back to article Trustworthy x86 laptops? There is a way, says system-level security ace

Security concerns around Intel's x86 processors – such as the company's decision to force the secretive Management Engine microcontroller onto its silicon – have raised fundamental questions about trust in personal computers, whatever architectures they may be based upon. Youtube Video The founder of Invisible Things Labs, …

  1. Christian Berger

    Well yes, but I would keep the complexity down first

    Every line of code is a potential security critical bug. And with Rowhammer we have seen that isolation mechanisms are often not effective.

    I'd personally go for simpler systems which abstract away critical functions on dedicated hardware. That way no glitch of your RAM chip can give you a key you shouldn't have. Obviously those dedicated pieces of hardware would need to be open and ideally simple enough to be audited many times over.

    @TheReg: Could you please also link to the _real_ offical video, not the copy on Youtube There's also a way to download/torrent the high resolution files, as well as tons of other videos. Most talks which are German are translated into English, some even into Swiss German.

    1. TheVogon

      Re: Well yes, but I would keep the complexity down first

      "“Of course there is only one company making these,” Rutkowska said. “It's an American company called Intel, and it's a completely opaque construction.""

      Did I miss an announcement from AMD that they are no longer making CPUs?

      1. d3rrial

        Re: Well yes, but I would keep the complexity down first

        Since when does AMD own fabs again?

  2. ecofeco Silver badge

    We need this

    We need this or something like it. I'm no computer scientist, yet I was able roughly follow the idea and concept of this proposed configuration, which means to me it follows the basic tenet of elegance and simplicity and thus often robust as well.

    I also like CB'c (above) enhanced proposal.

  3. PNGuinn
    Black Helicopters

    Trusted storage


    Keep all this firmware, data etc stored externally on a bit of external ( to the system, not necessarily the machine) flash memory.

    Sounds on the face of it like a reasonable idea. Now, can someone reassure me that the sophisticated computer system built into that bit of flash to organise the storage is in itself secure?

    Not decrying the research, just paranoid as usual.

    1. Paul Crawford Silver badge

      Re: Trusted storage

      No, that is not as big a problems as "can we be sure there is no hidden storage on the main CPU, or anything like it in a vendor-supplied device driver?"

      Really it comes back to two important and related issues for 'trust' in a system:

      1) Is everything open to inspection and cross checking? The basics of open source development really (and yes I am aware of the likes of Ken Thompson's compiler backdoor).

      2) Is the level of complexity as each key step manageable for inspection and/or automated validation?

      Having hidden code in the US-based corporation's "CPU" for remote management is a nightmare for any non-US government as it offers such an opportunity for a planted backdoor, as much as it is a nightmare for everyone else who cares about security due to the opportunity for plain old fsck-ups.

    2. Anonymous Coward
      Thumb Up

      Re: Trusted storage

      That's basically what I've been thinking. Separate (or separable) hardware for compute and storage. Preferably redundant local and remote storage, which doesn't need to be trusted if the compute device encrypts everything sent to storage.

      I don't think she's paranoid enough though. On x86 (and ARM, MIPS, etc), system-level software can see your decrypted data in RAM, and there's no way to verify that no system-level malware is running. It's a black box. So I say, use x86 for fun and games, and a slow-but-trustworthy compute device for communications. Implement it entirely in FPGA. Or discrete TTL chips (not particularly difficult). Of course, even a 7404 chip is a black box, as are most display & input devices. The ultimate solution is a DIY-friendly manufacturing process, from raw materials to finish. Until then, trust no electronics.

      1. Anonymous Coward
        Anonymous Coward

        Re: "even a 7404 chip is a black box"

        "even a 7404 chip is a black box"

        It's a black box, yes. But unless it knows where it fits in the bigger picture, the stream of 0s and 1s it sees is utterly useless. It has no concept of where it might find "data" or "memory".

        There are limits to what you can do with a reasonable quantity of 74xx-class logic. Have a look at, and a read about, (say) DEC's VT05 terminal to see what can be done with a load of SSI/MSI chips in a quite sizeable box.

      2. John Savard Silver badge

        Re: Trusted storage

        Well, there are always discrete transistors.

        Even if the transistors had extra circuitry in them, there would not be enough wires out of the package for it to be easy for those devices to open a hidden channel...

        1. Mpeler
          Paris Hilton

          Re: Trusted storage

          Valves (tubes) and relays - they're the only way to go. You can even see the bits as they go by :)

          1. bazza Silver badge

            Re: Trusted storage

            Has everyone forgotten that some of Sun / Oracle's SPARC CPU designs are open source?

            If you really wanted to you could inspect and approve their design, set up your own fab, make your own chips, build your own machine, and put Linux on it. If your not interested in the smallest possible transistors (14nm today?) the fab could be comparatively cheap.

            You can have a complete open source hardware software stack without having to start again from scratch.

            1. This post has been deleted by its author

    3. oldcoder

      Re: Trusted storage

      Not just that... but the bus connecting that to the CPU...

      Then there is the added complexity of adding yet MORE pins to the CPU...

      1. Sir Runcible Spoon
        Paris Hilton

        Re: Trusted storage

        I wonder if anyone has ever run a comparative analysis of the network traffic as reported by something popular - like wireshark for example = against a traffic analyzer in the middle of the flow to see if there are any differences?

        Mind you, the chipsets may be coded to hide anything to address 'X' - so the 'trusted' analyzer would obviously have to be based on a different chipset.

        It would be really interesting to discover if there was anything picked up that wireshark didn't report.

  4. Rusty 1

    This is why

    This is why I have always advocated having roast parsnips along side the tatties. Especially if there are some finely cooked sprouts too.

    The tatties may be be compromised for one reason or another, but those delicious parsnips will bring it all home again.

    Hedge your bets, or just enjoy it all! I know I do!

    1. Roo

      Re: This is why

      "The tatties may be be compromised for one reason or another, but those delicious parsnips will bring it all home again."

      Wise words. :)

    2. Michael Wojcik Silver badge

      Re: This is why

      You fool! The parsnips are compromised!

      Of course it is impossible to prove that any root vegetable is secure. Once a vegetable gets root, all bets are off.

  5. John Styles

    I am surprised the author views there being no other viable processors. What about POWER / MIPS?

    1. Roo

      "I am surprised the author views there being no other viable processors. What about POWER / MIPS?"

