User2288 Is there an equivalent to Intel ME on pixel 6+ ?

I think the answer is "not as designed".

  1. The external world (Wi-Fi, Bluetooth, cellular modem, USB, NFC, GPU) are isolated via IOMMUs.
  2. Some of the security implementation runs in TrustZone, which is ARM's enclave system. My (non-expert) understanding is that TrustZone splits all of the hardware on the system, including memory and I/O devices, into two compartments, and that code running in either compartment can't access hardware in the other compartment. If I have that right, the Linux kernel can't access the TrustZone compartment and the TrustyOS code in the TrustZone compartment can't access the Linux kernel's compartment, though there is some facility for sending messages between them.

Note, however, that everything contains bugs. I believe people have uncovered bugs in older implementations of TrustZone, though I am not familiar with the details. And IOMMU isolation doesn't stop a situation where the network hardware delivers a genuine packet to the shared packet-buffer space and then a bug in the Linux kernel's interpretation of that packet results in an exploit.

Overall, my (non-expert) sense is that on Intel platforms the Management Engine is designed to be powerful, so it can implement things like remote tracking and remote wipe for stolen laptops, whereas modern ARM platforms found in phones are designed not to have these features.

    User2288 There isn't an answer to this question, Intel ME is a piece of firmware that handles device initialization. Every PC/cellphone/tablet/smart fridge ever, no matter what, always, is going to have firmware that executes hardware initialization and management.

    Intel ME does a lot of functions, including power and out-of-bound management.

    There just isn't an answer to the question, other than Intel ME is closed source firmware with most of its functionality unknown. Which is common and constant in most devices

        raccoondad Intel ME is a piece of firmware that handles device initialization.

        But Intel says it's a processor:

        What is Intel® Management Engine?

        The Intel® Management Engine is an embedded microcontroller (integrated on some Intel chipsets) running a lightweight microkernel operating system that provides a variety of features and services for Intel® processor–based computer systems. [...]

        That processor is indeed running closed-source firmware (typically it's encrypted), but I don't think "Management Engine" means "firmware". And, while device initialization firmware might be expected to run once and then not any more, I think it's pretty clear that ME runs all the time.

            de0u Ah, it is a microcontroller...that's a bit more uncomfortable.

            I suppose the Pixels Titan chip is a better example, however that mainly handles secrets more than anything if I am not mistaken. Regardless its a separate chip away from the CPU but that's sort of required for its job.

                admin what I did was asking people already talking about it outside from here, not creating brand new subjects on it, since there's no private message functionality here.

                  GrapheneOS from all the answer I got from "team members"? of the project, this seems liike I got misinterpreted as not trusting the reliability of graphene, I don't know how; since it's one of my favorite project I came across in this specific field if not the first one. I am merely asking questions on people who are aware of IME to get more insights into it, nothing more. I also like better grapheneos than laptops in some way; but there's always different usability/situations

                    User2288 this quite seems like just those 3 letter of IME is quite touchy here. I'm a big fan of graphene, no doubts here, but It doesn't seem like I can have any questionning about it in here with other community members, but I'd rather stop if it's disturbing them, since this is the last thing I wanted to. And I'm also only wishing all the best for this amazing team and its devs that did a work that was never achieved by any others.

                    • zzz replied to this.

                        GrapheneOS

                        So an ARM MacBook with MacOS would be the closest thing to get to GOS from a privacy security and longevity (firmware and security updates) aspect?
                        Or is it something lika an old ThinkPad with Libreboot an QubesOS? Or something else entirely?

                            krayo

                            This line from the official GOS account would be the core answer:

                            GrapheneOS You have no way to confirm that an open source chip has hardware matching the chip design. The manufacturing processes are also closed source even for an open source SoC

                            Unless we were standing next to the microfabrication line where the chips were manufactured with a microscope, we can't ever 100% know if backdoors / "microcontrollers" / "IME equivalents" are baked into any given chip at the hardware level.

                            Like what was posted earlier, we are already placing "full trust" in Intel / ARM by using a digital device, there are very few ways around that:

                            GrapheneOS Many people baselessly claim that Intel ME is a backdoor or has a backdoor while ignoring the rest of the CPU which is also proprietary and also places full trust in them.

