occurred you would not have missed it since it would have been screamed from rooftops.


In the modules section of the wikipedia BootGuard(bios signing), Protected Audio Video Path, frimware TPM(fTPM) and Secureboot(os signing) are explicitly mentioned as ME modules together with AMT(remote management feature).
You seem to be right about your playready thing though.

I'm not confusing ME with the TPM. That's why I specified it served fTPM(the f stands for firmware).
I was though conflating Coreboot with Libreboot. Libreboot/Canoeboot can't run on modern devices, because it doesn't include the properietary ME code.

The problem with the hacking, is that I can flash a new os when my os is hacked, but not a new ME.

wikipedia explanation of how Intel bootguard prevents coreboot.

Intel sells the Xeon line for enterprise applications and the I line for consumer applications they can simply only include it in Xeon processors.

The lack of phoning home is indeed the best proof we have about it not being a backdoor, which to me proofs mostly that they're not listening in on the devices of the kind of people who monitor and publish their web traffic.
Intel publishing it isn't that surprising.
Several researchers pull processors apart for new undocumented features finding something new without an explanation is really suspicious, while "we're trying to compete with openssh" is a lot less suspicious.

ok, had somehow missed that boot guard was part of ME, thanks for pointing that out. Yes XEONS are for server and workstation use but 99% of office machines are not Xeons and remote management is something that large companies use to manage their large fleet of office machines. Myself I only use the server side version (so a full BMC on Xeons and Epycs) since where I work we let every one manage their own pc as they see fit, but the servers we have in a remote location and ssh is not fun when the machine is stuck in bios, powered off or kernel hang.

99% of office machines are not Xeons
: extra reason for Intel not to include enterprise specific features in them. A Xeon is an upsell(more expensive), you want those precious enterprise features, pay for them.
On the SSH point:
A. SSH is only not fun in those situations when it's not on a separate already booted controller(just like intel AMT), but that is actually quite easy to build.
Most server racks already have separate controllers.
B. Well, yes that's why they can argue it to be an attempt at competing with SSH. SSH might be free as in freedom and free beer and have more features, but it requires to set up your own separate microcontroller to manage ring 0 crashes.

Also a more generic reason I have against, "but it's for enterprise IT".
In enterprise IT the users don't own their time and/or devices any limitation of software freedoms makes sense in such a situation, because it would directly cost the one who does own these things the software freedom they get from owning these assets.
As a private buyer I do own my time/devices as such I want to control them.

Office desktops outsells consumer desktops by orders of magnitude and is where the money is for companies like Intel. Them removing ME from their consumer grade CPU:s and trying to get companies to upgrade to Xeons would only lead to one outcome: every single company would switch to AMD.


A. For at least a decennium AMD didn't have their own ME/AMT alternative(yes, it does now, but that is much later), so there would still be little reason and on the workstation devices AMD was never a real alternative anyway(, because no seller of prebuild workstation devices includes them, allegedly because intel pays them to).
B. Also Office desktops don't need the, "but I can edit the bios" feature, since there will always be someone who can follow simple instructions behind it and the os can flash the bios if you want to run an update.
For servers it's needed, because you might need to flash a new custom and unsigned bios, but for workstations you don't need that.

Edit: They included the option to turn it off for the American army, they could have simply left the option when it was discovered and used.
It required a special motherboard, so enterprise workstation devices could have avoided it easily by simply not blowing that fuse.
Residential consumers aren't an as profitable market as big enterprise contract, but they're the size of American Army contracts.

Intel added ME in 2008 and AMD added PSP in 2013 so both have had this for 11 years now, and those 5 years in between was Intel taking 100% of the company sales due to AMD not being viable here, Intel breaking that advantage by moving it to Xeons only would be an insanely stupid move.

Also this "they could not have hidden it" is kinda moot, the number of people that can scan down to nanometres AND also make some sense out of interconnections among 4.2bn transistors are easily counted and those same people would be far more capable of finding any nefarious design in the small area of the ME thanks to Intel showing exactly where on the chip it is. This whole fear mongering that it was put there due to demand from NSA was shutdown when we got the Snowden files since there isn't a trace of this there plus that it also showed that this is not how they operate, they instead perform targeted attacks where they capture hardware in transit and modify it before it reaches the customer (which is much more logical since it reduces the number of possible whistleblowers).

There are not "it can edit the bios" feature, not more than what you can do from userspace.

I can find no information on that the US army required Intel ME to be disabled. What I do know happened however is that the NSA requires that it is disabled to meet their "High Assurance Platform Mode" standard but that is not strange, that is simply them requiring all venues where code can be injected and run that is not neccessary for their operation to be disabled, in a HAP the very term remote administration is a big nono to begin with.

To date no one have found a shred of evidence that Intel ME or AMD PSP is used as a backdoor for anyone despite having existed for 16 years and it's not that people haven't tried to find any.

during that periodthey grew 6 percentand made faster chips, while when they still had market dominance, but slower chips and their competition had AMT too it cost them 10% market share..
I internally explained that with people buying faster cpus, but maybe you're right and the only feature the profitable customers care about is AMT or AMT is needed feature for faster chips.
If any of those is the case I would be quite sad, but maybe you're right.

I don't need to scan down to the silicon level to activate an option in the bios. This is a feature they disabled later when users like myself started using it.
On the ease of hiding
A. Universities have access to such ability and they publish most to all things they find.
B. Also you don't need to scan up to silicon space to find software(and you need software to keep it updateable, which they need and did for something with full control of the entire device).
C. Also it's always active, so it could've been easily detected by power draw.
Generic storage chips take quite a lot more space than a few hard wired instructions and storing it on existing chips means someone only has to scan that chip

I've personally used the permanently disable feature on my older computer where this was still an option.

There are not "it can edit the bios" feature, not more than what you can do from userspace.
Than it has no advantage to openssh in workspace machines and as such they should make it Xeon specific.