      None of them are viable if you're trying to make a known-stateless bit of kit... Even the FPGA she's talking about could have bit of the die specially reserved for the use of the criminal/spook fraternity. Intel has now invested a substantial amount of cash in the FPGA business - so she can come back in a couple of years and tell us that all our Intel FPGAs are untrustworthy too.

      She's raised a fair point though, but it's a moot one until she has a fab that she trusts to produce the logic & the storage. I can't help but hope that there are side-channel attacks that can reliably detect the untrustworthy bits, as I'm unlikely to be able to afford a fab I can trust. :P

      1. John Styles

        If you take your viewpoint then considering any processors (as opposed to using FPGAs is absurd), however the paper DOES mention processors, so why just that two?

        To me it seems that the 'PC' platform is a toxic wasteland and ARM seems suspect for reasons described in the paper ( I had a conversation pretty much on the lines of the paper a few days before I first saw it ).

        So the other processor architectures do seem potentially less toxic.

        How viable is the 'oh noes the FPGA hardware / toolchain may be cunningly backdoored to work out I am making a GPCPU and subvert it' argument some people are making really? Seems a bit tinfoil hat to me.

  6. a_yank_lurker Silver badge

    What is the weakest link?

    The real security issue is mitigating the weakest link which often happens to be wetware. The inherent security of the BIOS, CPU, OS, etc are meaningless when users to something extremely stupid. This a when not if for all users with only major variable being how often. Next in the chain, is which part of the system can the attacker readily use or attack. Often this is the OS or the browser. Weaknesses here are often easy to exploit in some cases even with an alert user.

    1. Anonymous Coward
      Anonymous Coward

      Re: What is the weakest link?

      In the larger sense, yes, social engineering is much easier than hacking a modern system. However, she specifically mentioned things like air gapped systems, which are used by those most paranoid about security and are really unlikely to be opening random webpages on their machine that's not connected to any network. If you're worried about someone hacking your air gapped system, this is interesting stuff (so primarily governments or those targetted by a government). If you're just trying to keep grandma from sending you more spam, then no, this won't help.

      1. Robert Helpmann??

        Re: What is the weakest link?

        Too, at some point you have to trust someone beyond yourself. Even if it is possible for me print my own processors and other components, write my own OS and apps, and roll it all together and have my very own personal system, there aren't enough hours in the day to do all that. This means I have to depend on and ultimately trust others to help out. Yes, people can be and sometimes are compromised, but it is much more common for them to make mistakes with a far second being that an untrustworthy bit to get slipped in on the sly.

        Qubes OS seeks to mitigate this by relying on a microkernel OS (Xen) for hosting duties with the idea being that not only open source but much less of it will make the issue of security more manageable and thus less prone to error.

        It seems we have the same sorts of issues with hardware that we do with software, but none of the tools to deal with them. It's pointless to have an open source chip if you cannot verify the final product is what you expect it to be. In the face of that, perhaps using Rutkowska's "trusted stick" (I agree that this is not a particularly sexy term... perhaps "hardened rod" would be better?) on a system designed to use processors from multiple sources or spread out across different systems in the cloud might make sense for now. That way, no bad actor could easily obtain a complete picture of what was going on at a given time through the use of the ME.

        1. Anonymous Coward
          Anonymous Coward

          Re: What is the weakest link?

          > there aren't enough hours in the day to do all that. This means I have to depend on and ultimately trust others to help out.

          If people would lower their expectations it would be doable. And you can rely on others if you can check their work. That's standard practice in engineering, surveying, accounting, lots of professions... but not IT.

          I figure nobody will give a damn until there's an epic existential tragedy... i.e. millions die as a direct result of blindly trusting IT.

        2. AnonFairBinary

          Re: What is the weakest link?

          The issue of trust is not just on a personal level, but also on a state level. Today, everyone must trust that the US has not had Intel include something objectionable in it's processors. Theses days, such an requirement is really hard to take for nation states. So while it is unreasonable for one person not to trust anyone, it is equally unreasonable to expect everyone to trust any particular someone.

          That means nation states setting up some sort of systems they can trust by assigning resources towards assuring themselves that hardware is trustworthy. That's not unreasonable.

    2. ckm5

      Data slicing

      One of the best ways of dealing with highly sensitive data is a technique called data slicing (also known as data dispersion), where you chop the data up into meaningless bits and only re-assemble it at the point of consumption.

      In the old days, this was typically implemented by having 2 to 5 separate computers (on separate networks) on one's desk, with re-assembly being a manual process that often occurred in the head of the person sitting at the desk. More recently, a company called CleverSafe used this same concept to secure cloud data.

      It seems to me that a modern variant of data slicing could be used to secure data in insecure systems.

    3. John Savard Silver badge

      Re: What is the weakest link?

      Of course, but the point is that if the hardware and the OS are not secure, then even the few people who are able to follow proper practices and who are concerned about security have no way of achieving it.

      Making computers idiot-proof is likely to fail, as the world keeps making better idiots - so goes the old joke.

  7. David Roberts

    Performance vs security?

    AFAIK one reason that more and more functionality is being crammed into the processor chip is to increase performance by bringing everything closer together.

    To follow the security advice, everything should be in discrete auditable packages.

    So are we now at the point of "fast, cheap, secure - chose any two"?

    1. Solmyr ibn Wali Barad

      Re: Performance vs security?

      "So are we now at the point of "fast, cheap, secure - chose any two"?"

      At the point of painful understanding, perhaps, but the underlying principle hasn't changed much. System design has always been a fine art of compromises.

    2. Anonymous Coward
      Anonymous Coward

      "fast, cheap, secure - chose any two"

      fast, cheap, secure - chose any ONE


    3. DropBear

      "fast, cheap, secure - chose any two"

      Rather choose any two, as long as "secure" is not one of them.

  8. Charles Manning

    You can hide a vecor anywhere...

    If you distrust Intel and don't even use their chips, there are still many processing devices in a laptop or other computer.

    These days most Ethernet controllers etc are implemented as bought-in IP which can access the memory and can implement any sort of state machine you like.

    The same goes for graphics cards, disk drives,... you name it.

    Even if you were to design all devices from the ground up using FPGAs, do you trust the FPGA vendor's software? Even the memory controller library on some FPGAs includes a CPU and it requires far less than a CPU to compromise a system - just a small state machine will do it.

