Black Friday Last Minute: CPU as a service has come!

Giovanni Biscuolo g at
Fri Nov 24 16:19:23 UTC 2017

Hi all,

glad my glamorous title obtained your attention :-D

I'm joking about Black Friday, I'm _not_ joking about "CPU as a service"

since the issue I recently labeled in this ML as the "MINIX on ring -3
discovery" is not clear to at least one of my FSFE-pen-friends, I have be
more specific

also, please I would like to know if and eventually how FSFE will address
this kind of issues when talking with EU or local representatives about the
"Consumer rights and device sovereignty" policy goal for 2019

considering what I'm going to show here, we should definitely extend the
device sovereignty to **all users**: public and private companies,
governments and all other institutions too, not only consumers (ouch!) :-O please also remind EU and local representative that **(part of) their
(sorry: our) IT systems are also affected** by this serious issue 

Executive summary

«One Ring to rule them all, One Ring to find them,
 One Ring to bring them all and in the darkness bind them»

on all Intel processors sold after 2008 there's a running *proprietary*
variation of the not copyleft free software MINIX 3 (unknown version), MINIX
is running in "ring -3" [1]

now we have the proofs that:

1. **no** "user facing OS" operating system have final control of the x86
2. between the "user facing OS" and the hardware there are at least 2 ½ OS
   kernels (MINIX and UEFI)
3. these are proprietary and very likely exploit-friendly
4. the exploits can persist, i.e. be written to FLASH, and you can't fix that
5. the user have _no access_ to the MINIX running in ring -3

MINIX is running on three separate x86 cores on modern chips, on that OS are

1. TCP/IP networking stacks (4 and 6)
2. File systems
3. Drivers (disk, net, USB, mouse)
4. Web servers

please **do not** consider this kind of issues specific to a single brand of
CPUs, since we still do not have proofs but the development path is the very

*** Are you scared yet? If you're not scared yet, maybe I didn't explain it
very well, because I sure am scared. *** (Ronald Minnich)

The not so short story

the fact: on Wednesday, October 25 2017 Ronald Minnich from Google told the
world about this:
«With the WikiLeaks release of the vault7 material, the security of the UEFI
(Unified Extensible Firmware Interface) firmware used in most PCs and
laptops is once again a concern. UEFI is a proprietary and closed-source
operating system, with a codebase almost as large as the Linux kernel, that
runs when the system is powered on and continues to run after it boots the
OS (hence its designation as a “Ring -2 hypervisor"). It is a great place to
hide exploits since it never stops running, and these exploits are
undetectable by kernels and programs.»

this article presents a short version of the story:
I used this for my executive summary ;-)

the issue is **not** new (known since 2016, at least) and presented many
times also in FSF/FSFE "circles", eg. here
and here

EFF and Matthew Garrett where more specific about the nature of the issue on
May 8 2017 here
and here

so: what's new now?!?

since October 25 (save the date!) what **is** new is that we have a
scientific proof of the real nature of this _mess_

...and we know that Google *is* _desperately_ trying to get rid of this
issue from their systems *but* they are failing to fully do this

please enjoy the full Garrett's talk in this video

he said: "always use coreboot if you can, but if you are stuck with a situation..."
(29:21 of the video) ... libreboot is maybe better, IMHO

so, ladies and gentlemen I'll introduce you "CPU as a service"

do we have to accept an EULA?!?


    what the hell is ring -3 ?!?! who "invented" it?
    where is it documented?
    should we expect to see "ring -9" in the future?
    how we could even allow anyone in the world to implement such a
    perverted environment?

Giovanni Biscuolo
Xelera - IT infrastructures

**per favore** Quota Bene:
**please** use Inline Reply:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <>

More information about the Discussion mailing list