On the backdoor question:
A. Bootguard, secureboot and drm are backdoory enough for me personally(they took control of my bios/computer).
B. Distinquishing an actively exploited vulnerability from a backdoor is really hard especially when the attacker has resources on par with intel. It has at least been actively exploited by the PLATINUM group.
C. Often western government attacks are aimed at specific targets(often called "spear fishing"), so just because the kind of people who actively publish their internet traffic aren't currently under attack doesn't mean nobody is and all the other signs are there.
All you need for AMT access is a code provided by intel(I read in on the public procedure).
They put real effort in sabotaging all removing efforts.
We didn't get access to the source code(not even source available).
It has access to the entire device.
The thing was introduced 3 years in the PRISM program(changing the fabs for new chip features costs 2 years).
(Also if you want to get truly paranoid:
For as long they only had it they made the fastest chips in the world and once that stopped they didn't, it doesn't sound like a very speed inducing feature, so maybe they got heavy R&D funding or access to classified technology from the government for introducing it.
I don't think it's the case, but it's an argument someone might use.)

The thing you have missed with PRISM is that it was leaked (on several occasions), now show me the Intel ME / AMD PSP leaks. And please show me a single university with this capability.
Holy quote tree!

Yeah It's my shame.
I can't resist it.
What I should have done was let them have the last word, but I didn't, because I can't resist flexing my web search skills and am quite addicted to the smug feeling I get from being convinced that I'm right.
Also they're the first actual AMT user I've encountered in my life, so their perspective is actually quite refreshing.


Edit:
I retract all my shame look what I found. It seems to be a description about how to get full read/write access to most of intel ME and at least the advanced method works for us too. The official Intel method(pinmod) works too.

I am not an Intel AMT user, not even sure where you got that from. And these new links doesn't prove your case either.
F.Ultra Oct 23
View PC info
  • Supporter
harvard can do it, without destroying the chip.
No they can't, look at the paper you linked, they talk about reverse engineering simple single layer chips at the micrometer scale while we are talking about multilayered chips at the nanoscale.

This is a paper by an academic who introduces extra methods to reverse engineer chips(which is what this is.
No this is not at all what this paper describes, this paper describes a case where a chip foundry can inject malicious code into an existing design by using the design schematics (aka netlists) given to them by the customer, aka say Apple outsourcing the foundry to China and China using this to inject malware into Apple chips.

These academics innovated in the space
This is a variant of the previous attack vector, aka injecting malware at the foundry using customers schematics.

These guys innovated a way without fancy equipment for always on hardware trojans(the only possible difference between IntelME and a hardware Trojan anybody has been able to present to me is intent, which isn't a property this method exploits, so it could also be used to detect IntelME)
This paper is about how to detect if a malicious foundry have injected malware into your design by using timers to detect if the chip have been altered to contain extra data paths (since that would insert latency). So this is about detection and detection for something that again is not the context of what we are discussing. Seriously at this time I'm getting anxious if you are even understanding what we are talking about or if you are trying to troll me with links.

The university of Wyonming can do it at least destructive.
By the numbers presented in the page you linked they cannot even see down to the scale of what we are talking about.

A moment capture of the state of technology on this question.
And now we are back again with papers about malicious foundries injecting malware into customers designs based on the customers schematics.

These academics actually went looking for hardware trojans.
This is a paper where they had one team injecting malware into a design and then having another team trying to detect it, again not at all what we are talking about. In fact so far every paper have been not apples to oranges but apple pies to rockets.

This academic published an AI model for it(you know how much data is needed for AI).
The same thing again but this time using machine learning to try and detect these injections instead of having to to perform the timing detections manually.

Ok I think I now understand what is going on here. You have read bits and pieces about injected trojans into IC:s (which is what you have linked papers on) and somehow believed that this is equal to if Intel had hidden a backdoor into their CPU:s.

But this is not equal at all, all these malware IC:s are taking real IC:s and then inserting malware into them giving the researches access to both the original and the tampered with version to compare signals, and some of your papers are talking about comparing e.g timing differences in the signals between the two to determine if there have been something injected into the second IC. But this is not how it would be if Intel had implemented a secret backdoor in their CPU:s, for one there would have been no "unmodified" version to compare with and secondly there would be no difference in signal timing. Aka all of these methods are for simple IC:s and for where we have access to the original design.

Also if you think about this for a second you would realize the folly in believing that universities all around the world would be perfectly capable of fully reverse engineering the CPU:s but then be completely stumped by a few MiB of closed firmware. The problem space is quite reversed in that logic, and not by orders of magnitude but by thousands orders of magnitude (and before you complain that the firmware is encrypted contemplate that the encryption algorithm AND key have to be in that design you claim they can so easily reverse engineer).

On the part where you demand proof for the obviously classified information: "does Intel spy for a government?"
The person in charge of PRISM met with the leaked companies and you guessed it Intel.
Although this could only have been a government contract negotiation, you've to remember that seem to be the places where the government demands backdoors.

On the, "but it would have leaked" part.
So, because Intel and AMD can look after their own intel they're not spies.
Not at all, there are mathematical designs on how long a conspiracy can be maintained based on the number of people involved. When it comes to the NSA itself this doesn't normally apply due to #1 the people working there believe in what they do (aka they are true believes) and #2 they are put under heavy penalties if they ever leak. And still we have leaks from the NSA. So the idea here that Intel and AMD with thousands of people involved should be able to keep every single person from speaking about it is actually a bit naive. The fact is that most that would have to insert such a backdoor would be forced to do it against their own personal belief (since they are not the true believers that the NSA are) which would further increase the risk of leaks.

PRISM would've still existed had it not leaked and the only thing that was leaked was a bunch of (quite damning)executive summary slides.
The laws needed for it apply to Intel and AMD too(those one sided codes can be demanded under the FISA).
They already introduced a feature to keep us locked to Windows and Microsoft was mentioned in the PRISM leak and windows spies on its users.
Apple, Microsoft and Meta never leaked about their government spying either, the government did, if those companies did it before the government they would be in violation of the FISA.
Microsoft is one of the few to admit sharing data with the government after the leak, dropbox denies it to this day, while they were explicitly mentioned.
PRISM is competely different, for one it was full known at the time the program was created that the NSA and the FBI could request data by handing over a national security letter (this was all public when it was created in the patriot act). What the leak of PRISM showed and that was unknown before was the extent to which the NSA and the FBI used these letters.

