Disable Intel’s Backdoor On Modern Hardware

June 16, 2020 by Bryan Cockfield 42 Comments

While the Intel Management Engine (and, to a similar extent, the AMD Platform Security Processor) continues to plague modern computer processors with security risks, some small progress continues to be made for users who value security of the hardware and software they own. The latest venture in disabling the ME is an ASRock motherboard for 8th and 9th generation Intel chips. (There is also a link to a related Reddit post about this project).

First, a brief refresher: The ME is completely removable on some computers built before 2008, and can be partially disabled or deactivated on some computers built before around 2013. This doesn’t allow for many options for those of us who want modern hardware, but thanks to a small “exploit” of sorts, some modern chipsets are capable of turning the ME off. This is due to the US Government’s requirement that the ME be disabled for computers in sensitive applications, so Intel allows a certain undocumented bit, called the HAP bit, to be set which disables the ME. Researchers have been able to locate and manipulate this bit on this specific motherboard to disable the ME.

While this doesn’t completely remove the firmware, it does halt all execution of code in a way that is acceptable for a large governmental organization, so if you require both security and modern hardware this is one of the few ways to achieve that goal. There are other very limited options as well, but if you want to completely remove the ME even on old hardware the process itself is not as straightforward as you might imagine.

Header image: Fritzchens Fritz from Berlin / CC0

Magnetic Bubble Memory Farewell Tour

April 19, 2020 by Al Williams 13 Comments

There’s something both satisfying and sad about seeing an aging performer who used to pack a full house now playing at a local bar or casino. That’s kind of how we felt looking at [Craig’s] modern-day bubble memory build. We totally get, however, the desire to finish off that project you thought would be cool four decades ago and [Craig] seems to be well on the way to doing just that.

If you don’t recall, bubble memory was going to totally wipe out the hard drive industry back in the late 1970s and early 1980s. A byproduct of research on twistor memory, the technology relied on tiny magnetic domains or bubbles circulating on a thin film. Bits circulated to the edge of the film where they were read using a magnetic pickup. Then a write head put them back at the other edge to continue their journey. It was very much like the old delay line memories, but with tiny magnetic domains instead of pressure waves through mercury.

We don’t know where [Craig] got his Intel 7110 but they are very pricey nowadays thanks to their rarity. In some cases, it’s cheaper to buy some equipment that used bubble memory and steal the devices from the board. You can tell that [Craig] was very careful working his way to testing the full board.

Because these were state-of-the-art in their day, the chips have extra loops and would map out the bad loops. Since the bubble memory is nonvolatile, that should be a one time setup at the factory. However, in case you lost the map, the same information appears on the chip’s label. [Craig’s] first test was to read the map and compare it to the chip’s printed label. They matched, so that’s a great sign the chip is in good working order and the circuit is able to read, at least.

We’ve talked about bubble memory before along with many other defunct forms of storage. There were a few military applications that took advantage of the non-mechanical nature of the device and that’s why the Navy’s NEETS program has a section about them.

New Part Day: Battery-Less NFC E-Paper Display

March 22, 2020 by Erin Pinheiro 30 Comments

Waveshare, known for e-ink components aimed at hobbyists among other cool parts, has recently released a very interesting addition to their product line. This is an enclosed e-ink display which gets updated over a wireless NFC connection. By that description, nothing head-turning, but the kicker is that there is no battery inside the device at all, as it harvests the energy needed from the wireless communication itself.

Just like wireless induction charging in certain smartphones, the communication waves involved in NFC can generate a small current when passing through a coil, located on this device’s PCB. Since microcontrollers and e-ink displays consume a very small amount of current compared to other components such as a backlit LCD or OLED display, this harvested passive energy is enough to allow the display to update. And because e-paper requires no power at all to retain its image, once the connection is ended, no further battery backup is needed.

The innovation here doesn’t come from Waveshare however, as in 2013 Intel had already demoed a very similar device to promising results. There’s some more details about the project, but it never left the proof of concept stage despite being awarded two best paper awards. We wonder why it hadn’t been made into a commercial product for 5 years, but we’re glad it’s finally here for us to tinker with it.

E-paper is notorious for having very low refresh rates when compared to more conventional screens, much more so when driven in this method, but there are ways to speed them up a bit. Nevertheless, even when used as designed, they’re perfectly suited for being used in clocks which are easy on the eyes without a glaring backlight.

[Thanks Steveww for the tip!]

An RF Engineer’s FPGA Learning Journey

March 12, 2020 by Al Williams 3 Comments

[KF5N] admits he’s not a digital design engineer; he’s more into the analog RF side of things. But he’s recently taken on a project to communicate between a Ubuntu box and an Intel MAX10 FPGA. He did a presentation at a recent ham radio convention about what he’d learned and how you could get started.

