Note: I speak for me, not Intel and please don't blame me for the choices as I have had nothing to do with it...

On Mon, Feb 5, 2018 at 10:45 AM, Bakul Shah <bakul@bitblocks.com> wrote:

On Mon, 05 Feb 2018 13:13:51 +0000 Tony Finch <dot@dotat.at> wrote:
Tony Finch writes:
> Intel are now shipping MINIX as the embedded management OS on all their
> CPUs. Here's Andrew Tanenbaum's view: http://www.cs.vu.nl/~ast/intel/

minix3 useland is basically the NetBSD userland.
I wonder if any of that is running on the IME.

I can not speak authoritatively (so in some ways this reply might be seen as worthless), but I do not believe so. As I understand it (i.e.when I asked about it with some of the CPU/BIOS types), the >>modified<< minix kernel is basically an small embedded OS to support locally created custom code for the management engine user code. There is not much there. The while idea was an 'OS' to support the kinds of functions the management engine needed -- from low level HW/device support to a networking stack -- 'supporting' a complex application that could be written and debugged outside of the production environment and the run 'as it' in the 'rom.'

Of course as our friends in the security side of the business point out, the more that is there, the larger the attack surface, but I think the idea is was to keep it small, light and simple and minix won out. Actually, what's cool IMO is the choice of minix, often in my career, I have seen those sorts of folks want to write their own and that to me a more frightening. At least this means more people are likely to have hacked on it >>before<< Intel took it in house [although I believe that action wrankels many in the FOSS community - including a few on this list - who have expressed that they think that the IME code needs to be 'published and free to be inspected'].

Clem