 Okay Let's go. You're ready. Let's have a hand for cyber revolt, please All right. Hello everyone. I am Daniel. You might have seen me before. I sometimes speak about open source firmware And at some point I also had to start to look into more specific stuff So this talk here is about the internal management engine Sometimes also known as the manageability engine it always depends on, you know What website you find or what person you ask you might get either response or both? so let's see a little disclaimer first I Am not trying to blame Intel for anything they have done or something This year is not about whether we can trust Intel as a company or any other chip vendor or vendor in general Because I cannot read their minds. I don't know their intentions What we can only do is See what they put out in the public or What we find in the machines that we buy and on the other hand? We don't really know that much because Especially with the inter them e there is not very much public information So people try to figure things out There are forums. There are certain small projects like analysis tools and stuff But all of these are based on reverse engineering or educated guessing or whatever people could just figure out and Me especially I don't know very much about it actually So I'm just here because I'm interested in the field and at some point There was an event which made me look into it More about that later The agenda for today, I will give a very brief introduction It will be a very bold introduction though Into the entire field around firmware then I will be Switching over to the open source firmware stuff we do I Will briefly try to explain the hardware we know as Intel's x86 platforms then I will try to Give you a motivation to also look into what I have been looking into and tell you what made me look into it I will give you some entry points for analysis and eventually we will just get a conclusion and Start to think about what we just heard So for the introduction Who of you in the audience has already done something with microcontrollers Please raise your hands. Okay. We see lots of hands here And in fact we actually have like hundreds or thousands or millions of microcontrollers here, right? So all the lights we see over here their ESP 8266 that board you see in the middle there's Arduino and There is something which I like to call not the network of things because apparently you just need a network You don't really need the internet for it and we can connect all of those devices We can remotely control them and I'm now going to show you That what you have in your laptop It's actually the very same thing Now this is lots of bullet points, and I'm very sorry for it But this gives you a feeling of what we are dealing with here in your laptop You have multiple Such controllers which are very similar to the Arduino or ESP microcontrollers that you already know Some of them are for very very specific functionality So everyone knows the USB controllers. We have USB controllers. We have PCI Where other devices are connected? We have GPUs We have a whole lot more But the very core that's what is known as the chipset and the CPU It can sometimes also be one single chip like in this graphic here, which I borrowed from Intel Just adjusted the colors a bit to make it fit with the slides and here You can see lots of lines connecting all of those controllers Now there's some other controllers which are also started to look into They are called the embedded controller Which is an additional microcontroller on your laptop for power management for Controlling the charging circuit when you connect your charger to your battery. You will see an LED That's what this device is doing. It might be connected to a keyboard to your mouse And there is a very similar concept also for servers It's called BMC or a baseball management controller Its purpose is to remotely control a server So you don't have to actually go to a data center imagine you are administrating Five data centers all across the world You can literally be in all of them at the same time So that's why they came up with an interface to remotely control it and they've made a dedicated chip for it Which is also connected to many devices on the server platform Then there is one thing you might also have heard about a so-called TPM a trusted platform module And its main purpose is To give you a very small trust anchor From which you can run all of your top level applications below which is an operating system Which is actually running after a bootloader Which is actually started from your firmware which is actually loaded from your chipset And that's how deep the rabbit hole goes Now let's look at open source projects We have projects for all sorts of features around the cpu The cpu before Your laptop can even start up. It has to be initialized It also has to know the ram When you boot up a machine it doesn't yet really know anything about ram That's what the core boot project is doing Now today we have a bit of a problem because we don't have enough information To actually program core boot for modern machines So there is a different approach now You know the uefi or you Unified extensible firmware interface It's a bit of a different approach also to initialize hardware, but also to hand over to an operating system But the thing is there are sorts of drivers in there and stuff So we want to replace that with a linux kernel. That's what the linux boot approach is doing There are different implementations. There is heads. There is uroot And that's how we can start modern machines with a bit more knowledge For embedded controllers, we have the projects from google for the chromebooks There's lots of open source implementations, but