SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Intel has provided a tool (for both Windows and Linux) to detect if your CPU is vulnerable to this. Here's the link.
According with that Intel tool:
Code:
root@darkstar:~/Downloads/computer/SA00086# ./intel_sa00086.py
INTEL-SA-00086 Detection Tool
Copyright(C) 2017, Intel Corporation, All rights reserved
Application Version: 1.0.0.152
Scan date: 2018-01-03 13:20:30 GMT
*** Host Computer Information ***
Name: darkstar.example.org
Manufacturer: FUJITSU SIEMENS
Model: ESPRIMO Q5030
Processor Name: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
OS Version: Slackware 14.2 (4.14.11-smp)
*** Risk Assessment ***
Detection Error: This system may be vulnerable,
either the Intel(R) MEI/TXEI driver is not installed
(available from your system manufacturer)
or the system manufacturer does not permit access
to the ME/TXE from the host driver.
For more information refer to the INTEL-SA-00086 Detection Tool Guide or the
Intel Security Advisory Intel-SA-00086 at the following link:
https://www.intel.com/sa-00086-support
So, that tool insists to look for the Intel ME.
You know, that Minix which every Intel owner ran, either he's aware or not...
Last edited by Darth Vader; 01-03-2018 at 07:43 AM.
INTEL-SA-00086 Detection Tool
Copyright(C) 2017, Intel Corporation, All rights reserved
Application Version: 1.0.0.152
Scan date: 2018-01-03 13:39:34 GMT
*** Host Computer Information ***
Name: old
Manufacturer: LENOVO
Model: 4284CY1
Processor Name: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz
OS Version: Slackware 14.2 (4.4.88)
*** Intel(R) ME Information ***
Engine: Intel(R) Management Engine
Version: 7.1.20.1119
SVN: 0
*** Risk Assessment ***
Based on the analysis performed by this tool: This system is vulnerable.
Explanation:
The detected version of the Intel(R) Management Engine firmware
is considered vulnerable for INTEL-SA-00086.
Contact your system manufacturer for support and remediation of this system.
For more information refer to the INTEL-SA-00086 Detection Tool Guide or the
Intel Security Advisory Intel-SA-00086 at the following link:
https://www.intel.com/sa-00086-support
Systems using Intel ME Firmware versions 6.x-11.x, servers using SPS Firmware version 4.0, and systems using TXE version 3.0 are impacted. You may find these firmware versions on certain processors from the:
1st, 2nd, 3rd, 4th, 5th, 6th, 7th, and 8th generation Intel® Core™ Processor Families
Intel® Xeon® Processor E3-1200 v5 and v6 Product Family
Intel® Xeon® Processor Scalable Family
Intel® Xeon® Processor W Family
Intel Atom® C3000 Processor Family
Apollo Lake Intel Atom® Processor E3900 series
Apollo Lake Intel® Pentium® Processors
Intel® Pentium® Processor G Series
Intel® Celeron® G, N, and J series Processors
That patch is not yet accepted in Linus' tree for now, so it will not be backported to -stable. I guess we will have to wait for 4.14.12 or 13
Or, AMD users can use 'nopti' or 'pti=off' kernel parameter, for example in an append line in lilo.conf. See Documentation/admin-guide/kernel-parameters.txt.
I updated to 4.14.11, with PTI enabled. The "du -s -x" test used by grsecurity shows a 25-30% slowdown on my Intel Core i5-2400. But (as expected) I can not see a noticeable slowdown in the desktop experience. Typical desktop software do not make extensive syscalls.
I updated to 4.14.11, with PTI enabled. The "du -s -x" test used by grsecurity shows a 25-30% slowdown on my Intel Core i5-2400. But (as expected) I can not see a noticeable slowdown in the desktop experience. Typical desktop software do not make extensive syscalls.
Yeah man, but will be very fun to compile huge things.
Yep, looks like the real issue is that this time Santa Claus gifted the hackers with a way to access the IME even via a javascript loaded by a browser, from what I read.
Yep, looks like the real issue is that this time Santa Claus gifted the hackers with a way to access the IME even via a javascript loaded by a browser, from what I read.
Your IME happens to be secure.
Yes , a little luck is always needed :-)
But it is not Santa Claus.
Its vulnarable by design .
This was commented by J. Rutkowska 2 years ago /about 20 minutes/
Or, AMD users can use 'nopti' or 'pti=off' kernel parameter, for example in an append line in lilo.conf. See Documentation/admin-guide/kernel-parameters.txt.
Thanks for the pointer Petri. Most of my DIY built systems run on AMD. My desktop is one of them running -current so I've appended 'nopti' to my EFI elilo.conf:
This is malware blob designed by Intel.
Only the question of time was when it activated.
The IME idea is not bad per se.
How you imagine that a Romanian admin, living in Romania, can manage up from installation of the OS a server from USA or Japan, then from another continent?
That Romanian admin use a thing called KVM over IP, which basically permit you to have keyboard, video and mouse, to a remote server, starting from its boot. This thing is very useful, and the very base of the Internet as you know.
That's WHY you can have cheap servers, paying very cheap for skilled work which otherwise could be resolved with armies of admins working on-site.
BUT, as everything, could be a weapon too. If a hacker manage to intervene in this process, he's the King of the Server.
In other hand, I do not see the utility of implementing IMEs in the desktop computers shipped to masses, other than someone expected sometime someone to remote control these particular computers.
And that "someone" could not be others than the Men In Black from the Three Letters Agencies.
While that could be really patriotic and maybe required by laws in some brave countries, BUT their very existence is a epic security flaw, if they are not very strong protected.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