  9. Anonymous Coward
    Anonymous Coward

    First step is to never install the AMT driver

    Every time one of my computers boots into Windoze I get a popup prompting me to install driver software for "PCI Simple Communications Controller" (this is the Sandy Bridge version). I zap it away leaving the AMT at least partly disconnected... The family thinks I am crazy. "The Govmint wouldn't build a back door in your computer! No way!"

    1. Anonymous Coward
      Anonymous Coward

      Re: First step is to never install the AMT driver

      The "PCI Simple Communications Controller" is not exclusively related to AMT, it's merely the register (HECI) interface for host CPU drivers to send messages to the ME. Most AMT functionality is handled through three other PCI devices that show up when AMT is enabled. That said, not installing the drivers for the HECI interface does not prevent the ME from doing its stuff in the background. The ME is still running behind the scenes.

  10. Kev99 Silver badge

    Do AMD processors also have this ME and MCH micro-mini processors?

    1. ckm5

      Yes, pretty much all modern micro processors have some sort of embedded controller - that's how they load & run microcode that 'patches' hardware bugs. Intel's ME is a little more extensive, like a BIOS on steroids, but a lot of modern computers have provisions for remotely controlling the hardware. It used to be described as IPMI and reserved for server-level hardware but it's now spreading to everything.

      Someone below mentions AMD's PSP system, but there are others out there from Dell, SuperMicro, Toshiba, etc.

  11. allthecoolshortnamesweretaken

    This is very interesting and a little bit scary. Maybe I should dust off one of the vintage computers in the attic?

  12. Anonymous Coward
    Anonymous Coward

    AMD too...

    More recent AMD SOCs include the ARM based PSP platform (in)security processor, which probably has similar powers. Involvement of a three latter agency would not be far fetched in my eyes.

  13. Henry Wertz 1 Gold badge

    Slot machines?

    Has anyone looked to see what slot machine vendors have to say about this? They worry about security (both for the obvious reasons, and regulatory framework that ironically requires slot machines to have much higher security than ATMs or electronic voting machines). I've seen one boot, it's pretty verbose.. the BIOS validated itself, the bootloader, and the package it booted. The bootloader validated the BIOS and packages (kernel and root filesystem). It booted into Linux, which validated the bootloader, the kernel and the executables. The executable appeared to run a self-check of some sort before the slot machine software came up.

    Not that a setup like that would be viable for most systems, as I want to be able to actually add and remove software from my system. But, they may have something practical to say about (for example) being able to disable or restrict the ME, so people who are not interested in it's functionality are not exposed to the potential additional attack surface it represents.

    1. Anonymous Coward
      Anonymous Coward

      Re: Slot machines?

      not worked on slot machines, but have on payment receiving (rather than payout) systems - all used generic Windows versions, including some "self service" tills: no validation of anything at all. We migrated a jukebox over to Linux (tripwire etc), and tested it within Xen (as a sort of jail - we're talking 2.6 kernel, Xen 2.x days) but the PHBs would not allow anything that required anything other than off-the-shelf hardware, anything that would produce BIOS-like messages that aren't "normal", or anything that would mean a fresh-out-of-school (in a UK sense) technician couldn't do any on-site/hardware service request ....

  14. frank ly

    What do Intel have to say about it?

    Not just PR releases; current and ex-engineers may have interesting information to 'leak'.

    1. Bronek Kozicki

      Re: What do Intel have to say about it?

      The official information is linked from the article itself : Intel AMT . More interesting is the fact that it seems very difficult to avoid it if one is building machine using recent CPUs, since it seems to be (nearly?) everywhere, one notable exception being Xeons E-7 (but possibly only by the virtue of designs slower to update)

  15. Anonymous Coward
    Anonymous Coward

    Ok, lets bring back the days of simple CPU's

    Where you toggled in the HDD bootstrap through the front panel.

    Where the CPU Maker supplied FULL schematics of the CPU (I have a set for the PDP-11/45)

    And companies like fucking Intel/NSA did not exist.

    The world would be a very different place.

    1. circusmole

      Re: Ok, lets bring back the days of simple CPU's

      But the PDP11/45 ran DEC proprietary micro-code (along with other PDPs - 11/40, 11/70...) so you still cannot be absolutely sure what the machine is getting up to. Later versions of the 11/70 even had a built-in micro-PDP processor for system management (also with micro-code - this was unpublished I seem to recall).

      On the other hand DEC did provide the micro-code listings for the 11/45 etc... - if you could understand or figure out how the hell it worked :-)

      1. Anonymous Coward
        Anonymous Coward

        Re: Ok, lets bring back the days of simple CPU's

        all the PDP-11/70's I encountered had front panel switches. Hardly a sort of system to have a control CPU.

        The 11/45 I have in my garage is all 74 series logic and a few LSI chips. Mind you, it is a very early one (Serial number <400). There is no storage available to load any microcode. I've often run it directly from paper tape without and of the 2xRK05's or 2xRL02's connected to the Unibus. This may have changed for later versions. (paper tape is for diagnostics). There is a fix on the backplane for a couple of instruction errors (most significant bit problems on ROTL)

        I don't think the single board LSI-11's have an microcode facility.

        Now the VAX 11/780 did have a controller system. It was a PDP-11. INitially it was running RT-11. Later versions used a modified PRO/380 system which was RSX-11M based.

        Thr VAX 11/750 and 11/730 used different systems.

        There was microcode. in both the 11/750's and 11/730's.

        The 11/730's were if my (failing) memory serves me right were 2901 based (4-bit slice). I only built the prototype of variant with a TSU05 tape drive in the top so how do I know eh?

        1. Anonymous Coward
          Anonymous Coward

          Re: Ok, lets bring back the days of simple CPU's

          "The 11/730's were if my (failing) memory serves me right were 2901 based (4-bit slice)."

          Matches my recollection too. Some of the rest, less so.

          "all the PDP-11/70's I encountered had front panel switches."

          So you never saw any with the Remote Diagnostics console, to allow dial-in from the Service Centre? (using a Post Office Telecom modem the size of six inches of 19" rack to provide a whole 1200baud or so). It *might* have had an 808x in it, not sure. Pretty sure it didn't do much you couldn't already do from the serial console.

          "The 11/45 ... no storage available to load any microcode."

          If it's not loadable does it not count as microcode? [Genuine question]

          Anyway the diagrams at

          include 14 pages of "microcode" flow diagrams but maybe they're just generic flow charts?

