[tor-talk] Intel ME / AMT + NSL vs Tor Nodes

Milton Scritsmier ktr-theonionrouter at dea.spamcon.org
Sun Dec 18 10:22:21 UTC 2016

On 12/17/2016 3:58 PM, podmo wrote:

> Agree Intel needs to do a much better job documenting the capabilities,

The most detailed documentation Intel has issued on the ME is probably 
the 2014 book "Platform Embedded Security Technology Revealed" by Dr. 
Xiaoyu Ruan, who is an Intel employee who has a major role in designing 
software for the ME. It's not really a ME design document so much as a 
book about designing hardware/software secure platforms that uses the ME 
as an example and goes into some detail about its design.

Not all Intel chipsets support AMT (check Intel's website for which ones 
do, but most consumer PC/laptop chipsets don't), and for every version 
of ME firmware there are two releases, one for chipsets with AMT support 
and one for chipsets without. Chipsets which support AMT can have the ME 
firmware updated remotely if it's signed properly and the AMT password 
is entered or bypassed somehow. Chipsets without AMT support cannot be 
updated remotely AFAIK.

If somebody got their hands on the Intel ME toolset and private signing 
keys they could create a custom version of ME firmware that could do 
just about anything, including accessing almost all the PC's RAM at any 
time. But getting it on the machine is the trick. Without AMT support it 
would require physical access to the machine, but then you can do just 
about anything anyway with physical access.

> Could always use a third party NIC instead of the
> onboard one too.


More information about the tor-talk mailing list