The dumb program of the CIA that assumed that LSD was the key to mind control(It's not) was never leaked, just declassified and took a lot more decades than PRISM and it directly endangered interfered with the life of those keeping it a secret contrary to PRISM.
MKultra was disclosed by the New York Times having done extensive research after having received leaks from inside the CIA, it was not "just declassified".

I do have criticism on the demand for airtight proof for "Intel spies for the government":
Intel and the secret service are very secretive and I've already shown they're contractually(American army turn off switch for Intel ME) close related to Intel ME.
No one is demanding that, the demand is any evidence at all that Intel ME was put into their cpu:s as part of a mass surveillance conspiracy, something that so far no one have ever been able to do. And your point about the US army I already debunked, they never demanded this at all and instead you confused this with the requirements to meet a specific NSA designation that requires all remote access and networking to be disabled (aka Intel ME is not singled out, it is disabled as part of disabling any remote access).

Another way Intel could've easily avoided having to include the ME everywhere:
is one of the ways they limit who can use it right now. If you want to be the one activating an AMT connection you need a vpro device. Intel could have used the same tech to lock the entire feature to the vpro line.(you've to buy vpro computers anyway if you want to use it, they could even have introduced a premium and non-premium version of vpro through binning.)
[They served it to only servers before with IPMI.](file:///tmp/mozilla_martin0/lacon12_intel_amt.pdf)
That you don't understand how economies of scale works is not the fault of Intel.

Other fun timing coincidence I just realised: AMD released psp in the same year as the Snowden Leaks came out 2013.
I don't think this is because of the Snowden leaks(they would've had to have it ready for years if that's how they played it).
Thinking that timing like this is relevant is the basis on many conspiracy theories and I'm glad for you that you did realize that it took AMD more than a few months to develop that technology. For example the recently released Zen5 architecture was something that they started development back in 2019, these things take a very long time from idea to finished product.


Other backdoory behavrior I've found:
Personally I've observed from two x86 computers in my room that if I turned the os off and left Ethernet connected around 20seconds later it would start flashing as if was exchanging.
Intel anti-theft allows someone with access to intel data to remotely brick your pc.

Disable WakeOnLAN in your BIOS (not all NIC:s allow this to be disable though so beware) to see that card go completely dark when your computer is turned off. And even with that off some NIC:s still flash, what is happening there is that the PSU is still powering the NIC (for the WOL feature) and the flashes are when the router you are connected to sees broadcast data (so it sends it your way) and the led of the NIC is simply hardwared to blink when that happens even if it doesn't process the data that it sees, aka the led is connected to the presence of data in the hw, not to the processing of data in the sw.

Intel Anti-Theft cannot be used to brick your pc unless you have enabled to do so in the first place, it is not running on your system.


Last edited by F.Ultra on 23 October 2024 at 8:24 pm UTC
LoudTechie Oct 24
So the companies that screw me over with Intel ME and AMD PSP are joining forces ? Consider me wanting to get off X86 to RiscV or Power9 even more than before.

yes it is popular to scare people that have no clue on how things work that these are somehow secret spy things when they in reality are nothing but managing devices for enterprise IT departments (just like how we in the server space have full on BMC cards instead).

ME is also what powers fTPM, bios signing and PlayReady drm.
These are all used to restrict your freedom to use your device how you like right now.
ME has been used by Israelian hackers to hack devices.
The procedure for using it requires you to receive an identification key from Intel based on information Intel generated, there is no indication that you can lock Intel out.
Maybe the American government isn't using it as a back door right here, right now, but the only reason we have to believe that is Intels' word.
ME is the reason modern devices can't install coreboot.

Also if it was just for remote management they would've put not such ridiculous amount of effort to counter all the efforts that have been done to remove it, because this is how it went: first you could simply remove the hardware, than they patched that and you could only remove the software, than they patched that and you couldn't, but someone found the secret government switch to turn it off and than they patched that and now the we have clean room reverse engineer it to turn it off without bricking our devices.

Also I'm not an It department and Intel knows that, because they sell a different bussiness and consumer line.
This is a feature they know I will never need, but they added it anyway.

The PlayReady drm does not use Intel ME, it uses SGX which is a completely different thing. fTPM exists only on AMD so again not Intel ME. Nor does it do bios signing.

Various hackers around the world have used every single piece of hw and sw to hack devices so not sure why Intel ME should be singled out for that reason. And for that matter I cannot find any information at all about anyone having hacked Intel ME, Israeli or otherwise, is this you confusing this with something else again or do you have any links?

You also seem a bit confused about coreboot, there are no Intel ME mechanism to prevent the installation of coreboot. The only connection between Intel ME and coreboot is that since Intel ME have it's firmware stored in the BIOS, Intel ME is disabled by coreboot since coreboot does not contain the necessary firmware.

Intel ME have never been a separate piece of hw, it have always been builtin to the cpu and it really have to be in order for it to function the way it's supposed to work.

I think that you are confusing Intel ME with TPM here since TPM started out as a separate chip and was then moved into the CPU after it was discovered that the connection between the TPM and the CPU could be eavesdropped and manipulated in a way that rendered TPM useless.

Intel ME is builtin to every single cpu since #1 Intel does not know which specific cpu a business tends to purchase for their office machines that their IT department wants to perform remote administration on and #2 it would be extremely expensive to have two separate chip fabs for non-ME and have-ME line of CPU:s of the same core design.

I would hope that people would understand that IF intel decided to put some hidden backdoor into their processors that they would have done that _hidden_ and not in a piece of hw that they openly advertise (and with complete guides on how to use like this one: Getting Started with Intel® Active Management Technology. Also to date not a single person have been able to see any Intel ME trying to communicate with the outside world (aka phone home), had this ever occurred you would not have missed it since it would have been screamed from rooftops.


