[GTALUG] Intel's dangerous Management Engine may violate Minix 3's license
D. Hugh Redelmeier
hugh at mimosa.com
Mon Dec 11 15:44:40 EST 2017
Pretty much every x86 processor / chipset Intel has produced recently has
a Management Engine. That's a separate, invisible, 32-bit x86 processor
used to implement a variety of features. For example AMT.
These features are generally useless for Linux users since they are not
disclosed in a way useful to open source. On the other had,
vulnerabilities have been discovered in the ME that suggest it is a
security risk to us all. Some think that the ME has been designed for
Government Access.
Here's the latest disclosure of a latest weakness. This isn't the first
and won't be the last:
<https://www.intel.com/content/www/us/en/support/articles/000025619/software.html>
Pretty much all firmware ("BIOS") needs to be update but I suspect many
vendors will neglect to do this. This blog has lots of interesting
details (these guys found the bug(s)):
<http://blog.ptsecurity.com/>
It turns out that the Management Engine is running Minix 3. Minix 3 is
released under a BSD-like license. The license requires "advertising":
“Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.”
Intel is likely violating the license.
<http://www.ipwatchdog.com/2017/12/02/supplying-legal-notices-free-software/>
More information about the talk
mailing list