                                  • [deleted]

                                  • Post #23
                                  • Edited

                                  Many people baselessly claim that Intel ME is a backdoor or has a backdoor while ignoring the rest of the CPU which is also proprietary and also places full trust in them.

                                  🤷‍♂️ The Intel Management Engine (ME) and AMD Platform Security Processor (PSP) are just small parts of a bigger issue. The entire desktop System-on-Chip (SoC) is built on closed and proprietary technology.

                                  🤷‍♀️ It's funny that people haven't moved on from this year-old topic, as they seem to ignore the fact that the entire System-on-Chip (SoC) is proprietary, while criticizing the Intel Management Engine (ME).

                                  sleep_legacy i would lean more towards libreboot with cubesOS. But I think even then you don't have verified boot, do you?

                                  The thing about intel ME or PSP is that by putting a network monitoring system in front of that PC you could technically "catch" unsolicited traffic in/out of that PC, theoretically. But that's easier said than done. One could also argue that if there was a serious privacy/security backdoor issue with intel ME, then perhaps at least one person would have "cought" it in the act in the past 15 years. Is there any account of this?

                                  I was so worried about intel ME in the past, but now i don't. I think its only a thread if a sophisticated attacker (gov) wants to directly target you, and that's not everybody. Although if you wanna be more safe, the way to deal with it is to put your system behind an external firewall with white-listed IPs/URLs. I'd think that should do it. No?

                                  Or just have a more secure system for your critical stuff.

                                      If its the case that nothing like Intel ME exists on pixels, then it would naturally follow to ask "what COULD be a threat model for the pixel given its hardware structure that should be discussed?"

                                      I think that's a more relevant question and gets back to the original question of the OP.

                                      I suppose a base band attack that gains access? What kind of access could that entail? What does the "isolation" actually do?

                                      I would love to learn about this if anyone has any reading to recommend.

                                        raccoondad

                                        There just isn't an answer to the question, other than Intel ME is closed source firmware with most of its functionality unknown. Which is common and constant in most devices

                                        The entire SoC is closed source hardware and firmware. Intel ME is not a uniquely closed source part of it. It's a misconception.

                                        raccoondad

                                        Intel ME is no more closed source than the rest of Intel's SoC.

                                            User2288 You have misconceptions about Intel ME which were addressed in the thread.

                                            ARM is dramatically simpler than x86, and Tensor is a particularly simple/clean smartphone SoC implementation. Nearly everything is dramatically simpler. There's no SMM, ACPI, UEFI or countless other things, not just ME. There's no equivalent to them because things are simpler done in a simpler way. Device management is done via apps in the OS granted device management permissions and that's more than good enough for the use case. Those apps can use hardware attestation if they want to verify the device / OS.

                                            I suppose a base band attack that gains access? What kind of access could that entail? What does the "isolation" actually do?

                                            This is venturing into similar misconceptions about cellular basebands. It's not different from Wi-Fi/Bluetooth. The isolation is the same: they can only access their own memory and system memory shared with them by the driver which along with the userspace services/libraries are responsible for safely interacting with the component and avoiding vulnerabilities exploitable through the communication. It's little different from any other radio or network card. They're typically not properly isolated in desktops, but they are properly isolated in the devices we support and bypasses for that isolation are considered High severity vulnerabilities similar to comparable privilege escalations within the OS.

                                                GrapheneOS thanks for this explanation. It was informative.

                                                Without question everyone here discussing this subject has misconceptions and lack of knowledge about this. If we didn't we wouldn't be here making posts about it and asking questions. 😌

                                                Anyway thanks for the info. This explanation of yours was satisfactory enough for me not to worry about the subject any more on pixels.

                                                  User2288

                                                  I don't think a system like that has verified boot, but I don't now.

                                                  Possibly it is not only about the ME, what is about a system with old firmware? As far as I know, no OS can be secure on a device if the firmware is the entry point. And many devices don't get long firmware support.

                                                  So Im curious about a good laptop option in terms of updates (os and firmware) with good security and privacy. And hopefully good to repair.

                                                  I hoped that an old ThinkPad with coreboot/libreboot And QubesOS would be the solution. Quite friendly, they have a good repairability, but unfortunately I don't have enough knowledge about the Intel ME or any possible security concerns in these old devices.

                                                      4 days later