In the modules section of the wikipedia BootGuard(bios signing), Protected Audio Video Path, frimware TPM(fTPM) and Secureboot(os signing) are explicitly mentioned as ME modules together with AMT(remote management feature).
You seem to be right about your playready thing though.

I'm not confusing ME with the TPM. That's why I specified it served fTPM(the f stands for firmware).
I was though conflating Coreboot with Libreboot. Libreboot/Canoeboot can't run on modern devices, because it doesn't include the properietary ME code.

The problem with the hacking, is that I can flash a new os when my os is hacked, but not a new ME.

wikipedia explanation of how Intel bootguard prevents coreboot.

Intel sells the Xeon line for enterprise applications and the I line for consumer applications they can simply only include it in Xeon processors.

The lack of phoning home is indeed the best proof we have about it not being a backdoor, which to me proofs mostly that they're not listening in on the devices of the kind of people who monitor and publish their web traffic.
Intel publishing it isn't that surprising.
Several researchers pull processors apart for new undocumented features finding something new without an explanation is really suspicious, while "we're trying to compete with openssh" is a lot less suspicious.

ok, had somehow missed that boot guard was part of ME, thanks for pointing that out. Yes XEONS are for server and workstation use but 99% of office machines are not Xeons and remote management is something that large companies use to manage their large fleet of office machines. Myself I only use the server side version (so a full BMC on Xeons and Epycs) since where I work we let every one manage their own pc as they see fit, but the servers we have in a remote location and ssh is not fun when the machine is stuck in bios, powered off or kernel hang.

99% of office machines are not Xeons
: extra reason for Intel not to include enterprise specific features in them. A Xeon is an upsell(more expensive), you want those precious enterprise features, pay for them.
On the SSH point:
A. SSH is only not fun in those situations when it's not on a separate already booted controller(just like intel AMT), but that is actually quite easy to build.
Most server racks already have separate controllers.
B. Well, yes that's why they can argue it to be an attempt at competing with SSH. SSH might be free as in freedom and free beer and have more features, but it requires to set up your own separate microcontroller to manage ring 0 crashes.

Also a more generic reason I have against, "but it's for enterprise IT".
In enterprise IT the users don't own their time and/or devices any limitation of software freedoms makes sense in such a situation, because it would directly cost the one who does own these things the software freedom they get from owning these assets.
As a private buyer I do own my time/devices as such I want to control them.

Office desktops outsells consumer desktops by orders of magnitude and is where the money is for companies like Intel. Them removing ME from their consumer grade CPU:s and trying to get companies to upgrade to Xeons would only lead to one outcome: every single company would switch to AMD.


A. For at least a decennium AMD didn't have their own ME/AMT alternative(yes, it does now, but that is much later), so there would still be little reason and on the workstation devices AMD was never a real alternative anyway(, because no seller of prebuild workstation devices includes them, allegedly because intel pays them to).
B. Also Office desktops don't need the, "but I can edit the bios" feature, since there will always be someone who can follow simple instructions behind it and the os can flash the bios if you want to run an update.
For servers it's needed, because you might need to flash a new custom and unsigned bios, but for workstations you don't need that.

Edit: They included the option to turn it off for the American army, they could have simply left the option when it was discovered and used.
It required a special motherboard, so enterprise workstation devices could have avoided it easily by simply not blowing that fuse.
Residential consumers aren't an as profitable market as big enterprise contract, but they're the size of American Army contracts.

Intel added ME in 2008 and AMD added PSP in 2013 so both have had this for 11 years now, and those 5 years in between was Intel taking 100% of the company sales due to AMD not being viable here, Intel breaking that advantage by moving it to Xeons only would be an insanely stupid move.

Also this "they could not have hidden it" is kinda moot, the number of people that can scan down to nanometres AND also make some sense out of interconnections among 4.2bn transistors are easily counted and those same people would be far more capable of finding any nefarious design in the small area of the ME thanks to Intel showing exactly where on the chip it is. This whole fear mongering that it was put there due to demand from NSA was shutdown when we got the Snowden files since there isn't a trace of this there plus that it also showed that this is not how they operate, they instead perform targeted attacks where they capture hardware in transit and modify it before it reaches the customer (which is much more logical since it reduces the number of possible whistleblowers).

There are not "it can edit the bios" feature, not more than what you can do from userspace.

I can find no information on that the US army required Intel ME to be disabled. What I do know happened however is that the NSA requires that it is disabled to meet their "High Assurance Platform Mode" standard but that is not strange, that is simply them requiring all venues where code can be injected and run that is not neccessary for their operation to be disabled, in a HAP the very term remote administration is a big nono to begin with.

To date no one have found a shred of evidence that Intel ME or AMD PSP is used as a backdoor for anyone despite having existed for 16 years and it's not that people haven't tried to find any.

during that periodthey grew 6 percentand made faster chips, while when they still had market dominance, but slower chips and their competition had AMT too it cost them 10% market share..
I internally explained that with people buying faster cpus, but maybe you're right and the only feature the profitable customers care about is AMT or AMT is needed feature for faster chips.
If any of those is the case I would be quite sad, but maybe you're right.

I don't need to scan down to the silicon level to activate an option in the bios. This is a feature they disabled later when users like myself started using it.
On the ease of hiding
A. Universities have access to such ability and they publish most to all things they find.
B. Also you don't need to scan up to silicon space to find software(and you need software to keep it updateable, which they need and did for something with full control of the entire device).
C. Also it's always active, so it could've been easily detected by power draw.
Generic storage chips take quite a lot more space than a few hard wired instructions and storing it on existing chips means someone only has to scan that chip

I've personally used the permanently disable feature on my older computer where this was still an option.

There are not "it can edit the bios" feature, not more than what you can do from userspace.
Than it has no advantage to openssh in workspace machines and as such they should make it Xeon specific.