they only apply to very specific hardware You can find all of those stuff on the web, of course And then system 76 is also currently working in that field for their laptops And eventually for the bmcs. I just introduced you to there is also two projects There is the open bmc project and the uroot project Okay, so that's how far we are But That's not what i'm talking about today. I'm talking about something else And that's why we have to take a closer look at intel's x86 hardware This here is an example of a platform which has a dedicated chipset And a processor This is also a graphic abort from intel once again Um, it shows you where all of those peripherals are connected. So again, we have usb. We have ethernet But there is more to it actually and you you can clearly see that this Chipset here it's quite a large box And there is a reason for it Because that's where actually most Of the chips are connecting That's why intel calls it the platform controller hub or pch for short Now let's look closer at the denverton platform Denverton is one of those model names for the platforms intel always comes up with these names And here we have a very brief summary of what peripherals we have And if you look very closely in the upper right corner There is two so-called engines mentioned One of them is the innovation engine The other one is the management engine Which we're dealing with today The innovation engine has a very brief description. It says it's something about innovation. It's something about firmware But actually I have not yet found any use for it But it's there in your hardware. So if you have a denverton chip in your laptop or wherever you might find it You have some features there, but I don't know what they are for Okay, so let's look at the management engine Today because the thing is hardware is involving The management engine today is not the management engine from a few years ago So with newer hardware we get Different chips over time They are attached to different other peripherals over time And they're given different purposes So basically the ME itself is just a microcontroller Like Arduino And it's part of your chipset If you have a combined chipset and main processor, it's in that one single chip, but that's where it is But that's not where it started. It actually started as the so-called active management technology The idea was that you could remotely control a device and provision it Just like what I described you as the baseboard management controller for servers It's the same thing, but for let's say laptops desktop PCs Imagine you're running a very huge company and you have hundreds of devices to maintain Now you have this BMC thingy for servers And this thing here for your desktop devices Now the question is why is it actually connected to all of those peripherals? First of all, there was a bit of a renaming recently It's no longer just called the ME. It's called the CSME Converged security and manageability or management engine It can load your firmware and verify it And with that firmware we are now talking about the host CPU firmware That thing that core boot can be doing or what your vendor's ui firmware is doing If that firmware Is not as expected Which means it's not signed with a certain key from either intel or your oem The equipment manufacturer which can be hp or asus or whatever Then your laptop may not boot That's a feature. It's a security feature Now the problem is if we want to legitimately replace the firmware with our own implementations We can't do it If this certain feature is activated It's also known as boot guard But again, this is not what we're talking about today. I want to look at something else This year is how your machine boots up On the left hand you see the flow I just described you What the ME is doing You press the power button on your machine The ME is coming up It's initializing itself first with its own firmware That's the rbe phase a bit more about that later Then there is a bring up phase which hands over to the ME operating system If that version of your ME actually has an operating system, which is not necessarily the case It will reset the cpu itself It will trigger the firmware on the cpu to start That's where core boot could take over or your vendor suvfi firmware. It loads some microcode updates It comes to the initialization phase where you get the ram and the cpu And eventually all the features you have in your chip set itself Until it can boot your host operating system Now at the same time there's two more chips even being powered on one is one is the pmc the power management controller Which also gets some updates or patches from the ME firmware And the ec the embedded controller. I already described you which is just running in parallel But in fact, these are all connected to each other And here are some of the features summarized which we have in ME So the active management technology is implemented for example in the linux kernel. There is a driver for it It can do hardware monitoring Like it can it can monitor if your chips are overheating It can have other sensors connected to it It can do power control That's why I just described you just like a bmc. You can power cycle your system through it You could update your operating system out of band. So not like using App get upgrade or something no instead you would just do it from outside So you could reformat an entire disk replace it with a new image You have a bit of storage And you even have a proxy for a keyboard and mouse And the video interface so it's like vnc literally That's what we know from the public documentation Now the interface that is implemented in the linux kernel has been extended a bit Now we have a dedicated chip which was pulled out