        2. Anonymous Coward
          Anonymous Coward

          Re: Ok, lets bring back the days of simple CPU's


          Wrong on all counts - the 11/70 was a microcoded CPU and from my memory the microcode was stored in 256 word ROM (I think - it was a long time ago) with a long word length that I cannot recall at the moment. What I can remember is that the least significant 8 bits of the microcode word were the address on the next word in the ROM (modified by CPU condition codes etc.).

          The LSI-11 was also microcoded a-la the 11/70 and in this case this microcode is stored in on-chip ROM.

  16. This post has been deleted by its author

    1. Anonymous Coward
      Anonymous Coward

      1980scoder - designing for the lowest common denomination is not the answer either. It is ridiculous to suggest such.

    2. Charles 9 Silver badge

      That problem will exist as long as humans exist. As a comedian once said, "You can't fix stupid."

      1. Sir Runcible Spoon

        'As a comedian once said, "You can't fix stupid."'

        That isn't a joke, that's a point of high philosophy.

  17. This post has been deleted by its author

    1. anonymous boring coward Silver badge

      Her research is relevant for everyone, in the long run. Mentioning some extreme cases of bridging air gaps, etc, is done to give the complete picture. Scientifically minded people tend to try to cover all bases -something you don't seem to grasp.

      1. DropBear

        And you don't seem to grasp that there's no such thing as "complete security" - it's turtles all the way down. It's why any discussion on security is only meaningful against a defined threat model, the only point of which is to say "limit abilities of the attacker to this or that level, and concern yourself not with anything more elaborate". Her concern for airgapped things is of course not irrelevant in a general sense but it does indeed not apply to 99.999% of those who might ever read this, and it is correct to point that out.

        1. Sir Runcible Spoon

          This is like arguing about the existence of a single unifying theory of everything.

          Investigating it allows you to learn a lot of useful things along the way, whether it exists or not.

  18. This post has been deleted by its author

    1. anonymous boring coward Silver badge

      I believe she said "better", not "perfect".

      I don't think she claimed to have solved the problem.

    2. Destroy All Monsters Silver badge
      Thumb Down

      > Absolutely ridiculous comment that shows a basic lack of knowledge.

      If you say so, extremely skilled commentator.

      > Without getting a microscope out and examining the 3D printed chip, how do you know that the 3D printer actually created exactly what you told it to?

      What else would it have created? Does it have a library of everything printable and a specail rom with Evil Patches to apply on need? WTF?

      But yeah, maybe you are in a virtual reality, who knows?

      1. Anonymous Coward
        Anonymous Coward

        > Does it have a library of everything printable and a specail rom with Evil Patches to apply on need? WTF?

        There is a famous example of a university lecturer doing exactly this on GCC as a lesson to his students. The mangled compiler recognized one code pattern - the login parsing for a Unix system - and inserted a backdoor user name. It also recognized compiles of GCC, so even if the student compiled their own GCC, it would propagate the malicious detection code forwards. The patch wasn't even that large IIRC.

        This type of patch needs exactly one patch for each of the common "open" CPU architectures on the planet, and then it's DOA.

        In a complex system you always need to trust someone ... with modern electronics and software it is infeasible that you have all of the expertise yourself. You did write your own compiler, from scratch, right?

        1. joeldillon

          Thompson is not 'a lecturer' and it wasnt the GNU compiler, but yeah.

      2. Anonymous Coward
        Anonymous Coward

        "Does it have a library of everything printable and a specail rom with Evil Patches to apply on need? WTF?"

        I see where you're coming from and generally agree, but there are stories (which I haven't verified) several years old that some high end colour printers recognise the appearance of certain currencies and won't print them. Some people might understandably see it as not a massive leap from that to 3D printers with filtering and modification capability. I think that's a bit far fetched, but then some people claimed Echelon was a bit far fetched, a couple of decades ago. We're a lot wiser now, courtesy of Snowden and others:

        Mission Imposible's just starting. I need to watch to catch up on what's state of the art.

        1. Rob Daglish Bronze badge

          I remember trying to scan a ten pound note into photoshop a few years ago - I seem to recall it came out with a purple transparency over it. I was in a printing company, using Apple Macs, and needed to test that one of their new multifunction machines could scan to the mac over the network, as the MFP installer would only connect it to a Windows system - I seem to remember that I got the same result doing a straight copy on the MFP as well.

      3. AnonFairBinary

        It's Turtles all the way down!!!

        how do you know the 3d printer isn't infected? You build the first printer from scratch, and it has

        very limited functionality, just enough to build the next printer, and you iterate, so that at the end you

        have a trustable device. This isn't reasonable for a person to do, but for a state actor, maybe...

        1. Charles 9 Silver badge

          Re: It's Turtles all the way down!!!

          "how do you know the 3d printer isn't infected? You build the first printer from scratch, and it has very limited functionality, just enough to build the next printer, and you iterate, so that at the end you have a trustable device. This isn't reasonable for a person to do, but for a state actor, maybe..."

          But then, a state actor may have the resources to subtly subvert the very first printer you make (on in the other example, the system on which you build the initial assembler/compiler). And they may even defeat the technique to detect the latter (cross-compile against a known-good compiler) by making it so you can't be sure you have a good compiler.

  19. emmanuel goldstein


    I'm off to buy a typewriter. Happy New Year.

    1. Anonymous Coward
      Anonymous Coward


      "I'm off to buy a typewriter."

      Destroy your used ribbons securely. Only use ink ribbons - not those that deposit a piece of plastic that can be removed later.

      Make it a purely mechanical one - not an electric one.

      However - a manual typewriter produces print quality variations that can be unique to the machine and the person using it. Can the sound of a mechanical typewriter be analysed to work out which keys are being pressed?

      1. chivo243 Silver badge


        "Can the sound of a mechanical typewriter be analysed to work out which keys are being pressed?"

        Yes, absolutely.

        1. emmanuel goldstein

          Re: ALL YOUR x86 ARE BELONG TO US

          nice (fictional) example of this in episode 3 (I think, maybe 4) of "Deutschland 83".