On the backdoor question:
A. Bootguard, secureboot and drm are backdoory enough for me personally(they took control of my bios/computer).
B. Distinquishing an actively exploited vulnerability from a backdoor is really hard especially when the attacker has resources on par with intel. It has at least been actively exploited by the PLATINUM group.
C. Often western government attacks are aimed at specific targets(often called "spear fishing"), so just because the kind of people who actively publish their internet traffic aren't currently under attack doesn't mean nobody is and all the other signs are there.
All you need for AMT access is a code provided by intel(I read in on the public procedure).
They put real effort in sabotaging all removing efforts.
We didn't get access to the source code(not even source available).
It has access to the entire device.
The thing was introduced 3 years in the PRISM program(changing the fabs for new chip features costs 2 years).
(Also if you want to get truly paranoid:
For as long they only had it they made the fastest chips in the world and once that stopped they didn't, it doesn't sound like a very speed inducing feature, so maybe they got heavy R&D funding or access to classified technology from the government for introducing it.
I don't think it's the case, but it's an argument someone might use.)

The thing you have missed with PRISM is that it was leaked (on several occasions), now show me the Intel ME / AMD PSP leaks. And please show me a single university with this capability.
Holy quote tree!

Yeah It's my shame.
I can't resist it.
What I should have done was let them have the last word, but I didn't, because I can't resist flexing my web search skills and am quite addicted to the smug feeling I get from being convinced that I'm right.
Also they're the first actual AMT user I've encountered in my life, so their perspective is actually quite refreshing.


Edit:
I retract all my shame look what I found. It seems to be a description about how to get full read/write access to most of intel ME and at least the advanced method works for us too. The official Intel method(pinmod) works too.

I am not an Intel AMT user, not even sure where you got that from. And these new links doesn't prove your case either.


I wasn't trying to proof my case to him and yes this proofs zilch.
On where I got it from
Myself I only use the server side version
LoudTechie Oct 24
So the companies that screw me over with Intel ME and AMD PSP are joining forces ? Consider me wanting to get off X86 to RiscV or Power9 even more than before.

yes it is popular to scare people that have no clue on how things work that these are somehow secret spy things when they in reality are nothing but managing devices for enterprise IT departments (just like how we in the server space have full on BMC cards instead).

ME is also what powers fTPM, bios signing and PlayReady drm.
These are all used to restrict your freedom to use your device how you like right now.
ME has been used by Israelian hackers to hack devices.
The procedure for using it requires you to receive an identification key from Intel based on information Intel generated, there is no indication that you can lock Intel out.
Maybe the American government isn't using it as a back door right here, right now, but the only reason we have to believe that is Intels' word.
ME is the reason modern devices can't install coreboot.

Also if it was just for remote management they would've put not such ridiculous amount of effort to counter all the efforts that have been done to remove it, because this is how it went: first you could simply remove the hardware, than they patched that and you could only remove the software, than they patched that and you couldn't, but someone found the secret government switch to turn it off and than they patched that and now the we have clean room reverse engineer it to turn it off without bricking our devices.

Also I'm not an It department and Intel knows that, because they sell a different bussiness and consumer line.
This is a feature they know I will never need, but they added it anyway.

The PlayReady drm does not use Intel ME, it uses SGX which is a completely different thing. fTPM exists only on AMD so again not Intel ME. Nor does it do bios signing.

Various hackers around the world have used every single piece of hw and sw to hack devices so not sure why Intel ME should be singled out for that reason. And for that matter I cannot find any information at all about anyone having hacked Intel ME, Israeli or otherwise, is this you confusing this with something else again or do you have any links?

You also seem a bit confused about coreboot, there are no Intel ME mechanism to prevent the installation of coreboot. The only connection between Intel ME and coreboot is that since Intel ME have it's firmware stored in the BIOS, Intel ME is disabled by coreboot since coreboot does not contain the necessary firmware.

Intel ME have never been a separate piece of hw, it have always been builtin to the cpu and it really have to be in order for it to function the way it's supposed to work.

I think that you are confusing Intel ME with TPM here since TPM started out as a separate chip and was then moved into the CPU after it was discovered that the connection between the TPM and the CPU could be eavesdropped and manipulated in a way that rendered TPM useless.

Intel ME is builtin to every single cpu since #1 Intel does not know which specific cpu a business tends to purchase for their office machines that their IT department wants to perform remote administration on and #2 it would be extremely expensive to have two separate chip fabs for non-ME and have-ME line of CPU:s of the same core design.

I would hope that people would understand that IF intel decided to put some hidden backdoor into their processors that they would have done that _hidden_ and not in a piece of hw that they openly advertise (and with complete guides on how to use like this one: Getting Started with Intel® Active Management Technology. Also to date not a single person have been able to see any Intel ME trying to communicate with the outside world (aka phone home), had this ever occurred you would not have missed it since it would have been screamed from rooftops.


In the modules section of the wikipedia BootGuard(bios signing), Protected Audio Video Path, frimware TPM(fTPM) and Secureboot(os signing) are explicitly mentioned as ME modules together with AMT(remote management feature).
You seem to be right about your playready thing though.

I'm not confusing ME with the TPM. That's why I specified it served fTPM(the f stands for firmware).
I was though conflating Coreboot with Libreboot. Libreboot/Canoeboot can't run on modern devices, because it doesn't include the properietary ME code.

The problem with the hacking, is that I can flash a new os when my os is hacked, but not a new ME.

wikipedia explanation of how Intel bootguard prevents coreboot.

Intel sells the Xeon line for enterprise applications and the I line for consumer applications they can simply only include it in Xeon processors.

The lack of phoning home is indeed the best proof we have about it not being a backdoor, which to me proofs mostly that they're not listening in on the devices of the kind of people who monitor and publish their web traffic.
Intel publishing it isn't that surprising.
Several researchers pull processors apart for new undocumented features finding something new without an explanation is really suspicious, while "we're trying to compete with openssh" is a lot less suspicious.

ok, had somehow missed that boot guard was part of ME, thanks for pointing that out. Yes XEONS are for server and workstation use but 99% of office machines are not Xeons and remote management is something that large companies use to manage their large fleet of office machines. Myself I only use the server side version (so a full BMC on Xeons and Epycs) since where I work we let every one manage their own pc as they see fit, but the servers we have in a remote location and ssh is not fun when the machine is stuck in bios, powered off or kernel hang.

