0
In addition, thanks to Minnich and his fellow researchers’ work, MINIX is running on three separate x86 cores on modern chips. There, it’s running:
TCP/IP networking stacks (4 and 6)File systemsDrivers (disk, net, USB, mouse)Web servers
MINIX also has access to your passwords. It can also reimage your computer’s firmware even if it’s powered off. Let me repeat that. If your computer is “off” but still plugged in, MINIX can still potentially change your computer’s fundamental settings.
And, for even more fun, it “can implement self-modifying code that can persist across power cycles”. So, if an exploit happens here, even if you unplug your server in one last desperate attempt to save it, the attack will still be there waiting for you when you plug it back in.
How? MINIX can do all this because it runs at a fundamentally lower level.
x86-based computers run their software at different privilege levels or “rings”. Your programs run at ring three, and they have the least access to the hardware. The lower the number your program runs at, the more access they have to the hardware. Rings two and one don’t tend to be used. Operating systems run on ring zero. Bare-metal hypervisors, such as Xen, run on ring -1. Unified Extensible Firmware Interface (UEFI) runs on ring -2. MINIX? It runs on ring -3.
You can’t see it. You can’t control it. It’s just humming away there, running your computer. The result, according to Minnich is “there are big giant holes that people can drive exploits through.” He continued, “Are you scared yet? If you’re not scared yet, maybe I didn’t explain it very well, because I sure am scared.”
What’s the solution? Well, it’s not “Switch to AMD chips”. Once, AMD chips didn’t have this kind of mystery code hidden inside it, but even the latest Ryzen processors are not totally open. They include the AMD platform security process and that’s also a mysterious black box.
What Minnich would like to see happen is for Intel to dump its MINIX code and use an open-source Linux-based firmware. This would be much more secure. The current software is only secured by “security by obscurity”.
Changing to Linux would also enable servers to boot much faster. According to Minnich, booting an Open Compute Project (OCP) Server takes eight minutes thanks to MINIX’s primitive drivers. With Linux it would take less than 17 seconds to get to a shell prompt. That’s a speedup of 32 times.
There’s no reason not to make this improvement. Minnich noted, “There are probably 30 million-plus Chromebooks out there and when your Chromebook gets a new BIOS, a new Linux image is flashed to firmware and I haven’t heard of any problems.”
Specifically, Minnich proposes that Intel, and AMD for that matter:
Make firmware less capable of doing harmMake its actions more visibleRemove as many runtime components as possibleIn particular, take away its web server and IP stackRemove the UEFI IP stack and other driversRemove ME/UEFI self-reflash capabilityLet Linux manage flash updates
Over this, the new Linux firmware would have a userspace written in Go. Users would work with this Linux shell using familiar commands. This would give them a clear view of what was happening with the CPU and other system components.
At the same time, since UEFI is so easy to hack, he wants the “UEFI ROM reduced to its most basic parts”.
Will this work? It’s still early days, Minnich warned, and you may turn “your laptop into a brick”. But both for security and performance, it needs doing.
It’s neat that an obscure Unix like MINIX, thanks to Intel putting it on multiple cores in its chips, may be the world’s most widely used operating system. But it’s no way to run modern servers and PCs.
Related Stories:
Researchers say Intel’s Management Engine feature can be switched offIntel chip vulnerability lets hackers easily hijack fleets of PCsIntel AMT vulnerability hits business chips from 2008 onwards
Related Topics:
Data Centers
Cloud
Big Data Analytics
Innovation
Tech and Work
Collaboration
0