        2. Yet Another Anonymous coward Silver badge

          Re: ALL YOUR x86 ARE BELONG TO US

          Not even a typewriter is safe

          1. DropBear

            Re: ALL YOUR x86 ARE BELONG TO US

            "Not even a typewriter is safe"

            ...and I was just about to point out that even "electric" typewriters like the Selectric (which only uses electricity to mechanically drive the machine, not to process data) can be safe - well, so much for that. Granted, they couldn't subvert what wasn't there so they had to build in a foreign piece of high technology to do the snooping, but yeah, point taken (whiffletrees are still rather cool mechanisms though). Thanks for the education and a thoroughly fascinating read for a Sunday afternoon...

            1. Sir Runcible Spoon

              Re: ALL YOUR x86 ARE BELONG TO US

              And if you absolutely must use pen & paper then ensure that you put a hard barrier between the top sheet of paper and the one below it.

              It's why I still use an ink pen rather than a biro for writing my passwords on post-it notes.

              1. Charles 9 Silver badge

                Re: ALL YOUR x86 ARE BELONG TO US

                Last I checked, biro (ball-point) pens still used ink. I believe you're referring to a fountain pen or some other type that writes without a lot of pressure. I believe you can get similar results with a felt-tip marker-like pen (using one very light not only doesn't leave an impression but controls the possibility of bleed-through).

                1. Michael Wojcik Silver badge

                  Re: ALL YOUR x86 ARE BELONG TO US

                  I believe you can get similar results with a felt-tip marker-like pen (using one very light not only doesn't leave an impression but controls the possibility of bleed-through).

                  I find writing the passwords down in blood works well.

                  Not my own blood, of course. I'm not stupid.

  20. John Doe 6

    But isn't the TPM...

    ..exactly what ms. Rutkowska is asking for ?

  21. Mellipop

    USB dongle

    Wonderful start to the year. Great comments, great humour.

    If the portable security dongle was the keeper of keys and the end point of HIP DEX (, then we could ward off the worst parts of the internet which is now the ultimate malware.

    Can't live without it so better get used to it.

    I suppose this USB dongle can also run Tahoe-LAFS to distribute and secure our data. And finally let's extend the basic data types in programs written in modern languages so the bit patterns are obfuscated. Trust no-one. Not even another program.

  22. theOtherJT

    "legislation may come to the rescue."

    "Drawing a parallel between the development of human rights and the development of secure personal computers, Rutkowska suggested legislation may come to the rescue."

    Unfortunately the sorts of people in a position to actually exploit the vulnerabilities she's talking about here are exactly the sort of people who don't give a damn about legislation, and when they do get caught breaking the law are in a position to make sure it's the law that changes, not their behaviour.

    1. Destroy All Monsters Silver badge

      Re: "legislation may come to the rescue."

      Legislation will come to the rescue indeed.

      I could imagine requirements for special hardware that must be able listen for unfiltered ISP-emitted packets not far in the future. To catch copyright infringers, of course.

  23. Anonymous Coward
    Anonymous Coward


    Management Engine microcontroller presentation - slide 33 particularly scared me.

  24. Anonymous Coward
    Anonymous Coward

    What wire protocol does it use?

    Ok so the sneaky device can take over your NIC. Then what?

    Is there anything that you can see on the wire with tools such as Wireshark?

    Can any external connections to/from it be blocked with firewalls?

    If the external protocols can be documented then they can be blocked. Would this nullify the device?

    I'd expect that the NSA would love to be able to access your computer using this thing.

    Or are they doing this already and we just don't know about it.

    Or will the spooks stop us from finding out how to block it?

  25. Palpy

    For most of us --

    -- I think that nation-state level attacks are not the greatest worry. Yes, absolutely, the on-chip systems described could harvest data from my machines. I'm pretty uninteresting, and if an entity harvested all data from people like me for 2016 then they would have, well, enough stuff to keep all their database analysts busy for many centuries. Then they'd still have 2017 to get to.

    What interests me more is not being a low-hanging fruit (and I mean that in the most non-sexual way possible) (so keep your smirks to yourselves). At this point it appears that for-tha-munny hackers are not hacking Intel's ME or AMD's PSP systems. As we all know, the vulns they use are mostly Adobe, Java, Windows, some SSH and other protocol stuff, etc. (I may be wrong. Am I?) And of course wet-ware exploits are always in play.

    So yes, I run Qubes on the 5-year-old Thinkpad that I use for travel, and I'll probably set it up on my desktop box before long. It aids the wet-ware if I habitually open an untrusted VM with a tightly-configured firewall and locked-down browser -- it simply makes it an obvious conscious decision when I move to a less-disposable, less-protected part of the OS. (Yeah, it can be done quite well with other solutions than Qubes. Personal pref.)

    Personally, I think that while Rutkowska's points are valid and of concern, my individual effort as a user is to do careful things with my hardware, OS and applications, and use them to help the wet-ware between my ears stay out of reach of the fruit-picking hackers.

    If any of that makes any sense. Type in haste, regret at leisure.

  26. 2+2=5 Silver badge

    Virtual processors might be part of the answer

    One option would be to create a secure virtual CPUs. So, in the same way that Java compiles to bytecode, and Pascal can compile to pcode, so we could create an open source (i.e. inspectable) byte-code interpreter / compiler that implements a virtual processor.

    Even though this would run on top of a physical Intel processor, use of an automated code-moving / memory moving design would mean that the real CPU would never know which bit of the running app to save to flash, or leak to the network etc as it would change with each run.

    Naturally performance would be relatively poor so its use would probably be limited to specific functions: encrypting emails for example. However, it would be a start until something that addresses weakness in the physical processor can be introduced.

    1. Anonymous Coward
      Anonymous Coward

      Re: Virtual processors might be part of the answer

      You did just use Java in your example here, right? And then mentioned that it might improve security in the same sentence?

      In general fast bytecode execution machines have a massive attack surface (because to make them fast enough to be useful you have to JIT the code which makes them very hard to verify), and have all of the bugs/vulnerabilities of the host CPU to worry about as well.

      You *can* make them secure (bytecode interpreters are commonly used in bank cards), but the secure ones are sllloooowwwwww because they are literally simple interpreter loops with validity checks on every memory access. You'd never convince anyone to use them for day-to-day use.

      1. Michael Wojcik Silver badge

        Re: Virtual processors might be part of the answer

        the secure ones are sllloooowwwwww because they are literally simple interpreter loops with validity checks on every memory access

        It's not the validity checks that really get you with a non-JITing interpreter; it's the instruction dispatch, which requires a lookup, and thus a load, for every instruction. Memory bandwidth and cache thrashing are what kill interpreter performance.

