Intel Management Engine

Answers to the most common questions

By Daniel Loebenberger, Andreas Fießler and Christof Windeck

What is the Intel Management Engine?

What is behind the Intel Management Engine?

The so-called Management Engine (ME) is a microcontroller with its own operating system that works independently
of the main processor. The ME is inserted since 2006 in each PC with Intel processor. The microcontroller sits either
in the chipset called the Intel Platform Controller Hub (PCH), or in system-on-chip (SoC) processors like Intel Atom
in the processor itself. The ME firmware is proprietary compressed and digitally signed, to protect them from
manipulation; it is in the same SPI flash chip that also stores the UEFI BIOS code.

What functions does the management engine have?

Which functions does the Intel ME actually execute?

It depends on several factors: the ME version, the system and its configuration. In younger Intel systems, the ME is
already active before the start of the main processor and even sets the functionality of the chipset. Then the ME takes
over tasks during the initialization of the system.
 The ME is cryptographically secured and in turn can check cryptographic keys, signatures and certificates. An
overview of the ME functions is shown in the table. Some of them can be turned on or off via the BIOS setup. The
Active Management Technology (AMT) has its own setup functions, which can be called up by a key combination at
boot time.

What is the ME "evil"?

What exactly is criticized at the Intel ME?

The ME is not fully documented, the firmware partly secret. Therefore, the exact range of functions is unclear. At the
same time, however, the ME runs independently of the actual system and has access to all RAM, all interfaces and
bus systems (PCI Express, USB, SATA, ...), including the network. An uncontrollable system with unclear
functionality that has access to all data presents a potential security risk because it could contain security holes or
backdoors.
The ME also executes only code that contains Intel cryptographic signatures. Since the ME can in turn be used to
secure the UEFI BIOS code and thus also for Secure Boot, Intel ultimately determines which firmware and which
operating system a PC is allowed to execute. This is a disempowerment of the user and also deprives about the
complete system control, which prescribes the legislator for critical infrastructure (KRITIS).

Can the ME be used for attacks?

Which attacks via ME functions are conceivable?

Vulnerabilities in the Intel ME have potentially dramatic implications: An attacker who injects code into the ME
could, for example, record passwords, copy secrets from RAM, and send them via Ethernet or Wi-Fi, at least if Intel
network chips are also in the system , Such malware can neither detect the operating system nor a virus scanner
running on it and it would be difficult to remove.

Are there any security holes in the ME?

Has there been security holes in the ME?

In 2017, Intel described nine vulnerabilities in Security Alerts (SAs) SA-00075 and SA-00086.They allow the
extension of user rights and are classified as very critical. An attacker who exploits these gaps can in principle take
over the system and permanently settle in the firmware. For the two SAs, patches were distributed in the form of
updates to the ME firmware.

Can one switch off the ME?

How can I switch off the management engine?
Intel Management Engine

Not at all: Intel does not expect a shutdown, also because modern computers without ME would not start
anymore. At best, certain ME features can be disabled or configured. By accident, it came out that the NSA requires
a shutdown of most of the ME functions for its own computers (High Assurance Platform, HAP). A substantial
deactivation is possible, but Intel denies them to normal PC buyers, does not document them and also does not
provide support. However, Dell is offering systems with optional "disabled" ME to US authorities, such as the NSA
and the military, probably HAP devices.
Hackers have managed to modify the ME firmware of some systems. But you have to extract the latter from the
BIOS flash chip, edit it and write it back using a special programming adapter.Afterwards, most of the ME functions
are reportedly no longer working - but that can not be verified or proven. The Intel-certified High Assurance Platform
toggle bit allows many features of the ME to be turned off without causing the computer to crash. But even after
setting the HAP bit, some of the vulnerabilities described in Intel-SA-00086 can still be exploited.

How dangerous is the ME?

How do you assess the risks from the ME, even compared to other attacks?

Table: Intel Management Engine (ME) Features

Although the previously known ME vulnerabilities are critical, they are rather specific and not easy to use compared
to attacks on (Windows) software. There is therefore a greater danger for individuals and organizations that are worth
targeted attacks, ie dissidents or secret services.Also possible are backdoors for surveillance and espionage, which
state agencies place.

Do AMD processors also have a ME?

Is there a management engine in AMD processors as well?

