Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Intel platforms

Over the years and decades, Intel has developed many hardware platforms1.

Since the 4-bit 4004 in 1971, they have progressed over 8-bit up to 64-bit systems, retaining a lot of backwards compatibility. Starting with the ICH7 based platforms, Intel introduced their AMT (Active Management Technology)2, an out-of-band management solution3 for remote provisioning and support.

AMT evolved with more features over time, carrying the vPro label for machines targeting the business market4 and finally converging with more security features such as Boot Guard5, Intel’s secure boot implementation, digital content protection (DRM), and more6.

Now running on a coprocessor called the (Converged Security and) Manageability Engine7, or (CS)ME for short, henceforth abbreviated as ME, a full second operating system of its own is backing the platform.

Boot flow

The ME has its own firmware and bootstraps an Intel platform8. The main x86 cores are held in reset until the ME releases them to boot with their own firmware.

Both the ME firmware and the main x86 firmware are stored in the same flash part on a mainboard, partitioned via the Intel Flash Descriptior (IFD).

The following diagram is based on knowledge from various sources, including the coreboot documentation on Intel.

The boot flow for trusted boot is documented publicly9 by Intel.

ME classification and security

Security researchers have analyzed the ME10 and divided hardware variants into 3 generations11 thus far, each with their own multiple firmware versions, including security patch releases12 13. One core aspect in security research has been Boot Guard14 15, which had been introduced with Haswell, Intel’s 4th generation Core series platforms16, and discussed in the coreboot community17.

Note that the ME generations roughly correspond with the overall platform, in that ranges of Intel platforms are expected to carry a certain ME hardware generation and specific platforms a certain firmware version range. For example, Lenovo ThinkPad X270 laptops came with 6th/7th gen Intel Core processors, which means 3rd generation ME hardware and version 11.x.x.x ME firmware.

Processor names

Intel publicly documents how to interpret procesor names18 and what their suffixes mean19.

Abbreviations

abbr.expansion
ACMAuthenticated Code Module
AMTActive Management Technology
CSMEConverged Security and Manageability Engine
DALDynamic Application Loader
FITFirmware Interface Table
FPTFirmware Partition Table
HAPHigh-Assurance Platform
{I,M,P}CH{I/O,Memory,Platform} Controller Hub20
IFDIntel Flash Descriptor
PTTPlatform Trust Technology
RBEROM Boot Extensions (part of ME firmware)
SPSServer Platform Services
TXETrusted Execution Engine
TXTTrusted Execution Technology

Ambiguities

There are colliding acronyms, even within this domain. The following abbreviations have a second meaning:

  • FIT: Flash Image Tool (sometimes also called FITC)
  • FPT: Flash Programming Tool

  1. https://en.wikipedia.org/wiki/List_of_Intel_processors

  2. https://en.wikipedia.org/wiki/Intel_AMT_versions

  3. https://www.amplicon-usa.com/actions/viewDoc.cfm?doc=iAMT-white-paper.pdf

  4. https://www.intel.com/content/www/us/en/architecture-and-technology/vpro/overview.html

  5. https://edc.intel.com/content/www/us/en/design/ipla/software-development-platforms/client/platforms/alder-lake-desktop/12th-generation-intel-core-processors-datasheet-volume-1-of-2/010/boot-guard-technology/

  6. https://www.intel.com/content/dam/support/us/en/documents/technologies/intel_amt_linux_enablement_guide_revision_1_1.pdf

  7. https://i.blackhat.com/USA-19/Wednesday/us-19-Hasarfaty-Behind-The-Scenes-Of-Intel-Security-And-Manageability-Engine.pdf

  8. https://www.intel.com/content/dam/www/public/us/en/security-advisory/documents/intel-csme-security-white-paper.pdf

  9. https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/resources/key-usage-in-integrated-firmware-images.html

  10. https://bitkeks.eu/blog/2017/12/the-intel-management-engine.html

  11. https://papers.put.as/papers/firmware/2014/2014-10_Breakpoint_Intel_ME_-_Two_Years_Later.pdf

  12. https://www.intel.com/content/www/us/en/support/articles/000029389/software/chipset-software.html?wapkw=csme

  13. https://www.intel.com/content/www/us/en/support/articles/000055675/technologies.html?wapkw=csme

  14. https://prohoster.info/en/blog/administrirovanie/doverennaya-zagruzka-shryodingera-intel-boot-guard

  15. https://github.com/flothrone/bootguard

  16. https://web.archive.org/web/20201129154607/https://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/4th-gen-core-family-mobile-brief.pdf

  17. https://web.archive.org/web/20230322090345/https://patrick.georgi.family/2015/02/17/intel-boot-guard/

  18. https://www.intel.com/content/www/us/en/processors/processor-numbers.html

  19. https://www.intel.com/content/www/us/en/support/articles/000058567/processors/intel-core-processors.html

  20. https://en.wikipedia.org/wiki/Intel_Hub_Architecture