The video talks a lot about the Intel (used to be Altera). However, the nearly 40 minute video after the break isn’t a step-by-step tutorial so even if you are interested in other devices, you’ll probably enjoy watching it. If you’ve programmed even one FPGA, this video likely won’t hold your interest — you aren’t the target audience. However, at about 00:31 he does recommend some books and some very inexpensive FPGA boards, so it’s not a total wash.

[KF5N] talks about what an FPGA is and how it’s different from a microcontroller. He also recommends Cornell’s [Bruce Land’s] course materials. He wasn’t a big fan of the online courses he tried. Of course, since he’s using an Intel chip, he also recommended the Intel courses. A lot of the video covers how to save on getting a development board. The Cornell class calls for a $250 board that is pretty powerful. That’s also pretty expensive, so he recommends a lighter version for about $85.

He also talks about the toolchain and his project to interface to his Linux box. He wound up with an SPI interface that ran up to 30 MHz. He also talks about using Julia to build a driver to talk to the interface on the PC side.

We didn’t notice him mentioning our own FPGA bootcamp, although he did mention projects on Hackaday.io. If you want to see a similar video but with open source tools, [David Williams] did a talk at Superconference that gives the same kind of overview but with Yosys and other related tools.

Continue reading “An RF Engineer’s FPGA Learning Journey” →

Unlocking Hidden Potential In IvyBridge ThinkPads

February 3, 2020 by Bryan Cockfield 37 Comments

Upgrading the BIOS in older computers is a great way to get a few more years of life out of old hardware or improve its performance. ThinkPads are a popular choice around these parts, but often flashing new firmware involves directly programming the chips themselves. Luckily, there’s a new flashing tool for some older Thinkpads that is much simpler.

The ThinkPads involved are the xx30 models with IvyBridge processors built around 2012, and a tool called 1vyrain now allows unlocking the bios without disassembling your computer. This means that there’s support for custom BIOS images such as coreboot, and in certain computers this also allows for overclocking, replacing WLAN hardware, and a number of other customizations. It will also allow you to disable the Intel management engine, which is not something we tire of talking about.

If you have one of these older computers floating around, some new RAM, an SSD, and this update will get you well on your way to a computer that feels brand new at virtually no cost, and the upgrades to the BIOS that you can easily make now only add to that. ThinkPads are a popular choice, especially for their hardware, but you do need to make sure that the software on them is trustworthy too.

Header image: Ashley Pomeroy [CC BY-SA 4.0].

Factory Laptop With IME Disabled

January 28, 2020 by Bryan Cockfield 36 Comments

Unfortunately not all consumers place high value on the security of their computers, but one group that tends to focus on security are businesses with a dedicated IT group. When buying computers for users, these groups tend to have higher demands, like making sure the Intel Management Engine (IME) has been disabled. To that end, Reddit user [netsec_burn] has outlined a pretty simple method to where “normal people” can purchase one of these IME-disabled devices for themselves.

For those unfamiliar with the IME, it is a coprocessor on all Intel devices since around 2007 that allows access to the memory, hard drive, and network stack even when the computer is powered down. Intel claims it’s a feature, not a bug, but it’s also a source of secret, unaudited code that’s understandably a desirable target for any malicious user trying to gain access to a computer. The method that [netsec_burn] outlined for getting a computer with the IME disabled from the factory is as simple as buying a specific Dell laptop, intended for enterprise users, and selecting the option to disable the IME.

Of course Dell warns you that you may lose some system functionality if you purchase a computer with the IME disabled, but it seems that this won’t really effect users who aren’t involved in system administration. Also note that this doesn’t remove the management engine from the computer. For that, you’ll need one of only a handful of computers made before Intel made complete removal of the IME impossible. In the meantime, it’s good to see that at least one company has a computer available that allows for it to be disabled from the factory.

CPU Showdown For Pancakes

October 11, 2019 by Al Williams 27 Comments

If you ask people how they rate as a driver, most of them will say they are better than average. At first, that seems improbable until you realize one thing: people judge themselves by different criteria. So Sally thinks she’s a good driver because she goes fast. Tom’s never had a wreck. Alice never gets lost. You can see the same effect with CPUs. Some are faster or have more memory bandwidth or more instruction issues per cycle. But [Andrew] and [Scharon] at Tom’s Hardware wanted to do the real test of a CPU. How well can it cook pancakes? If you want to know, see the video below.

While your CPU might be great for playing video games, it has a surprisingly small cooking surface, so the guys needed a very small pan. The pan had grooves in it, so they slathered it with thermal grease. We doubt that’s food-grade grease, either. Continue reading “CPU Showdown For Pancakes” →