Note: I speak for me, not Intel and please don't blame me for the choices as*
I have had nothing to do with it.*..
On Mon, Feb 5, 2018 at 10:45 AM, Bakul Shah <bakul(a)bitblocks.com> wrote:
On Mon, 05 Feb 2018 13:13:51 +0000 Tony Finch
<dot(a)dotat.at> wrote:
Tony Finch writes:
Intel are now shipping MINIX as the embedded
management OS on all their
CPUs. Here's Andrew Tanenbaum's view:
http://www.cs.vu.nl/~ast/intel/
minix3 useland is basically the NetBSD userland.
I wonder if any of that is running on the IME.
I can not speak authoritatively (so in some ways this reply might be seen
as worthless), but I do not believe so. As I understand it (i.e.when I
asked about it with some of the CPU/BIOS types), the >>modified<< minix
kernel is basically an small embedded OS to support locally created custom
code for the management engine user code. There is not much there. The
while idea was an 'OS' to support the kinds of functions the management
engine needed -- from low level HW/device support to a networking stack --
'supporting' a complex application that could be written and debugged
outside of the production environment and the run 'as it' in the
'rom.'
Of course as our friends in the security side of the business point out,
the more that is there, the larger the attack surface, but I think the idea
is was to keep it small, light and simple and minix won out. Actually,
what's cool IMO is the choice of minix, often in my career, I have seen
those sorts of folks want to write their own and that to me a more
frightening. At least this means more people are likely to have hacked on
it >>before<< Intel took it in house [although I believe that action wrankels
many in the FOSS community - including a few on this list - who have
expressed that they think that the IME code needs to be 'published and free
to be inspected'].
Clem
ᐧ