99% of office machines are not Xeons
: extra reason for Intel not to include enterprise specific features in them. A Xeon is an upsell(more expensive), you want those precious enterprise features, pay for them.
On the SSH point:
A. SSH is only not fun in those situations when it's not on a separate already booted controller(just like intel AMT), but that is actually quite easy to build.
Most server racks already have separate controllers.
B. Well, yes that's why they can argue it to be an attempt at competing with SSH. SSH might be free as in freedom and free beer and have more features, but it requires to set up your own separate microcontroller to manage ring 0 crashes.

Also a more generic reason I have against, "but it's for enterprise IT".
In enterprise IT the users don't own their time and/or devices any limitation of software freedoms makes sense in such a situation, because it would directly cost the one who does own these things the software freedom they get from owning these assets.
As a private buyer I do own my time/devices as such I want to control them.

Office desktops outsells consumer desktops by orders of magnitude and is where the money is for companies like Intel. Them removing ME from their consumer grade CPU:s and trying to get companies to upgrade to Xeons would only lead to one outcome: every single company would switch to AMD.


A. For at least a decennium AMD didn't have their own ME/AMT alternative(yes, it does now, but that is much later), so there would still be little reason and on the workstation devices AMD was never a real alternative anyway(, because no seller of prebuild workstation devices includes them, allegedly because intel pays them to).
B. Also Office desktops don't need the, "but I can edit the bios" feature, since there will always be someone who can follow simple instructions behind it and the os can flash the bios if you want to run an update.
For servers it's needed, because you might need to flash a new custom and unsigned bios, but for workstations you don't need that.

Edit: They included the option to turn it off for the American army, they could have simply left the option when it was discovered and used.
It required a special motherboard, so enterprise workstation devices could have avoided it easily by simply not blowing that fuse.
Residential consumers aren't an as profitable market as big enterprise contract, but they're the size of American Army contracts.

Intel added ME in 2008 and AMD added PSP in 2013 so both have had this for 11 years now, and those 5 years in between was Intel taking 100% of the company sales due to AMD not being viable here, Intel breaking that advantage by moving it to Xeons only would be an insanely stupid move.

Also this "they could not have hidden it" is kinda moot, the number of people that can scan down to nanometres AND also make some sense out of interconnections among 4.2bn transistors are easily counted and those same people would be far more capable of finding any nefarious design in the small area of the ME thanks to Intel showing exactly where on the chip it is. This whole fear mongering that it was put there due to demand from NSA was shutdown when we got the Snowden files since there isn't a trace of this there plus that it also showed that this is not how they operate, they instead perform targeted attacks where they capture hardware in transit and modify it before it reaches the customer (which is much more logical since it reduces the number of possible whistleblowers).

There are not "it can edit the bios" feature, not more than what you can do from userspace.

I can find no information on that the US army required Intel ME to be disabled. What I do know happened however is that the NSA requires that it is disabled to meet their "High Assurance Platform Mode" standard but that is not strange, that is simply them requiring all venues where code can be injected and run that is not neccessary for their operation to be disabled, in a HAP the very term remote administration is a big nono to begin with.

To date no one have found a shred of evidence that Intel ME or AMD PSP is used as a backdoor for anyone despite having existed for 16 years and it's not that people haven't tried to find any.

during that periodthey grew 6 percentand made faster chips, while when they still had market dominance, but slower chips and their competition had AMT too it cost them 10% market share..
I internally explained that with people buying faster cpus, but maybe you're right and the only feature the profitable customers care about is AMT or AMT is needed feature for faster chips.
If any of those is the case I would be quite sad, but maybe you're right.

I don't need to scan down to the silicon level to activate an option in the bios. This is a feature they disabled later when users like myself started using it.
On the ease of hiding
A. Universities have access to such ability and they publish most to all things they find.
B. Also you don't need to scan up to silicon space to find software(and you need software to keep it updateable, which they need and did for something with full control of the entire device).
C. Also it's always active, so it could've been easily detected by power draw.
Generic storage chips take quite a lot more space than a few hard wired instructions and storing it on existing chips means someone only has to scan that chip

I've personally used the permanently disable feature on my older computer where this was still an option.

There are not "it can edit the bios" feature, not more than what you can do from userspace.
Than it has no advantage to openssh in workspace machines and as such they should make it Xeon specific.

On the backdoor question:
A. Bootguard, secureboot and drm are backdoory enough for me personally(they took control of my bios/computer).
B. Distinquishing an actively exploited vulnerability from a backdoor is really hard especially when the attacker has resources on par with intel. It has at least been actively exploited by the PLATINUM group.
C. Often western government attacks are aimed at specific targets(often called "spear fishing"), so just because the kind of people who actively publish their internet traffic aren't currently under attack doesn't mean nobody is and all the other signs are there.
All you need for AMT access is a code provided by intel(I read in on the public procedure).
They put real effort in sabotaging all removing efforts.
We didn't get access to the source code(not even source available).
It has access to the entire device.
The thing was introduced 3 years in the PRISM program(changing the fabs for new chip features costs 2 years).
(Also if you want to get truly paranoid:
For as long they only had it they made the fastest chips in the world and once that stopped they didn't, it doesn't sound like a very speed inducing feature, so maybe they got heavy R&D funding or access to classified technology from the government for introducing it.
I don't think it's the case, but it's an argument someone might use.)

The thing you have missed with PRISM is that it was leaked (on several occasions), now show me the Intel ME / AMD PSP leaks. And please show me a single university with this capability.
Holy quote tree!