  27. Palpy

    Hmmm. Maybe not so much.

    With all respect for your ideas, I think that the Intel or AMD chip controllers will still run underneath any virtualization built on top of the CPU. If, for instance, you sensibly encrypt your HDD and then start up with a virtual CPU, the chip controllers will be able to see and export your decryption key because they run their own operating system and have access to your networking chipset even before the hardware CPU has a chance to create the virtual CPU.

    I think that if you run TAILS from a read-only CD, and access the Intertubes through TOR, the chipset controller will still see everything you do. And could, conceivably, report on it to whomever inserted a backdoor using vulnerabilities in the proprietary AMD or Intel controller software.

    I think so, anyway. But I'm a bit of a numpty, so I could be very, very wrong.

  28. Anonymous Coward
    Anonymous Coward

    For those interested

    Further, here are some reflections on "Possessing Mobile Devices" which appeared recently in IEEE Security & Privacy:

    Adams, A. A. : Possessing Mobile Devices

    Smartphones and tablet computers have an ownership model more akin to that of games consoles such as the Sony PlayStation than the PC. Given the ubiquity of these devices and their very broad capabilities and usage, this leaves users vulnerable to significant security and privacy violations. Rather than users possessing these devices, the devices are possessed by multiple third parties, to the detriment of users' rights.

    1. Palpy

      Re: "For those interested" -- nice link, thanks.

      Adams describes the reasons I have resisted owning a smart phone, and why I regard my (rooted) Android tablet as an untrusted toy; and one of the several reasons I have abandoned Windows:

      "There are psychological elements where individuals may feel their rights have or even their person has been violated where their legal rights or technical control over things they own do not match their expectations. ... [Bruce] Schneier called this the 'feudal security' model in blog posts. As in the feudal social model, the overlords are not trustworthy and the moral hazards of their position without strong external regulation leads them to abusive practices such as spying on users' locations without their knowledge."

      Rutkowska's presentation -- and the potential for pre-boot programs like UEFI to become lock-down mechanisms for preventing user control of the OS -- reminded us that some aspects of our PCs are currently "owned" by manufacturers. But for the nonce we can still choose to run OSes of our choice, and to control the programs running at the OS level.

      Perhaps in 10 years we'll look back on this as a Golden Age...

  29. Speltier

    You have to trust something

    And that is the nub of the problem. That something will have bugs; leveraging of the bugs is how the system is invaded by malefactors. The machine is never stateless in the truest sense, since the system contains firmware/software that has to be updated and itself is machine state. The barriers can certainly be increased.

    A close approximation is a "born in the factory PCI-HSM (or equivalent) device". PCI is getting close to the objective of removing untrusted supply chain, although still short on the trust of the firmware. PCI/TPM has not yet advanced to born in the factory died in the customer office paradigm, but that is the direction trusted systems are headed.

  30. Anonymous Coward
    Anonymous Coward

    Going back to dumb terminals ...

    ... would solve most of the concerns discussed here. The big problem is malware inserted remotely into end user devices, and this can be prevented when using hardcoded browser devices ("Internet terminals") that hold their code in ROM.

    No software downloads, period. Version upgrades ? Should be rare, if really needed see your trusted dealer. As a side effect, IT reliability will improve.

    Such hardcoded Internet terminals would not cover each and every use case we find on current PC's, but would bring a reasonable level of security for critical use cases like online shopping, online banking and the like. And it would still be legal to use PC's for fancy stuff needing more bells and whistles ...

    There was IT before we had PC's, smartphones & tablets. There were millions of end user devices like 3270's and VT100's, but there was no malware problem. Building dumb terminals with browser capabilities shouldn't be rocket science ...

    1. Charles 9 Silver badge

      Re: Going back to dumb terminals ...

      "There was IT before we had PC's, smartphones & tablets. There were millions of end user devices like 3270's and VT100's, but there was no malware problem. Building dumb terminals with browser capabilities shouldn't be rocket science ..."

      One problem. You just put the eggs in one basket, so to speak. Sure, there wasn't a big malware problem in decades past because the terminals weren't worth breaking, but hacking has existed as long as IT, too, and what was the big sci-fi element of the 80's? Hacking into those big honking systems that all the dumb terminals connected to. Sure, single point of defense, but also possibly single point of failure.

      1. Anonymous Coward
        Anonymous Coward

        Re: Going back to dumb terminals ...

        "... there wasn't a big malware problem in decades past because the terminals weren't worth breaking"

        Terminals were pretty expensive and were almost exclusively used for business transactions having real value - just think about banking, also including those automatic teller machines that have been around since the 70's. But malware was not applicable, as there was no software inside that could be tampered with. A big difference ...

        "... hacking has existed as long as IT, too ..."

        Yes, there was and still is the risk of insider fraud at the central site, and there are other ways to keep that under control. But protecting from threats coming via billions of vulnerable access points easily accessable from anywhere on the globe would be simple. And protecting the big server at the center is a lot easier if that one does not behave like a PC - for instance, has strong memory control mechanisms and strict separation between data and code, preventing remotely inserted data from becoming executable.

        By the way, the headline of the article refers just to trustworthy end user devices - and dumb Internet terminals would be a lot more trustworthy than the stuff we find connected to the Internet today.

        1. Charles 9 Silver badge

          Re: Going back to dumb terminals ...

          But at the same time, you reduce the attack surface, meaning hackers concentrate on the few places left, and as the saying goes, they only have to be lucky once. As for separation of code and data, that's impractical if one of the programs you have to run is a compiler or something else that must use the von Neumann blurring of code and data (data is code and code is data). Plus there's things like Return-Oriented Programming that can use existing code (and thus defeats both Data Execution Prevention and the Harvard separation of code and data) to do its work. Finally, the tighter you lock things, the slower you make the business until the economic factor kicks in. If you make things TOO tight that things can't get done, people start finding ways around your security. In the end, you have a business to run, and that business is run ultimately by people.

          1. Anonymous Coward
            Anonymous Coward

            Re: Going back to dumb terminals ...

            Thanks for admitting that dumb terminals aren't vulnerable to remotely inserted malware ...

            This fact clearly eliminates the biggest risk.