of the ME the ish or integrated sensor hub It just does the very basic things I just described you about sensors just in a dedicated chip That's a good development actually because now we don't have a single point of failure which has everything We have a single point of failure which has everything but this part There is bias extensions in your host firmware There can also be certain libraries or drivers which are connecting to the ME You can control the ME through it If you have a business laptop You might be running the corporate version of the ME firmware And then you might press f6 or control p when booting up And you might get a prompt If you are still in the manufacturing mode or you just bought the machine very fresh You just type admin. That's a default password. That's publicly documented by the way It's not something I found somewhere but in Intel's own documentation And then you can start using that feature So this might apply I haven't confirmed it but it might apply to The hp elite books for example, which are for business use or certain the novel thinkpads from the t-series You could try it on your machines. Maybe Now I've already described you that there are lots of different variants and versions of the management engine We have a very very long timeline here. We are talking about years starting from 2004 until now So it's 15 years since the active management technology was announced until today Where we have version 12 of the management engine The problem with this timeline here is again the disclaimer I cannot really verify all of this information. I have mostly gathered it from different sources So don't take all of this for granted Some of this might also just include some educated guessing from my site If you find any errors, you will get the links later. You can follow me box or send your pull requests So we're at version 12 now For each version of the management engine, there's release notes They are public So in me 12, they just drop version 1 for tls 1.2 is now in And we have a few other features Some of them I don't even know But you can look it up on inter documentation Those are the variants. We already know consumer corporate a slim version apparently There's the sps version which was made for servers And now there is something called ignition Which actually brings us to our motivation here This is an email from the edk to non osi mailing list They announced a version of the me binary which can finally be distributed So you can give it to other people you could do that before Well, at least not officially of course when you get firmware updates from your supplier You get those binaries in a way, but it's not like you download them from inter directly Which means that now we can Offer full images of custom firmware based on core boot based on this me binary here And whatever we want to tailor it for So let's follow the yellow brick road This is the license The license allows basically Only redistribution You may not make any changes. You may not reverse it. You may not decompile it You may not disassemble it Now how do we actually verify that it works as desired and as promised? Pay no attention to the man behind the curtain if you have seen the wizard of us, you know the scene That's literally what they want their philosophy is Kind of a shallow thing so they don't really want to be very open with information This year is from a training slide. It's an official training that intel is giving at certain events They tell people well, we have lots of firmware developers. We want to support them in a way, but not too much actually I have to be a bit quick because I have more slides than time Here's the vendor's perspective from intel's fsp white paper fsp is the firmware support package They're saying they're working towards Well releasing something but actually not so if you have a binary and it works as desired then it's okay. Otherwise Well, not so much, but they promise it works And the same applies for me. I guess Which is where dexter's law applies Which is saying that only proprietary software vendors actually want proprietary software And now that's the issue If somebody is attacking your system, they do not play by the rules Let's take some first steps into that direction Um, there's some analysis tools There's the me cleaner me analyzer and more There's been some reverse engineering not from my side because of course the license doesn't allow it Uh, more information can be found in other talks There was the plunder vault attack just recently which was actually based on reverse engineering And now i'm afraid I have to cut it here Um, we have security issues We want to analyze firmware Here's a bit of data structures. I would just briefly skim through those now You can approach me later for more And I want to briefly come to this conclusion because this is the important part So for security all firmware has to be open source Here's a list of acronyms Some other talks to refer to again Thanks to everyone who has actually helped me with this. That's all the hacker spaces I hang out at The chaos west team and the stage here, of course And the open source firmware projects Please come to our assembly. It's right over there if you want to know more So thanks first If you have any questions, please approach me now or well just in a bit at the assembly I guess we have time for one very small question now Yeah, thank you very much as of a hand There'll be two mics. They're lit We have time for one question or maybe two but short ones anybody Has a question No About all the fun you can have and not supposed to have Okay, thank you very much Okay, in which case let's close it And take your trash, please And be excellent to each other. Thank you very much