Yeah It's my shame.
I can't resist it.
What I should have done was let them have the last word, but I didn't, because I can't resist flexing my web search skills and am quite addicted to the smug feeling I get from being convinced that I'm right.
Also they're the first actual AMT user I've encountered in my life, so their perspective is actually quite refreshing.


Edit:
I retract all my shame look what I found. It seems to be a description about how to get full read/write access to most of intel ME and at least the advanced method works for us too. The official Intel method(pinmod) works too.

I am not an Intel AMT user, not even sure where you got that from. And these new links doesn't prove your case either.


I wasn't trying to proof my case to him and yes this proofs zilch.
On where I got it from
Myself I only use the server side version

Edit:
also the only Intel Me functionality you named was remote control, which is named AMT by Intel.
I would not describe myself as an ME user, much like the average Windows user isn't a Microsoft Telemetry user until they start reading or writing crash rapports.


Last edited by LoudTechie on 24 October 2024 at 3:11 pm UTC
F.Ultra Oct 24
View PC info
  • Supporter
So the companies that screw me over with Intel ME and AMD PSP are joining forces ? Consider me wanting to get off X86 to RiscV or Power9 even more than before.

yes it is popular to scare people that have no clue on how things work that these are somehow secret spy things when they in reality are nothing but managing devices for enterprise IT departments (just like how we in the server space have full on BMC cards instead).

ME is also what powers fTPM, bios signing and PlayReady drm.
These are all used to restrict your freedom to use your device how you like right now.
ME has been used by Israelian hackers to hack devices.
The procedure for using it requires you to receive an identification key from Intel based on information Intel generated, there is no indication that you can lock Intel out.
Maybe the American government isn't using it as a back door right here, right now, but the only reason we have to believe that is Intels' word.
ME is the reason modern devices can't install coreboot.

Also if it was just for remote management they would've put not such ridiculous amount of effort to counter all the efforts that have been done to remove it, because this is how it went: first you could simply remove the hardware, than they patched that and you could only remove the software, than they patched that and you couldn't, but someone found the secret government switch to turn it off and than they patched that and now the we have clean room reverse engineer it to turn it off without bricking our devices.

Also I'm not an It department and Intel knows that, because they sell a different bussiness and consumer line.
This is a feature they know I will never need, but they added it anyway.

The PlayReady drm does not use Intel ME, it uses SGX which is a completely different thing. fTPM exists only on AMD so again not Intel ME. Nor does it do bios signing.

Various hackers around the world have used every single piece of hw and sw to hack devices so not sure why Intel ME should be singled out for that reason. And for that matter I cannot find any information at all about anyone having hacked Intel ME, Israeli or otherwise, is this you confusing this with something else again or do you have any links?

You also seem a bit confused about coreboot, there are no Intel ME mechanism to prevent the installation of coreboot. The only connection between Intel ME and coreboot is that since Intel ME have it's firmware stored in the BIOS, Intel ME is disabled by coreboot since coreboot does not contain the necessary firmware.

Intel ME have never been a separate piece of hw, it have always been builtin to the cpu and it really have to be in order for it to function the way it's supposed to work.

I think that you are confusing Intel ME with TPM here since TPM started out as a separate chip and was then moved into the CPU after it was discovered that the connection between the TPM and the CPU could be eavesdropped and manipulated in a way that rendered TPM useless.

Intel ME is builtin to every single cpu since #1 Intel does not know which specific cpu a business tends to purchase for their office machines that their IT department wants to perform remote administration on and #2 it would be extremely expensive to have two separate chip fabs for non-ME and have-ME line of CPU:s of the same core design.

I would hope that people would understand that IF intel decided to put some hidden backdoor into their processors that they would have done that _hidden_ and not in a piece of hw that they openly advertise (and with complete guides on how to use like this one: Getting Started with Intel® Active Management Technology. Also to date not a single person have been able to see any Intel ME trying to communicate with the outside world (aka phone home), had this ever occurred you would not have missed it since it would have been screamed from rooftops.


In the modules section of the wikipedia BootGuard(bios signing), Protected Audio Video Path, frimware TPM(fTPM) and Secureboot(os signing) are explicitly mentioned as ME modules together with AMT(remote management feature).
You seem to be right about your playready thing though.

I'm not confusing ME with the TPM. That's why I specified it served fTPM(the f stands for firmware).
I was though conflating Coreboot with Libreboot. Libreboot/Canoeboot can't run on modern devices, because it doesn't include the properietary ME code.

The problem with the hacking, is that I can flash a new os when my os is hacked, but not a new ME.

wikipedia explanation of how Intel bootguard prevents coreboot.

Intel sells the Xeon line for enterprise applications and the I line for consumer applications they can simply only include it in Xeon processors.

The lack of phoning home is indeed the best proof we have about it not being a backdoor, which to me proofs mostly that they're not listening in on the devices of the kind of people who monitor and publish their web traffic.
Intel publishing it isn't that surprising.
Several researchers pull processors apart for new undocumented features finding something new without an explanation is really suspicious, while "we're trying to compete with openssh" is a lot less suspicious.

ok, had somehow missed that boot guard was part of ME, thanks for pointing that out. Yes XEONS are for server and workstation use but 99% of office machines are not Xeons and remote management is something that large companies use to manage their large fleet of office machines. Myself I only use the server side version (so a full BMC on Xeons and Epycs) since where I work we let every one manage their own pc as they see fit, but the servers we have in a remote location and ssh is not fun when the machine is stuck in bios, powered off or kernel hang.

99% of office machines are not Xeons
: extra reason for Intel not to include enterprise specific features in them. A Xeon is an upsell(more expensive), you want those precious enterprise features, pay for them.
On the SSH point:
A. SSH is only not fun in those situations when it's not on a separate already booted controller(just like intel AMT), but that is actually quite easy to build.
Most server racks already have separate controllers.
B. Well, yes that's why they can argue it to be an attempt at competing with SSH. SSH might be free as in freedom and free beer and have more features, but it requires to set up your own separate microcontroller to manage ring 0 crashes.