            Thanks also for being concerned about the central server. However, let's assume for a moment this is a kind of big iron system having a reasonably secure architecture (ie., is not based on PC technology). Well protected and extremely hard to break unless you are an insider and have local access. Plus rigid auditing in place. Such machines do exist. They also do run compilers (although typically not on production systems), however outside hackers won't get that far. Not sure who actually needs return-oriented programming - but again, outside hackers won't get that far to tamper with.

            No need to worry about performance. While contemporary PC technology provides us with huge amounts of cheap machine cycles, huge electricity bills and some concerns about how to get rid of all the heat produced, the efficiency in using all those machine cycles is actually rather poor. We can do more with less ...

            True, ultimately it's people who are running the business. When providing them with with less complex / easier to use systems with a very high degree of automation they have less reason to interfere -. which reduces operational errors as well.

    2. patrickstar

      Re: Going back to dumb terminals ...

      *choke**choke* CHRISTMA EXEC

    3. Michael Wojcik Silver badge

      Re: Going back to dumb terminals ...

      There were millions of end user devices like 3270's and VT100's,

      The 3270 isn't a dumb terminal. It's one of the quintessential smart terminals, in fact. Your argument might be stronger if you knew what you were talking about.

      Some 3270 models have enough firmware and do enough local processing that it's not at all improbable that they have exploitable bugs. And even in the feature set there are plenty of possible exploits under certain threat models. Partitions, local map sets, local character sets...

      And if the comms link isn't secure, all bets are off.

      The VT100 is a mostly-dumb terminal, but even it has enough features that it'd be unwise to include it's inherently "secure" under some non-trivial threat model. It has NVRAM. It has an answerback message, which might be changed to confuse a poorly-written host application. And again you have to trust the link.

      but there was no malware problem.

      That's rich, that is.

  31. phil dude

    artificial scarcity...

    I would like to suggest that part of the problem with hardware/software security, has been the business model of artificial scarcity.

    They sell you hardware then nobble it with software, so that you are now *not quite* using what you paid for.

    So there is a perverse incentive for companies to put *secrets* in their products to guard against consumers getting value for money.

    Any surprise the spooks can hide a backdoor when the whole industry is based upon obsfucation?


  32. patrickstar

    This assumes that persistence is a necessary, or even desirable, part of a compromise. Which is far from always the case, simply because it makes detection more likely and forensics/post-intrusion damage control much easier. Many systems - although perhaps desktops less so - are rebooted so infrequently that you will, at any point in time, have access to enough systems in an organization to regain access to everything even if some of them happen to be rebooted mid-operation.

    Plus many laptops tend to be suspended/hibernated as opposed to rebooted.

    Plus there are ways to survive atleast 'soft' reboots (eg. post OS upgrade, probably the most common reboot reason) without actually touching persistent storage (disk/firmware/etc).

    1. Anonymous Coward
      Anonymous Coward

      You forget that sometimes bugs don't show up UNTIL the reboot, which is why reboots are viewed with such trepidation in the enterprise and can seriously affect uptime. IOW, if something gets rebooted, there's a distinct chance it doesn't come back.

  33. CheesyTheClown

    Lots of whining, no real solutions

    Let's start with the external devices for storing all state... the answer is simply no. You're coming at this from completely the wrong angle. Your heart is in the right place, but it's still a huge resounding no.

    Let's consider yet another stinking external device. To make it practical, it would have to be something that is small enough to meaningfully be carried with your "Sexy laptop" or tablet. My computers range from 4" pocket PCs through 13" Surface Book PCs. Which means any external device should need to be the size of an SD card or MicroSD card... I lose about one of those a month unless I leave them permanently docked inside the PC which means they lost their external state.

    Hacking the computer externally will simply happen. It's going to happen, it always has and always will. So long as the networking stack of each operating system is constantly changing and growing, and as long as there will be 10-20 million new lines of code running on a system every 18 months, there will be security holes and the ones you're talking about aren't even nice low hanging fruits that hackers love. Your talking about hacks which require real work to be involved. I used 23 hours to decrypt an iPhone 6S that was a much lower hanging fruit than you're talking about and to do it, I had to destroy 4 of them, one by placing it in the oven to get the chips off.

    What you really want is some more reliable method of protecting users....

    1) We need something like ME, it should be universal, being open would be a bonus, but universal should be available. This will be a major insecure hacking target for 15 years... it'll be like Linux or OpenBSD or Windows... too complex to ever really secure.

    2) We need a means of securing the system to lock stuff down. This means signed code on the ME processors. The signing should be verified in hardware only. This means every single patch and update will need to be signed by the ME vendor.. IE Intel.

    3) We need a way of wiping a system... JTAG/Serial is best. Let's have a set of tools which requires simply applying power to the system and require that every chip which holds state must be able to recognize a full wipe command and respond with progress and when finished. This will make it so that every device should have a standard connector... something extremely simple like a 0.5mm by 0.1mm by 1mm deep slot with four wires that will allow connection to a USB dongle that can be used to fully wipe a device. This means that even smart watches can have the connector on it. The benefit of this is that flash chips, etc... can all be connected to this and all devices connected to this bus will enumerate and respond. If a device is not able to respond, the computer should be considered compromised and/or possibly dead. As part of the ME processor (for example) there should be a small memory region which describes the devices which should be reachable over this bus.

    Let's :

    a) recognize that ME is here to stay because if you take my ME/AMT away I'll cry... try managing thousands of computers for a few days without the ability to ... well manage them and you'll kill yourself. ME is a mandatory human safety system.

    b) recognize there's no possible way you'll ever have "a simple FPGA" that does what you want... mainly because what you mentioned isn't an FPGA thing... it would certainly have an FPGA, but it's not really something hybrid instead.

    c) Recognize that you'll never ever ever have a stateless machine. It's just not going to happen. Every possible way of doing this is completely flawed because it requires carrying more crap. Wired crap will have to be some sort of card. Wireless crap would require some sort of stored keys on the computer and the external device to secure them... meaning that the device is no longer stateless so might as well say screw that.

    d) There simply will never be a secure computer. You're correct that ARM vs. x86 is irrelevant... For example, Qualcomm, nVidia, TI all make ARM processors where ARM is little more than "the standard part" of the CPU. The vendor specific stuff in any of those three vendors is extensive. Consider radio controllers for GSM and LTE which generally don't run in software on the ARM chip as that would require all operating systems to be power sucking RTOSes. In reality, there's no point in even pondering a secure computer.

