intel

111 Articles

Neutralizing Intel’s Management Engine

November 28, 2016 by 189 Comments

Five or so years ago, Intel rolled out something horrible. Intel’s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we can’t even look at the code. When — not ‘if’ — the ME is finally cracked open, every computer running on a recent Intel chip will have a huge security and privacy issue. Intel’s Management Engine is the single most dangerous piece of computer hardware ever created.

Researchers are continuing work on deciphering the inner workings of the ME, and we sincerely hope this Pandora’s Box remains closed. Until then, there’s now a new way to disable Intel’s Management Engine.

Previously, the first iteration of the ME found in GM45 chipsets could be removed. This technique was due to the fact the ME was located on a chip separate from the northbridge. For Core i3/i5/i7 processors, the ME is integrated to the northbridge. Until now, efforts to disable an ME this closely coupled to the CPU have failed. Completely removing the ME from these systems is impossible, however disabling parts of the ME are not. There is one caveat: if the ME’s boot ROM (stored in an SPI Flash) does not find a valid Intel signature, the PC will shut down after 30 minutes.

A few months ago, [Trammell Hudson] discovered erasing the first page of the ME region did not shut down his Thinkpad after 30 minutes. This led [Nicola Corna] and [Frederico Amedeo Izzo] to write a script that uses this exploit. Effectively, ME still thinks it’s running, but it doesn’t actually do anything.

With a BeagleBone, an SOIC-8 chip clip, and a few breakout wires, this script will run and effectively disable the ME. This exploit has only been confirmed to work on Sandy Bridge and Ivy Bridge processors. It should work on Skylake processors, and Haswell and Broadwell are untested.

Separating or disabling the ME from the CPU has been a major focus of the libreboot and coreboot communities. The inability to do so has, until now, made the future prospects of truly free computing platforms grim. The ME is in everything, and CPUs without an ME are getting old. Even though we don’t have the ability to remove the ME, disabling it is the next best thing.

New Part Day: A Truly Secure Workstation

September 19, 2016 by 87 Comments

There is a chain of trust in every modern computing device that starts with the code you write yourself, and extends backwards through whatever frameworks you’re using, whatever OS you’re using, whatever drivers you’re using, and ultimately whatever BIOS, UEFI, Secure Boot, or firmware you’re running. With an Intel processor, this chain of trust extends to the Intel Management Engine, a system running independent of the CPU that has access to the network, USB ports, and everything else in the computer.

Needless to say, this chain of trust is untenable. Any attempt to audit every line of code running in a computer will only be met with frustration. There is no modern Intel-based computer that is completely open source, and no computer that can be verified as secure. AMD is just as bad, and recent attempts to create an open computing platform have met with frustration. [Bunnie]’s Novena laptop gets close, but like any engineering task, designing the Novena was an exercise in compromise. You can get around modern BIOSes, coreboot still uses binary blobs, and Libreboot will not be discussed on Hackaday for the time being. There is no modern, completely open, completely secure computing platform. They’re all untrustworthy.

The Talos Secure Workstation, from Raptor Engineering, an an upcoming  Crowd Supply campaign is the answer to the untrustworthiness of modern computing. The Talos is an effort to create the world’s first libre workstation. It’s an ATX-compatible motherboard that is fully auditable, from schematics to firmware, without any binary blobs.

Continue reading “New Part Day: A Truly Secure Workstation”

The Surprising Story Of The First Microprocessors

September 15, 2016 by 16 Comments

If you maintain an interest in vintage computers, you may well know something of the early history of the microprocessor, how Intel’s 4-bit 4004, intended for a desktop calculator, was the first to be developed, and the follow-up 8008 was the first 8-bit device. We tend to like simple stories when it comes to history, and inventions like this are always conveniently packaged for posterity as one-off events.

In fact the story of the development of the first microprocessors is a much more convoluted one than it might appear, with several different companies concurrently at the forefront of developments. A fascinating recent IEEE Spectrum piece from [Ken Shirriff] investigates this period in microprocessor design, and presents the surprising conclusion that Texas Instruments may deserve the crown of having created the first 8-bit device, dislodging the 8008 from its pedestal. Continue reading “The Surprising Story Of The First Microprocessors”

Intel Makes A Cool Robot Brain In Latest Attempt To Pry Hackers From Their Wallets

August 26, 2016 by 25 Comments

Hackerboards got a chance to sit down with Intel’s latest attempt to turn hackers into a willing and steady revenue stream, the, “Euclid.” The board is cool in concept, a full mini computer with stereo cameras, battery, Ubuntu, and ROS nicely packaged together.

We would be more excited if we knew how much it costs, but in principle the device is super cool. From a robotics research perspective it’s a sort of perfect package. ROS is a wonderful distributed and asynchronous robotic operating system, test, and development platform. The Intel developers designed this unit around the needs of ROS and it comes pre-installed on the camera.

For those who haven’t used ROS before, this is a really cool feature. ROS is natively distributed. It really doesn’t care where the computer supplying its data lives. So, for example, if you already had a robot and wanted to add stereo vision to it. You could offload all the vision processing components of your existing ROS codebase to the Euclid and continue as if nothing changed.

