I really hate that there is a hardware company called Minix. The OS is higher on my mental rolodex and the headlines confuse the hell out of me.

Mainly because it would be way cooler from the Minix software project.

"Minix unveils a fanless mini PC with Intel Gemini Lake"

liliputing.com/2019/09/minix-u

@xmanmonk @trashHeap And possibly in your BIOS as well, depending on what machine it is....

@emacsomancer @xmanmonk Took the time to disable the copy in my firmware.

Still wish someone released an exploit to let us boot into the copy of Minix in our intel firmware and do something less creepy with it.

@trashHeap As have I, on machines where this is possible. (Though I don't think I have any that would have actually been running Minix.)

But, yeah; essentially:

"Cool! I have a whole second OS running on my machine....oh! that's uninspectable, may be spying on me, and certainly is riddled with vulnerabilities that third parties could [read: will] take advantage of."

@xmanmonk

@emacsomancer @trashHeap @xmanmonk I doubt that Minix is high on anyone's exploit list. It's mainly a minimalist OS that is great for beginner courses in OS and as a lean IoT OS.

@Limax Given that the IME has ring -2 access, which means complete access to anything and everything on the machine, and non-visibly to anything running at a high ring access level (and thus no OS-level logging of anything that occurs at ring -2), you can be sure that finding vulnerabilities will be pretty high on people's exploit lists.

http://blog.ptsecurity.com/2018/11/what-we-have-learned-about-intel-me.html

It is in fact vulnerabilities that have allowed the IME to be disabled in some cases.

http://blog.ptsecurity.com/2017/08/disabling-intel-me.html

@xmanmonk @trashHeap

@emacsomancer @trashHeap That's true! I think I'm running a 6-core Coffee Lake. I used to have an AMD. A friend bought this machine for me, so I had little choice in processor, but I like it so far.

@xmanmonk AMD has near equivalents for Intel's IME (for everything I *think* after the Bulldozer line), for which there are currently no workarounds (at least for the Intel ones, on some machines people have worked out 'fixes').
@trashHeap
@xmanmonk So then if you installed Minix on the bare metal, and then spun up your Minix VM...with the IME Minix, you could have Minix Inception!

@trashHeap
Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.