MINIX: the OTHER operating system in your Intel computer

Hoodie hacker behind a laptop

There’s a lot of stuff in computers these days, hardware, software, programs, apps and more. But the thing you might not be aware of is the other operating system running inside your computer. No, I’m not talking about dual-booting Linux, I’m talking about MINIX.

I’ve got you there, you’re probably thinking: “Wait, what? I’ve never installed this MINIX on my machine”, of course you haven’t, but if you’re using an Intel processor chances are it is in your computer too.

It’s not the CPU, it’s the chipset

Intel chipsets for some years have included a Management Engine, a small microprocessor that runs independently of the main CPU and operating system. Various pieces of software run on the ME, ranging from code to handle media DRM to an implementation of a TPM. AMT is another piece of software running on the ME, albeit one that takes advantage of a wide range of ME features.

Matthew Garrett

The Intel Management Engine is a technology produced by Intel embedded in its chipsets as a firmware, the technology claims to be needed to achieve full performance and used to provide remote administration capabilities. The Intel ME is a “black-box” working in your computer, tightly integrated in the system and has direct access to memory, network and peripherals. This technology has been speculated to be a backdoor, and it is so powerful the EFF called the Intel ME a security hazard.

When things couldn’t go worse for the Intel ME, during May 2017, a serious vulnerability allowing privilege escalation was found. This vulnerability was there for almost 9 years and had never been found, when exploited it allows an unprivileged attacker to gain control of the remote administration capabilities offered by the Intel ME.

Down the Intel rabbit-hole

Since the Intel Management Engine is installed on the chipset rather than the CPU, it can operate alone, and that’s exactly what it does: it works during the boot process, during normal activities when the operating system is already loaded, and even when the computer is off but plugged in. It works almost at any time, and you don’t know a thing about it. No one does, and that’s the way it has stayed secure “security through obscurity“.

The Intel ME is a closed-source firmware tightly integrated with the system, were it to be compromised the results would be catastrophic. A malware installed in the Intel ME could easily survive power cycles and spy on everything happening within your computer. And what’s worse is that there is currently no way to turn off Intel ME (although there have been attempts).

During November 2017 Ronald Minnich, a Google software engineer, discovered a hidden MINIX operating system within the Intel Management Engine. The MINIX instance is running:

  • IP stacks (4 and 6)
  • File systems
  • Drivers (disk, net, USB, mouse)
  • Web servers

Discover MINIX: one of the most used Operating Systems in the world

Thanks to Intel Management Engine, MINIX has become one of the most popular Operating Systems in the world in a matter of seconds. But you may have not heard of MINIX and you might be thinking it is a new operating system committed to no good. That’s absolutely wrong, and except its use in the Intel Management Engine, MINIX was created for educational purposes.

Created by Andrew S. Tanenbaum, the early versions of MINIX (v1 and v2) were for educational purposes only, the operating system based on a microkernel architecture was used by Tanenbaum in his teachings at the Vrije Universiteit Amsterdam. The project started out as proprietary and was re-licensed under the BSD license in 2000. Since version 3, MINIX aims to provide a highly reliable operating system for embedded systems.

Maybe, the slim architecture or the permissive license have played a huge role in Intel’s decision, nevertheless that decision makes MINIX one of the most popular (and most parallel) operating systems in the world. Andrew S. Tanenbaum even wrote an open letter to Intel:

The only thing that would have been nice is that after the project had been finished and the chip deployed, that someone from Intel would have told me, just as a courtesy, that MINIX was now probably the most widely used operating system in the world on x86 computers. That certainly wasn’t required in any way, but I think it would have been polite to give me a heads up, that’s all.

-Andrew S. Tanenbaum

Image courtesy of mark | marksei

You may also like...

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.