AMT technologyIntel Active Management Technology (AMT) is hardware-based technology for remotely managing and securing PCs out-of-band.

ME abbreviation in terminology of Intel – is Management Engine, actually analog of the equipment of BMC for servers. I will explain for those who doesn’t know.

AMT technology and elusive ME

Computing systems need to be manage, in the elementary case they have a keyboard, the monitor, the mouse (so-called KVM) and the management via them carries out demanded operations. But imagine the server room, which set hundreds of servers, naturally controlled via KVM impossible. Therefore the standard of remote management and monitoring of computing systems (IPMI) was developed for servers, it is realized in special blocks of called ВМС (Bloc of Management of System).

ВМС is a special card plugged into a server via a special connector on the card is a microprocessor with its own operating system (usually Linux), and the network adapter for the organization selected local service network management of all servers. ВМС and interface to the computer installation standardized, industry-standard IPMI describes the requirements to block the ВМС and the communication interface with the computer system. In the market there are many manufacturers produce such control units and software for them.

Operator remotely, even from another continent, can through the network to manage any server, but this equipment is required to perform the ВМС monitoring and troubleshooting servers. Convenient and practical in terms of security, such a system is vulnerable only when connecting service network to the Internet, but it is a question by the topology of the network of services to developers.

Intel corporation in 2006, made a quiet creeping revolution, it has built ВМС into the South Bridge server chipset and changed the scheme of the connection.

Also in the same year, Intel in its chipsets for desktop and notebook  built in analogs of ВМС the chipsets and called this equipment Management Engine (ME) of technology realized on it have the name AMT and V-PRO. That’s almost a full description of the functions of these technologies from the official documentation of the company Intel:

Intel Management Engine

ME equipment is located in the southern bridges, until recently, the company claimed that it is located in the north of the bridge, in the era Core the equipment had been built directly into the processor chip. But this is all assumptions, documentation IU and Navy firm Intel does not provide, just draws them black squares and represent only the external interfaces. Currently, the technology V-PRO is not used, its functionality has settled into a new version of the eighth edition of AMT technology.

ВМС and ME are microprocessor systems have their own memory and the access channel to the network adapter on the individual MAC address. The power supply to the equipment is from the duty power supply, ie, they are efficient even without the main computer unit.

Programs for the microcontroller ВМС and ME located in the flash memory is encrypted, the encryption keys are stored in the microcontroller software loader (ROM within the south bridge), and no one knows. Part of the software modules in the flash memory is not encrypted, but are protected from modification hash sums. That’s about the only official description of the function equipment blocs ME in the documentation of Intel:

Management Engine

Which chip is now in these systems is not known, but earlier in the documentation indicates RISC processor ARC.

In contrast to classic ВМС, the company that makes a mockery on the Intel security, the security of these systems can be discussed only if you trust the developer (Intel) and the manufacturer, which “fills” the firmware in flash memory – to China.

Let me explain what the problem is, in fact several of them:

  • The first is the issue of trust, it is unknown what kind of programs are being implemented in the ME and ВМС of the company Intel. Program encoded on a symmetric algorithm AES-256 encryption key is not available, the architecture of the processor on which they run is also unknown.
  • Second, the equipment of these blocks is not described in the documentation, but only drawn squares with external interfaces. It is not known what opportunities it has in reality and how to control third-party software developers. As mentioned earlier there is not even accurate information about the location of this equipment in a specific chip.
  • Third, equipment ME and ВМС is not isolated from the main computer equipment installation through a standard interface IPMI. Equipment directly connected to the memory and the system bus. Accordingly, it can control the information resources (such as disk system, OP) and control of the computational process on the basic equipment of a computer system.
  • Fourthly, the service network traffic will not through a special dedicated network adapter, and tunneled through the network adapters general placed on the motherboard or connected through the expansion slots (PCI-E).
  • Fifth, the service network traffic can only be controlled by external equipment, legal means of controlling the level of the operating system service packs of traffic just do not see them through the control of the OS does not pass. And if the network adapter is working on a local network or on the internet, the software operates in the interior of ME and ВМС will automatically receive access to a data network.
  • And in the sixth, ME and ВМС equipment is not controlled at the level of the operating system, you can not interfere in its work or just to check the current status. The information that is obtained through the official driver of AMT is out, is not a system of independent monitoring.

In fact, from 2005, all computer systems Intel is in addition to the basic equipment is another full-fledged computer with an independent connection to the unknown to the functional software, access to which the holder has no equipment. Moreover, this “shadow” the computer can control all the processes taking place on the main computer unit.

Intel Active Management Technology – Wikipedia
Intel® Active Management Technology: http://www.intel.com/content/www/us/en/architecture-and-technology/intel-active-management-technology.html

Advertisements