Svetlozar Simeonov
I like to meme hard
· 2 min read

The trashfire inside Intel HQ

Intel is going for a world record of not admitting errors in design and instead, mitigating issues with glue and duct tape.

The trashfire inside Intel HQ

I am truly amazed at what huge companies like Intel could get away with. If you would start describing negatives to their design process (of which AMD is often guilty too), you would waste too much time.

Recent developments after the Spectre/Meltdown hardware bugs affecting Intel and other CPU's have shown that security is often lagging behind when the race is to make the newest and fastest processor without making much effort on the security aspect. And that is all seen as normal and acceptable. It shows more research needs to be conducted to hardware like that to avoid such glaring security holes. Far from Intel's first ordeal with a massive flaws like that, they tend to be taking security less and less seriously.

In its latest stunt, Intel has announced that it will add "Hardware level protection walls" to guard against any future attacks to the grade of Spectre/Meltdown. They will be tasked with identifying potential malicious code and isolating it in separate dedicated partitions on a hardware level, thus not allowing them to interact with areas of the CPU where such attacks would be possible at execution times. They are aimed to prevent Meltdown and Spectre 1, but so far it was only shown as a PoC and Intel CEO Brian Krzanich hopes that it will help against similar attacks in the future.

While this all sounds good, it just sounds that way. After the widely critisized implementation of Intel's Management Engine ever since 2008, it can be easily asserted that adding blobs of code that run below Ring 0 (Which is the level you Operating System's kernel works) that the user has no way of monitoring or controlling natively presents huge security holes and it serves as a detriment to the company as it has been shown to do. As Google's Ronald Minnich pointed out conclusively, Intel ME is widely exploitable, with it being able to capture virtually anything you are doing on your computer locally or remotely. Intel, since then, have introduced things like the "HAP" bit, which is a binary switch that effectively disables the ME for government systems. Besides that, there are plenty of other user-level tools to help wipe Intel's ME from your BIOS and microcode like Nicola Corna's me-cleaner.

Intel-no-more

Now Intel plans to stick more proprietary blobs with the guise of security and charge you more for the pretty words they are using, instead of mitigating it with microcode updates like several other vendors have done. Not only will this slow down processing, it will add another possible point of failure that any serious company in Silicon Valley would try to avoid, but security professionals feel like Intel's ego has grown so large, that security for them is a given with their product and they do not bother looking for holes and flaws. And while details are not known of what these partitions and code will contain, expect network connectivity to be in there at some point, because they want to make sure your customer experience is good by making sure you do your computing only in an Intel™ certified way.

It is the current year. You are no longer buying a computer, you are just renting it.