Since the launch of the Mullins APU generation in 2014, AMD has integrated an ARM Cortex-A5 microcontroller
with TrustZone expansion into all its processors. This is similar to Intel's ME, a proprietary firmware BLOB (Binary
Large Object), for example, the functions of a fTPM 2.0 realized. Like the Intel ME, this Platform Security Processor
(PSP) or AMD Secure Processor is not fully documented and generally can not be disabled.
Some Ryzen motherboards had an option to shut down the PSP after installing BIOS updates, but it has not been
documented by AMD so far. Whether AMD wants to disable the PSP in the future is currently unclear.
Although the functionality of the AMD Secure Processor is significantly smaller than that of the ME, it probably
has similar far-reaching access to the system. Attacks on the AMD Secure Processor are not yet known.
The PSP firmware is contained in an AMD-supplied code module of the UEFI BIOS, the AGESA (Generic
Encapsulated Software Architecture) module. At least for older processors there was also a BLOB for a so-called
System Management Unit (SMU) based on a LatticeMicro32 (LM32), which probably controls power saving
functions. In 2015, a security vulnerability was discovered in this AGESA BLOB.
Do other processors have a ME?
Are there any features like the Intel ME in other processors, such as those with ARM cores?

Qualcomm promotes a so-called Secure Processing Unit (SPU) for the Snapdragon family of smartphone processors;
Samsung (Exynos) also mentions such a feature. Apple's iPhone includes a Secure Element for wireless (NFC)
payment features with Apple Pay.
The SmartCard-like functions of the smartphone SoCs are used, among other things, to protect the keys of the
encrypted flash memory and to store biometric data (fingerprint reader, Face ID). Mostly, these security features are
not publicly documented; but it is unlikely that the functionality is as large as Intel's ME.

ME and TPM
What does Intel ME have to do with a Trusted Platform Module (TPM)?

For many systems with Intel CPU and firmware TPM 2.0 (fTPM 2.0), the latter is implemented as a function of the
ME. A hardware TPM (1.2 or 2.0), on the other hand, is a separate chip. A TPM provides similar features as a
SmartCard: Protected storage of certificates and keys, keys and certificates.
Unlike the ME, a TPM is not active on its own and has no access to the RAM.

ME and UEFI
What does the ME have to do with the UEFI BIOS?

The ME runs independently of the (UEFI) BIOS. However, the ME firmware is usually stored in the same SPI flash
chip that holds the (UEFI) BIOS code. A BIOS update may include new ME firmware. But there are computers
where the ME firmware can be overwritten regardless of the BIOS code.
ME functions such as Boot Guard are intended to protect the code of the UEFI BIOS from manipulation. In
conjunction with a hardware TPM, the ME function Trusted Execution Technology (TXT) can be used to check the
integrity of the UEFI BIOS after booting (Measured Launch).
Although there is a published reference implementation (EFI Development Kit II, EDK II / TianoCore), almost all
computers work with a proprietary, binary and publicly undocumented UEFI BIOS from the manufacturer AMI,
Insyde or Phoenix. Therefore, the criticism for the UEFI BIOS that the exact range of functions is unclear. In
addition, the UEFI BIOS is criticized for providing unnecessarily many functions and being complicated, which
increases the risk of attacks and vulnerabilities.

LibreBoot or Coreboot without ME?

Will I get rid of the ME with BIOS alternatives like Coreboot?

No: Open source firmware like Libreboot, Coreboot or Google NERF can not control the entire boot process of an
Intel-powered PC. The ME has to remain active and is integrated with an Intel-provided code BLOB, the Firmware
Support Package (FSP), for example, in Coreboot.AMD delivers the AGESA BLOB to initialize the CPU, chipset,
SMU and PSP.

Are there any other controllers in the PC?

Are there any other microcontrollers or processors with their own firmware in a normal PC?

Yes! The graphics card requires a so-called VGA BIOS, so its own firmware, which is also cryptographically signed
on modern Nvidia cards. Each of their own undocumented and binary firmware also has Ethernet, WLAN and
Bluetooth controllers, USB, storage and RAID host adapters, the controllers of SSDs and hard drives that require
hardware monitoring, overclocking and RGB LED control Mainboard chips such as Asus, Asrock, Gigabyte and
MSI.
Even USB sticks, external hard drives, keyboards, programmable gaming mice, USB hubs, displays and printers
are chips with their own firmware, even in Thunderbolt cables.
Server boards have baseboard management controllers (BMCs) for remote maintenance; In the IPMI functions
used there are always serious security flaws.