• silent_water [she/her]@hexbear.net
      link
      fedilink
      English
      arrow-up
      3
      ·
      9 months ago

      no, it’s not a hypervisor. it’s a a bit of hardware with access to the network stack that allows firmware updates and monitoring (in the “is the computer on/overheating” sense - it gives access to the low level sensors). it’s supposed to be disabled if you don’t pay money to turn it on (ie enterprise customers) but there’s no way to really know because the motherboard chipsets don’t expose access to it. it /shouldn’t/ be able to function because the motherboard needs to cooperate in order to make it function but we don’t really know what the chipsets/bios do/don’t implement. so it’s a theoretical attack vector by the USG.

      the AMD version of the same is much more limited and doesn’t even exist on consumer chips, if you don’t buy workstation or server hardware. and if you do buy those, the motherboard exposes the control functions with documentation on which network interfaces it’s able to use. it’s also frequently open spec these days so you can run your own FOSS management firmware. very handy if you e.g. need to access the bios when the video card won’t turn on or your overclock is busto.

      Intel is basically just stupid and too lazy to only include the extra silicon in chips where it’s actually possible to use it. and too greedy to open up the specs to make it possible to control it yourself on chips where it can be used. don’t give Intel money. AMD appears to be all in on open source specs and actively contributes to the open firmware/open source bios initiatives so it’s likely that it will become standard on their hardware over the next 5ish years (their code sucks ass so it’s very hard for projects to merge/debug quickly so it’s a slow effort lol).