The other option is to use the board as the entire robot brain. It’s self contained with battery and camera. It’s a USB to serial connection away from supercharging any small robotics project.

Unfortunately the board is still a demo, and based on Intel’s history, likely to be too expensive to lure ordinary hackers away from the RasPis and import cameras they already know how to hack together into more or less the same thing. Universities will likely be weak at the knees for such a development though.

Intel Releases The Tiny Joule Compute Module

August 17, 2016 by 85 Comments

At the keynote for the Intel Developers Forum, Intel CEO Brian Krzanich introduced the Intel Joule compute module, a ‘maker board’ targeted at Internet of Things developers. The high-end board in the lineup features a quad-core Intel Atom running at 2.4 GHz, 4GB of LPDDR4 RAM, 16GB of eMMC, 802.11ac, Bluetooth 4.1, USB 3.1, CSI and DSI interfaces, and multiple GPIO, I2C, and UART interfaces. According to the keynote, the Joule module will be useful for drones, robotics, and with support for Intel’s RealSense technology, it may find a use in VR and AR applications. The relevant specs can be found on the Intel News Fact Sheet (PDF).

This is not Intel’s first offering to the Internet of Things. A few years ago, Intel partnered up with Arduino (the Massimo one) to produce the Intel Galileo. This board featured the Intel Quark SoC, a 400MHz, 32-bit Intel Pentium ISA processor. It was x86 in an Arduino format. This was quickly followed by the Intel Edison based on the same Quark SoC, which was followed by the Intel Curie, found in the Arduino 101 and this year’s DEF CON badge.

We’ve seen plenty of Intel’s ‘maker’ and Internet of Things offerings, but we haven’t seen these platforms succeed. You could spend hundreds of thousands of dollars in market research to determine why these platforms haven’t seen much success, but the Hackaday comments will tell you the same thing for free: the documentation for these platforms is sparse, and nobody knows how to make these boards work.

Perhaps because of the failures of Intel’s IoT market, the Joule differs significantly from previous offerings. Although it can be easily compared to the Raspberry Pi, Beaglebone, and a hundred other tiny single board computers, the official literature for the Joule makes a comparison between it and the Nvidia Jetson easy. The Nvidia Jetson is a high-power, credit card-sized ‘supercomputer’ meant to be a building block for high-performance applications, such as drones and anything that requires video or a very fast processor. The Joule fits into this market splendidly, with demonstrated applications including augmented reality safety glasses for Airbus employees and highway patrol motorcycle helmet displays. Here, the Joule might just find a market. This might even be the main focus of the Joule – it can be integrated onto Gumstix carrier boards, providing a custom single board computer with configurable displays, connectors, and sensors.

The Intel Joule lineup consists of the Joule 570x and 550x, with the 550x being a bit slower, a Gig less RAM, and half as much storage. They will be available in Q4 2016 from Mouser, Newegg, and other Intel reseller partners.

Building A Flamethrower Guitar To Really Rock Out With

May 25, 2016 by 38 Comments

Everyone’s favorite safety-tie-wearing-eccentric-inventor, [Colin Furze], is back at it again, this time making a flamethrower guitar — sponsored by Intel!?

As an ex-plumber, [Furze] is a master fabricator, and he’s brought many amazing mechanical inventions to life. In this video, perhaps for the first time, he’s integrated an Intel Curie Arduino in it, for a bit more fine control.

He’s hacked apart a couple of propane blow-torches, milled and lathed his own fittings and manifolds, and even TIG welded together a pressure vessel for the fuel — kids, do not try this at home!

The two blowtorches act as pilot lights for a third gas supply line to make the big firing explosion — the plan for the Arduino? To blast off the fire at certain parts during the song, add timing, or even just set up some cool patterns.

Did we mention he’s also got his own custom propane fueled guitar amp to go with it??

Continue reading “Building A Flamethrower Guitar To Really Rock Out With”

Don’t Take Photos Of Your Arduino 101 Either, It’s Light Sensitive

May 5, 2016 by 41 Comments

Wafer level chips are cheap and very tiny, but as [Kevin Darrah] shows, vulnerable to bright light without the protective plastic casings standard on other chip packages.

We covered a similar phenomenon when the Raspberry Pi 2 came out. A user was taking photos of his Pi to document a project. Whenever his camera flash went off, it would reset the board.

[Kevin] got a new Arduino 101 board into his lab. The board has a processor from Intel, an accelerometer, and Bluetooth Low Energy out of the box while staying within the same relative price bracket as the Atmel versions. He was admiring the board, when he noticed that one of the components glittered under the light. Curious, he pulled open the schematic for the board, and found that it was the chip that switched power between the barrel jack and the USB. Not only that, it was a wafer level package.

So, he got out his camera and a laser. Sure enough, both would cause the power to drop off for as long as the package was exposed to the strong light. The Raspberry Pi foundation later wrote about this phenomenon in more detail. They say it won’t affect normal use, but if you’re going to expose your device to high energy light, simply put it inside a case or cover the chip with tape, Sugru, or a non-conductive paint to shield it.

EDIT: [Kevin] also tested it under the sun and found conditions in which it would reset. Videos after the break.

Continue reading “Don’t Take Photos Of Your Arduino 101 Either, It’s Light Sensitive”