Also a more generic reason I have against, "but it's for enterprise IT".
In enterprise IT the users don't own their time and/or devices any limitation of software freedoms makes sense in such a situation, because it would directly cost the one who does own these things the software freedom they get from owning these assets.
As a private buyer I do own my time/devices as such I want to control them.

Office desktops outsells consumer desktops by orders of magnitude and is where the money is for companies like Intel. Them removing ME from their consumer grade CPU:s and trying to get companies to upgrade to Xeons would only lead to one outcome: every single company would switch to AMD.


A. For at least a decennium AMD didn't have their own ME/AMT alternative(yes, it does now, but that is much later), so there would still be little reason and on the workstation devices AMD was never a real alternative anyway(, because no seller of prebuild workstation devices includes them, allegedly because intel pays them to).
B. Also Office desktops don't need the, "but I can edit the bios" feature, since there will always be someone who can follow simple instructions behind it and the os can flash the bios if you want to run an update.
For servers it's needed, because you might need to flash a new custom and unsigned bios, but for workstations you don't need that.

Edit: They included the option to turn it off for the American army, they could have simply left the option when it was discovered and used.
It required a special motherboard, so enterprise workstation devices could have avoided it easily by simply not blowing that fuse.
Residential consumers aren't an as profitable market as big enterprise contract, but they're the size of American Army contracts.

Intel added ME in 2008 and AMD added PSP in 2013 so both have had this for 11 years now, and those 5 years in between was Intel taking 100% of the company sales due to AMD not being viable here, Intel breaking that advantage by moving it to Xeons only would be an insanely stupid move.

Also this "they could not have hidden it" is kinda moot, the number of people that can scan down to nanometres AND also make some sense out of interconnections among 4.2bn transistors are easily counted and those same people would be far more capable of finding any nefarious design in the small area of the ME thanks to Intel showing exactly where on the chip it is. This whole fear mongering that it was put there due to demand from NSA was shutdown when we got the Snowden files since there isn't a trace of this there plus that it also showed that this is not how they operate, they instead perform targeted attacks where they capture hardware in transit and modify it before it reaches the customer (which is much more logical since it reduces the number of possible whistleblowers).

There are not "it can edit the bios" feature, not more than what you can do from userspace.

I can find no information on that the US army required Intel ME to be disabled. What I do know happened however is that the NSA requires that it is disabled to meet their "High Assurance Platform Mode" standard but that is not strange, that is simply them requiring all venues where code can be injected and run that is not neccessary for their operation to be disabled, in a HAP the very term remote administration is a big nono to begin with.

To date no one have found a shred of evidence that Intel ME or AMD PSP is used as a backdoor for anyone despite having existed for 16 years and it's not that people haven't tried to find any.

during that periodthey grew 6 percentand made faster chips, while when they still had market dominance, but slower chips and their competition had AMT too it cost them 10% market share..
I internally explained that with people buying faster cpus, but maybe you're right and the only feature the profitable customers care about is AMT or AMT is needed feature for faster chips.
If any of those is the case I would be quite sad, but maybe you're right.

I don't need to scan down to the silicon level to activate an option in the bios. This is a feature they disabled later when users like myself started using it.
On the ease of hiding
A. Universities have access to such ability and they publish most to all things they find.
B. Also you don't need to scan up to silicon space to find software(and you need software to keep it updateable, which they need and did for something with full control of the entire device).
C. Also it's always active, so it could've been easily detected by power draw.
Generic storage chips take quite a lot more space than a few hard wired instructions and storing it on existing chips means someone only has to scan that chip

I've personally used the permanently disable feature on my older computer where this was still an option.

There are not "it can edit the bios" feature, not more than what you can do from userspace.
Than it has no advantage to openssh in workspace machines and as such they should make it Xeon specific.

On the backdoor question:
A. Bootguard, secureboot and drm are backdoory enough for me personally(they took control of my bios/computer).
B. Distinquishing an actively exploited vulnerability from a backdoor is really hard especially when the attacker has resources on par with intel. It has at least been actively exploited by the PLATINUM group.
C. Often western government attacks are aimed at specific targets(often called "spear fishing"), so just because the kind of people who actively publish their internet traffic aren't currently under attack doesn't mean nobody is and all the other signs are there.
All you need for AMT access is a code provided by intel(I read in on the public procedure).
They put real effort in sabotaging all removing efforts.
We didn't get access to the source code(not even source available).
It has access to the entire device.
The thing was introduced 3 years in the PRISM program(changing the fabs for new chip features costs 2 years).
(Also if you want to get truly paranoid:
For as long they only had it they made the fastest chips in the world and once that stopped they didn't, it doesn't sound like a very speed inducing feature, so maybe they got heavy R&D funding or access to classified technology from the government for introducing it.
I don't think it's the case, but it's an argument someone might use.)

The thing you have missed with PRISM is that it was leaked (on several occasions), now show me the Intel ME / AMD PSP leaks. And please show me a single university with this capability.
Holy quote tree!

Yeah It's my shame.
I can't resist it.
What I should have done was let them have the last word, but I didn't, because I can't resist flexing my web search skills and am quite addicted to the smug feeling I get from being convinced that I'm right.
Also they're the first actual AMT user I've encountered in my life, so their perspective is actually quite refreshing.


Edit:
I retract all my shame look what I found. It seems to be a description about how to get full read/write access to most of intel ME and at least the advanced method works for us too. The official Intel method(pinmod) works too.

I am not an Intel AMT user, not even sure where you got that from. And these new links doesn't prove your case either.


I wasn't trying to proof my case to him and yes this proofs zilch.
On where I got it from
Myself I only use the server side version

Edit:
also the only Intel Me functionality you named was remote control, which is named AMT by Intel.
I would not describe myself as an ME user, much like the average Windows user isn't a Microsoft Telemetry user until they start reading or writing crash rapports.

And with server side version I obviously meant a BMC/ipmi card. I wasn't talking about the server version of Intel ME but about the server side of this kind of service.
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
Login / Register