Intel ME or free software license violations Minix3
| [Date: 2017-12-11] | Source: Linux commune Author: Feifei Ran | [Font: Da Zhong small ] |
HTTPS: // www.linuxidc.com/Linux/2017-12/149306.htm AMD have PSP intel have ME
AMD PSP (Platform Security Processor, platform security processor) is a chip-on-chip security system, and Intel's management engine (ME, management engine) is somewhat similar. Similarly with Intel ME, located in the AMD security processor integrated AMD 64 × 86 next to the shared processor core CPU, run a separate secure processor operating system to process security-related actions. Secure OS, trusted applications, TrustZone API, Secure Boot are located in platform security processor.
The CPU contains its own computer software installed by the CPU manufacturer. This software is used to boot your computer, such as hardware configuration prior to transfer control to the operating system. In order to provide remote management, this software can also run after booting, allowing you to use the computer. For the most recent Intel CPU, security researchers have shown that Minix remote management software may run its own operating system based on free software released under the license 3. Unlike many other free software licenses, like, this license needs to send a legal notice to the recipient when distributing the software. Unfortunately, Intel seems to have not done so, so Minix 3 distributed in a recent Intel CPU might be copyright infringement.
MINIX author published an open letter to Intel's http://www.linuxidc.com/Linux/2017-11/148374.htm
Remote Management
In order to remotely manage your computer, each x86 Intel's sales in the past few years have placed a CPU control CPU. This CPU is known as Intel Management Engine (ME), it can intercept and control almost all major CPU, including write your hard drive. Ververis writes security researcher, even in the main CPU is still de-energized and the computer is in the power plug, can communicate over the network even. Sometimes this is desirable, for example, a large number of server if you want remote management company. Unfortunately, ME most likely to use in the latest x86 laptop or desktop computer, you can not replace the internal ME software can not check the fault or error. There are some errors, such as remote use of your CPU, USB device use and so on.
I offer the functionality itself is not bad, the problem is you do not hold the key. Google's Ronald Minnich is to get you full control of your CPU.
Of course, Intel tell you, ME is safe, "good for you", it helps to start the computer processing hardware drivers and potential remote upgrade. Well, the road to hell is paved with good intentions. ME you can make it more difficult for pirated media (protected media path), but the irony is, ME is possible to use pirated free software to do so.
Pirated software, uh?
This may sound like a contradiction, how can you pirated free software? Quite simply, if you do not abide by the terms and conditions of free software license, you have no right to distribute the software.
Some free software license is copyleft, and require several conditions to meet the legitimate distribution. Other free software licenses, such as BSD-style license, non-copyrighted, even if the condition is less, still conditional.
April this year, we found that ME software, there are some string that represents the installation Minix 3 operating system in the ME version 11 and later.
Why "discovered" it runs Minix? Well, it seems that Intel wants to keep secret management engine, so they have not yet deciphered using the Huffman code obfuscation binary files. However, the current partial results, there are indications that there has Minix 3.
Minix author Andrew Tanenbaum also support this finding, he explained that a few years ago, Intel contacted him, asking him to provide help on Minix, rather than telling him use Minix 3. Tanenbaum said that if they told him how they intend to use it, he would oppose this usage.
Now, Minix 3 is based on the BSD license format issued by the provisions of Condition 2, if you want to distribute binary format Minix 3, you must provide a legal declaration:
"Documentation and / or other materials reproduce the above copyright notice redistribution in binary form must be distributed provided with, this list of conditions and the following disclaimer."
Legal everywhere
Most free software licenses are in fact legal notice requirements. If you now pick up the iPhone and navigate to Settings -> General -> About -> Law -> Legal Notices, you will find all the legal notices required for all free software on the iPhone. (Well, Apple knows.) If you have an Android , navigate to Settings -> About phone -> Legal information - Open Source License> and System WebView licenses.
For other applications, you can find a menu somewhere, namely legal information or legal notices or third-party licensing. You can also print the documentation and / or other materials accompanying the product. Look for it, you will find it. If you yourself are distributing applications that use free software, and you do not provide legal notice, then it may be time to do so.
It now appears that Intel does not seem to provide proper legal notice is Minix 3 software. Security researchers and Tanenbaum surprise show that this knowledge purposefully hidden. Unfortunately for Intel, a free software license and the terms of a required legal notice is not compatible with the secret distribution.
Anyone assigned CPU must provide legal statement that not just Intel, the computer manufacturer will also include CPU installed in the computer, and the computer will eventually be sold to your sales company.
Minix 3 I could not hide inside the only free software. For example, ME also includes a Web server. Intel is a write from scratch or choose a licensed under free software licenses Web server? Perhaps there are more tools / libraries may be because of a lack of legal notices and lodge a claim against Intel, computer manufacturers and sales companies?
Damages and injunctions against free software
What kind of request? The software is free to use, so what kind of damage might be relevant?
So, despite the creation of free software people might not necessarily be interested in monetary compensation, but they usually are interested in being nominated for the author. This is a right, but also a part of many jurisdictions copyright law. This may result in the loss of rights to the author of the work not as a distribution of compensation.
In Tanenbaum own internal called "spy engine" of the secret use of free software, it can be said clearly contradict the free software author's intention. Tanenbaum wrote: "I certainly will not cooperate, even if they just want to reduce the memory footprint (for them is chip area)." Therefore, one might think, the secret distribution partnerships Tanenbaum buy the high cost of Intel Minix 3, if if possible. Therefore, it is possible for damages in this case, and that the infringing code within the management engine should be removed.
Under normal circumstances, the accident risk of prosecution is very small, because free software authors have a better approach. However, in this case, perhaps the intention of Intel and free software does not feel like the purpose of conflict. In addition, the amount of damages can be argued that significant. Think about it, every x86 Skylake CPU the software may be almost in the past few years sold around the world. Perhaps this will be the first case in court BSD-style license being tested.
If Intel is scrambling to develop internal software ME all the necessary legal notice, and also to manufacturers and sales companies distribute this list it? Of course, the future of the CPU may no longer infringement, but fix the previous copyright infringement? No, not necessarily. Window of opportunity with a CPU distribute legal notice has been sold has probably passed.
Of course, we can not be completely sure, Intel did not make such a legal notice, there may file a legal notice with ME in the default Windows installation, it may be based on ultra-fine print in the manual way, or are vulnerable when when they turn on the computer, everybody throw a little paper. If someone find such a list, then I believe that security researchers will be very interested in this.
In any case, this is a good for any company to use free software for lessons. Do not forget Legal!
This article permanently updated link address : http://www.linuxidc.com/Linux/2017-12/149306.htm