Is there a management engine in the ARM CPUs?

[evil twin]

I've been wondering if anyone knows whether there is some kind of equivalent of the AMT (Intel's Active Management Technology) 'black box' built into the ARM CPUs, particularly those used in Raspberry Pi - i.e. how secure those CPUs are?

[jbeale]

If the RPi includes such a function, it has never been disclosed to my knowledge. I would tend to doubt it, given the original concept of the RPi was very personal computer for students, not a remotely-managed industrial box.

[asandford]

Most of the soc is the GPU and runs the whole show, the ARM core was initially bolted on as there was space on the die.

[jbeale]

Most of the soc is the GPU and runs the whole show, the ARM core was initially bolted on as there was space on the die.

A good point- I guess, in essence, there is a management engine outside the CPU. It's called the VideoCore IV GPU and among other things it does control the ARM CPU.

[evil twin]

If the RPi includes such a function, it has never been disclosed to my knowledge. I would tend to doubt it, given the original concept of the RPi was very personal computer for students, not a remotely-managed industrial box.

Well, the RPi is a core(s) that Broadcom has had already for other purposes, most likely developed for them by ARM as that's how it's usually done. Also it's apparently illegal for CPUs manufactured in the US to not have such funcionality and Broadcom is a US company.

[SonOfAMotherlessGoat]

Well, the RPi is a core(s) that Broadcom has had already for other purposes, most likely developed for them by ARM as that's how it's usually done. Also it's apparently illegal for CPUs manufactured in the US to not have such funcionality and Broadcom is a US company.

So basically you've already made up your mind and this question wasn't a question but a statement? You're not going to get an official statement from anyone here on the Forums, if you'd like to know, contact the Foundation directly or Broadcom and see what their response is.

[Heater]

No idea about a management engine but the Video Core/GPU boots the thing and has total control an visibility to all your RAM at all times.

Is it secure?

No.

The video core code is all closed source. So the whole thing can only be trusted as much as you trust the Pi foundation.

As it happens I trust them. Not just because they all seem to bee good chaps, but also because they know the whole Pi Foundation would collapse if it was ever discovered some shinanigans was going on.

I'm not complaining about the situation.

@evil twin

Also it's apparently illegal for CPUs manufactured in the US to not have such funcionality.

I have never heard o f such a thing before. You have any links to such law?

[W. H. Heydt]

Also it's apparently illegal for CPUs manufactured in the US to not have such funcionality and Broadcom is a US company.

First I've ever heard such a thing. Got s source for it?

FYI...while the SoC *might* be designed in the US, they are manufactured in--IIRC--Taiwan. (Actually, to CPU cores are, so far as I know, designed in the UK by ARM.)

Note that there are multiple meaning of "secure". In one classic example, some people who were up to no good asked the IT people where they worked if the e-mail servers were "secure", meaning, could they be trusted not to have anyone break in and if they erased any e-mails, they were gone for good. The IT people replied that the servers were "secure", meaning they never lost *anything* because they maintained regular backups. In the end, those backups contained the log records and data on incriminating e-mails where the bad guys deleted the messages. Look up the "Iran-Contra Affair" for the details.

[bensimmo]

Well, the RPi is a core(s) that Broadcom has had already for other purposes, most likely developed for them by ARM as that's how it's usually done. Also it's apparently illegal for CPUs manufactured in the US to not have such funcionality and Broadcom is a US company.

So basically you've already made up your mind and this question wasn't a question but a statement? You're not going to get an official statement from anyone here on the Forums, if you'd like to know, contact the Foundation directly or Broadcom and see what their response is.

Or in the few hours between posts, did some searching and reading?

[fruitoftheloom]

I've been wondering if anyone knows whether there is some kind of equivalent of the AMT (Intel's Active Management Technology) 'black box' built into the ARM CPUs, particularly those used in Raspberry Pi - i.e. how secure those CPUs are?

http://www.intel.co.uk/content/www/uk/e ... ology.html

http://www.tomshardware.com/reviews/vpr ... 03-13.html

It is more than you have explained, but only Intel have decided to offer this function, open-source DASH was not implemented by AMD:

Using integrated platform capabilities and popular third-party management and security applications, Intel® Active Management Technology (Intel® AMT) allows IT or managed service providers to better discover, repair, and protect their networked computing assets. Intel AMT enables IT or managed service providers to manage and repair not only their PC assets, but workstations and entry servers as well, utilizing the same infrastructure and tools across platforms for management consistency. For embedded developers, this means that devices can be diagnosed and repaired remotely, ultimately lowering IT support costs. Intel AMT is a feature of Intel® Core™ processors with Intel® vPro™ technology1 2 and workstation platforms based on select Intel® Xeon® processors.

[jamesh]

The 2835 uses an Armv6 core, designed in the UK. The GPU, the Videocore4 was designed in the UK (some subcomponents were designed elsewhere, but mostly UK, and integrated in the UK)

The 2836 and 2837 uses the same videocore4 GPU, the ARM cores are off the shelf ARM designs (UK), and again mostly integrated in the UK, although with USA involvement in some areas.

Just so you know!

As for a 'management engine', I've never heard of that, and I worked on the VC4 for 6 years.

What do you mean by management engine?

[evil twin]

So basically you've already made up your mind and this question wasn't a question but a statement? You're not going to get an official statement from anyone here on the Forums, if you'd like to know, contact the Foundation directly or Broadcom and see what their response is.

No, I haven't. That's what I've read so far, and I would like to find out by asking people with (hopefully) more knowledge.

