Why Rosyna can’t take a movie screenshot

Given that the ME sits in a position where it can configure the chipset and operate on the PCI bus, there are some serious security implications here I wish I could mitigate. Among them is the ability of the ME to run arbitrary code on the host CPU via option ROMs or presenting a disk-drive to boot from. Also among those abilities is the possibility to perform DMA to access host CPU memory. And another one is the ability to configure and use PCI devices present in the system (such as the ethernet card).

As a consumer, I didn’t ask for these features. It’d be great to turn them all off. A hardware switch even. And BIOS settings do have a way to “Disable” the ME. But is it truly disabled? It will still run some code at startup I assume. And given that the Intel ME’s security model requires that the host CPU is less privileged than the Intel ME, how can the host CPU really turn it off? One example of how the ME is more privileged is the ability to walk around VT-d configuration when performing memory access, which is possibly something required to make PAVP secure.

Baseband processors, FireWire, Apple’s Thunderbolt, IME – you may think your operating system is secure, and even if that were true (it isn’t), there’s still dozens of little pieces of firmware in every machine you own – from your smartwatch to your car – which are closed off, impenetrable black boxes of crappy, insecure code.

As for who or what ‘Rosyna’ is – I think she or he is a person the author knows. Took me a little while to figure that one out (I thought it was a computer program at first). Not really relevant to the story at hand, but I figured I’d save you the confusion.

8 Comments

  1. 2015-01-04 2:49 pm
  2. 2015-01-04 3:27 pm
  3. 2015-01-04 7:14 pm
  4. 2015-01-05 5:24 pm
    • 2015-01-07 4:02 pm