<div dir="ltr"><div>Very good presentation from Dmitry Sklyarov. Despite there are some inaccuracies, the work done by his team on ME 11 is impressive. :-)</div><div><br></div><div>Here, I am just thinking loud...</div><div><br></div>Interesting... ME 11 has some new HW concepts, introduced by INTEL for SKL onward. Knowing the EGO trips of the leading INTEL people, I would not be surprised to see that ARC/SPARC is actually swapped with quark (shrinked PENTIUM on 22nm), introduced as serious challenge to ARM in IOT space by BK, CEO of INTEL, when BK was just a TMG leader (Y2013). Quark is his beloved baby, crown of his technical career (leading him to be CEO).<div><br></div><div>Actually, quark is pushed into very serious designs all over the place, from 3 years ago, fast forwarded in Time. So quark could be the replacement. AS additional justification for BK's decisions, dated more than 3 years ago.</div><div><br></div><div>Looking what MINIX3 itself is, it kinda confirms my thoughts: <a href="http://www.minix3.org/">http://www.minix3.org/</a></div><div><span style="font-family:arial,helvetica,sans-serif;background-color:rgb(236,243,250)"><u><i><font color="#333333">MINIX 3 is a free, open-source, operating system designed to be highly reliable, flexible, and secure. </font><b><font color="#ff0000">It is based on a tiny microkernel</font> </b><font color="#333333">running in kernel mode with the rest of the operating system running as a number of isolated, protected, processes in user mode.</font></i></u></span><br></div><div><span style="font-family:arial,helvetica,sans-serif;background-color:rgb(236,243,250)"><u><i><font color="#333333"><br></font></i></u></span></div><div><font color="#333333" face="arial, helvetica, sans-serif">The another interesting fact I did not know is that ME is taking minimum 2x of consecutive 16MB of DRAM (this I new already), but that this DRAM is not accessible by OS, running on CPU. Thus, Since I know that these 32MB of memory are very close to TOM (on the first 4GB of memory), and reserved by the time HECI I/F starts synchronising BIOS and ME engines, by 99.999% users while BIOS executes, but for more Coreboot knowledgeable people right after MRC algorithm is done/executed), it forces me to think that there is another INTEL HW extension, hidden, which assures that this memory is NOT accessible. Or, perhaps, one of variable MTRR definitions is used for this purpose (procedure embedded in BIOS). I need to investigate more on this topic.</font></div><div><font color="#333333" face="arial, helvetica, sans-serif"><br></font></div><div><font color="#333333" face="arial, helvetica, sans-serif">MINIX3 on the top of quark is viable design. Especially that there is superuser mode, there are discovered UNIX FS definitions (user/group/world permissions on extensions), and modular packages (all modern Linux distros have this concept). And... Notion of ring0 and ring3, introducing additional layer of ME protection (not available by RTOS ThreadX, my best guess). </font></div><div><font color="#333333" face="arial, helvetica, sans-serif"><br></font></div><div><font color="#333333" face="arial, helvetica, sans-serif">Very interesting presentation, indeed. But I need to watch it several times, to let additional ideas to pop in my mind... ;-)</font></div><div><font color="#333333" face="arial, helvetica, sans-serif"><br></font></div><div><font color="#333333" face="arial, helvetica, sans-serif">Thank you (Dmitry especially),</font></div><div><font color="#333333" face="arial, helvetica, sans-serif">Zoran</font></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Apr 26, 2017 at 10:57 PM, Patrick Georgi via coreboot <span dir="ltr"><<a href="mailto:coreboot@coreboot.org" target="_blank">coreboot@coreboot.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Fun tidbit: The ME is running MINIX3 (confirmed by a file in the<br>
Google cache: <a href="http://webcache.googleusercontent.com/search?q=cache:tCcU0NRwTnQJ:ftp://ftp.supermicro.com/CDR-X11-UP_1.10_for_Intel_X11_UP_platform/Intel/ME/Other_Licenses/Minix3_License.txt+&cd=1&hl=de&ct=clnk&gl=de&lr=lang_de%7Clang_en" rel="noreferrer" target="_blank">http://webcache.<wbr>googleusercontent.com/search?<wbr>q=cache:tCcU0NRwTnQJ:ftp://<wbr>ftp.supermicro.com/CDR-X11-UP_<wbr>1.10_for_Intel_X11_UP_<wbr>platform/Intel/ME/Other_<wbr>Licenses/Minix3_License.txt+&<wbr>cd=1&hl=de&ct=clnk&gl=de&lr=<wbr>lang_de%7Clang_en</a>)<br>
<div class="HOEnZb"><div class="h5"><br>
2017-04-26 22:47 GMT+02:00 Youness Alaoui <<a href="mailto:kakaroto@kakaroto.homelinux.net">kakaroto@kakaroto.homelinux.<wbr>net</a>>:<br>
> Thanks for the links.<br>
> This is the article that I had seen :<br>
> <a href="http://blog.ptsecurity.com/2017/04/intel-me-way-of-static-analysis.html" rel="noreferrer" target="_blank">http://blog.ptsecurity.com/<wbr>2017/04/intel-me-way-of-<wbr>static-analysis.html</a><br>
><br>
><br>
> On Tue, Apr 25, 2017 at 10:38 AM, Shawn <<a href="mailto:citypw@gmail.com">citypw@gmail.com</a>> wrote:<br>
>><br>
>> slide:<br>
>> <a href="https://www.troopers.de/downloads/troopers17/TR17_ME11_Static.pdf" rel="noreferrer" target="_blank">https://www.troopers.de/<wbr>downloads/troopers17/TR17_<wbr>ME11_Static.pdf</a><br>
>><br>
>> video:<br>
>> <a href="https://www.youtube.com/watch?v=2_aokrfcoUk" rel="noreferrer" target="_blank">https://www.youtube.com/watch?<wbr>v=2_aokrfcoUk</a><br>
>><br>
>> --<br>
>> coreboot mailing list: <a href="mailto:coreboot@coreboot.org">coreboot@coreboot.org</a><br>
>> <a href="https://mail.coreboot.org/mailman/listinfo/coreboot" rel="noreferrer" target="_blank">https://mail.coreboot.org/<wbr>mailman/listinfo/coreboot</a><br>
><br>
><br>
><br>
> --<br>
> coreboot mailing list: <a href="mailto:coreboot@coreboot.org">coreboot@coreboot.org</a><br>
> <a href="https://mail.coreboot.org/mailman/listinfo/coreboot" rel="noreferrer" target="_blank">https://mail.coreboot.org/<wbr>mailman/listinfo/coreboot</a><br>
<br>
<br>
<br>
</div></div><span class="HOEnZb"><font color="#888888">--<br>
Google Germany GmbH, ABC-Str. 19, 20354 Hamburg<br>
Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg<br>
Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
--<br>
coreboot mailing list: <a href="mailto:coreboot@coreboot.org">coreboot@coreboot.org</a><br>
<a href="https://mail.coreboot.org/mailman/listinfo/coreboot" rel="noreferrer" target="_blank">https://mail.coreboot.org/<wbr>mailman/listinfo/coreboot</a></div></div></blockquote></div><br></div>