[evil twin]

The 2835 uses an Armv6 core, designed in the UK. The GPU, the Videocore4 was designed in the UK (some subcomponents were designed elsewhere, but mostly UK, and integrated in the UK)

The 2836 and 2837 uses the same videocore4 GPU, the ARM cores are off the shelf ARM designs (UK), and again mostly integrated in the UK, although with USA involvement in some areas.

Just so you know!

As for a 'management engine', I've never heard of that, and I worked on the VC4 for 6 years.

What do you mean by management engine?

Thanks for a reply.
Intel Active Management Technology: https://en.wikipedia.org/wiki/Intel_Act ... Technology
An article at the Free Software Foundation web site: https://www.fsf.org/blogs/community/act ... technology

[SonOfAMotherlessGoat]

No, I haven't. That's what I've read so far, and I would like to find out by asking people with (hopefully) more knowledge.

Then my apologies for the harshness of my tone, and I do hope you find the answers you are looking for.

[jamesh]

The 2835 uses an Armv6 core, designed in the UK. The GPU, the Videocore4 was designed in the UK (some subcomponents were designed elsewhere, but mostly UK, and integrated in the UK)

The 2836 and 2837 uses the same videocore4 GPU, the ARM cores are off the shelf ARM designs (UK), and again mostly integrated in the UK, although with USA involvement in some areas.

Just so you know!

As for a 'management engine', I've never heard of that, and I worked on the VC4 for 6 years.

What do you mean by management engine?

Thanks for a reply.
Intel Active Management Technology: https://en.wikipedia.org/wiki/Intel_Act ... Technology
An article at the Free Software Foundation web site: https://www.fsf.org/blogs/community/act ... technology

As far as I know, there is nothing like that in the Raspberry Pi -it doesn't really have a BIOS in the conventional sense. But carefully read the posts above on how the Raspi architecture (VC4->ARM) works, because you could look on the GPU binary blob in the same way.

[r3d4]

because you could look on the GPU binary blob in the same way.

Ambiguity inside.

[mfa298]

Thanks for a reply.
Intel Active Management Technology: https://en.wikipedia.org/wiki/Intel_Act ... Technology
An article at the Free Software Foundation web site: https://www.fsf.org/blogs/community/act ... technology

AIUI(1) AMT requires support in the CPU and the Chipset, whilst most (maybe all) Intel CPUs have AMT support there are very few motherboards that have the required chipset. Similar technology has been around in the server world for a while in the form of IPMI / iLOM / iDRAC. and is there to allow remote management of the servers by relevant people (such access is usually behind a firewall and has authentication). I've used IPMI in this way to manage servers on another continent.

The AMT/vPRO features are aimed at the enterprise market where being able to manage a machine remotely is highly useful (e.g. power it up overnight to apply OS updates rather than having the machine unusable for the first hour after someone turns it on).

1) It's something I've been looking at recently as it's a technology that's useful for my usecase.

[hippy]

A "management engine" seems to be a more advanced version of "lights out management", a separate-but-integrated system which can have access and control over everything else which can be communicated with remotely.

I have never heard anyone say there is such a thing within a Pi SoC. JTAG is catered for but that requires physical access and isn't the same thing. In terms of there being some 'backdoor' which isn't acknowledged and cannot be disabled, allows others to remotely and surreptitiously gain access to the system or spy upon it; I very much doubt that.

Perhaps the only way to be sure there isn't is to x-ray or de-cap the chip, figure out which bits of silicon do what, and see what's left over.

[PeterO]

Seems to be the same conspiracy theorists as this : https://hardware.slashdot.org/story/16/ ... t-audit-it

PeterO

[SonOfAMotherlessGoat]

It's FSF (Richard Stallman) taking (yet) another "Oh my god you guys, 'They' could use this for nefarious purposes. It's closed source, so who knows what 'They' are doing with your suffs".

If you're concerned about other people having access to your Pi stored data, then airgap it. If you are concerned that airgapping won't help when 'They' seize your equipment, then a small dab of Semtex works...

[jamesh]

Seems to be the same conspiracy theorists as this : https://hardware.slashdot.org/story/16/ ... t-audit-it

PeterO

Why do I always end up reading the unadulterated drivel that seem to be the major content of slashdot nowadays.

[hippy]

Seems to be the same conspiracy theorists as this : https://hardware.slashdot.org/story/16/ ... t-audit-it

It is true, if one has a system which has full access and control over another and its resources, compromising that can lead to the other being compromised. It is a potential attack vector. The question is how much of a potential attack vector it would be, whether that can even be properly assessed.

I would be cautious about making a Pi or anything else accessible via the public Internet if it had full read-write access to other systems on the LAN, which is what some are saying the Intel ME set-up amounts to.

It seems to me there is some legitimacy to the concerns raised.

[mfa298]

To hopefully clear up some of the FUD, I now have a motherboard with a chipset that supports AMT (Asus Q170M-C). These are the early observations:

• Firstly the AMT network access isn't enabled by default - you have to enable it it.
• When enabling it the first thing it requires is a secure password (more secure than some banks/credit card companies allow).
• By default to connect via VNC as well as a password you also need a code that's shown on the local screen (although this can be changed)
• When connected via VNC there's a very obvious flashing red and yellow border on the local screen.

Finally there's a jumper on the motherboard that supposedly disables AMT (I've not tested as I wanted the AMT setup as the machine is designed to be headless).

Obviously all features the Pi doesn't have, but also no where near as bad the tin-foil hat brigade will try and make out. In comparison IPMI on servers is often enabled by default with obvious default username/password and provides similar features to AMT.