    1. Anonymous Coward
      Anonymous Coward

      Re: Lots of whining, no real solutions

      In other words - there is no hope for a reasonable level of securitiy within the overly complex IT environment that has been created over the last decades.

      We need a change of paradigm. We need simplicity.

      1. Charles 9 Silver badge

        Re: Lots of whining, no real solutions

        Except most of the complexity came out of necessity, out of demand. You'd have to paradigm shift the people along with the computer, and if history is any indication, all you can say is, "Good Luck!"

  34. Hans 1

    Libreboot, anyone ?

    Weird nobody else came up with this ... but hey ...

    DISCLAIMER, I do not work for them, that is a link to a server. They have laptops, with Core 2 Duo's (ROFL), but if security is what you want ...

    1. Palpy

      Re: "Libreboot, anyone ?"

      Interesting project.

      But I think that the chipset controller executes separately from BIOS. Whether before or concurrently I do not quite know.

      Almost everyone on this comment thread knows more than I do, but what I get out of the presentation is that the controller comes on line to manage (among other things) the CPU itself -- there are somewhere between half a billion and 1.5 billion transistors and associated circuitry to orchestrate. It's a complex bit of programming to accomplish that control. The ME software is in flash memory along with the BIOS, but it is separate from the BIOS and neither the BIOS nor the OS can access the ME sector of the flash memory. It's not quite a bottom turtle, because something has to boot it (ie, the flash descriptor). But it is very near the bottom.


      What Rutkowska points out is that this hardware control program has become complex enough to be considered an operating system. In particular, it has robust networking and encryption-decryption capabilities. It can facilitate outside control of the computer, manipulate disk encryption keys, and perform identification functions on the machine (see slides 7 and 8 of the linked slideshare presentation, for instance).

      So I guess the point is, Libreboot would replace the BIOS, but it would do nothing to replace or disable the ME programming. It can't; it's prohibited from accessing the ME sector.

      As many have pointed out, virtually all of us have to trust something. And so far, we don't know that this attack sector is being exploited in the wild. From what little I understand, at least in Intel's ME there is a lot of code verification, secure keys, and output scrambling employed to defeat attempt to hack or reverse-engineer the programming.

      Good enough? Secure enough? Dunno. There are reasons for concern, certainly. It may be a fact of life in 2016 that a nation-state-level attacker WILL get in by using an Intel or AMD or other chipset management program that runs outside the OS, outside the BIOS, and cannot be disabled without terminally bricking the motherboard. It could be that Snowden V.2.0 will pop up and reveal that we are all completely, utterly pwned via our chipsets, and have been for decades.

  35. Anonymous Coward
    Anonymous Coward

    What if you...

    Dont take precautions and shove your trusted stick into an infected or otherwise shifty slot during a moment of weakness/drunkness without looking before you leap?

    Im bagging the patent rights for a hot desking condom for your "trusted stick" right now.

  36. Anonymous Coward
    Anonymous Coward

    Stateless and trusted

    These ideas are available in the mil/aero marketplace (and apparently slot-machines).

    Hardware write-protection of all storage devices can be used for stateless PC's, Routers, Firewalls, etc. once they have been factory programmed. (Some versions of Windows, and most Linux, VxWorks, etc. can be run on write-protected hardware.)

    Trusted boot mechanisms are available on both Intel and PPC platforms.

    The only real fly-in-the-ointment is the binary FSP blob that you have to run on the latest Intel processors to get the memory working (although Purism at are working on this)

    1. Charles 9 Silver badge

      Re: Stateless and trusted

      Problem is, one of the adversaries is The State, and they have the resources to subvert the system at the factory, possibly even at the hardware level. How do you deal with such an adversary?

  37. John Smith 19 Gold badge

    Intel "All your operating systems belong to us."

    Microsoft please take note.

    It's like the end of a love affair between two psychopaths*

    *The default "corporate personality" of publicly quoted companies.

    Anything better is entirely down to the characters of senior management either a)being decent human beings (not merely thinking they are) or b)wanting their companies behavior to better than their private behavior.

    IMHE both are as common as rocking horse droppings.

  38. Gel

    The ME chip could have RF receive on it.

    Then, on command, it could transmit, forming a network connection.

    The security services would love it. The ability to hack into any PC, even air gapped PCs?

    We could only detect it while it was being hacked by security services. This would make it very hard for security researchers to detect.

    1. Charles 9 Silver badge

      But what if it's contained in a radio-opaque case, which is actually used in some devices in order to comply with FCC standards (not to transmit excessive interference)? Then even if the chip can operate in radio, it can't receive anything and nothing it transmits would likely be able to escape the case. Plus EMI might be detectable with the right sensors, tripping alarms. So perhaps hijacking an existing device like the keyboard: say you use a knock sequence and then read RF off a cable or carefully decide blinking lights (say the lock indicators standard on any PC keyboard).

  39. trillyuk

    Horses for courses

    An interesting article as shows someone or some entity determined enough is likely to find a way of extracting what they want if they try hard enough. Here is the point though, like home security we do not all make our homes like Fort Knox and yet the threat of forced entry is real to a greater or lesser extent were you live. for those in the UK.

    So the measures we take to protect ourselves and I expect most people that have contributed to this thread are most likely to be in proportion to a perceived threat(s) and value of what we are trying to protect. One person view is liable to differ from another about what measures are appropriate.

    I would expect if ME could be identified as a source of a mass leak of data that say affected users bank accounts it would be disabled in some way. I would expect the use of a microphone to transmit sensitive data, at least at the moment is going to be in the realm of 007 antics, possible, but unlikely for the general population. Moreover, while users continue to click in droves in email links until this becomes an unproductive way of obtaining data the potential of using ME or similar seems restricted again to the 007 and Q’s of this world.

    My concern is that if I am sitting in GCHQ and being aware of what the possibilities are what measures do you put in place? Actually, I do not want to know, just that someone is doing something about it and protecting us and building the Digital Fort Knox for stuff that matters.

    1. Charles 9 Silver badge

      Re: Horses for courses

      The problem here is that the barrier for "trying hard enough" is getting lower and lower. Plus, in the realm of international espionage, money is much less an object then usual, yet the technology from that eventually trickles down, making it much easier to hack for fun and profit rather than for politics. Also, they're trying to blanket the coverage, turning it into a Hobson's choice of live with it or go without, and the latter becomes a matter of whether or not it's practical (or even viable, given there's still the chance of moles) in a modern world.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022