Intel publishes details about the new management engine csme 15.0

Intel publishes details about the new management Engine CSME 15.0

All intel processors or the associated chipsets contain a so-called management engine (me), the intel now called converged security and management engine (csme). The youngest version csme 15.0 debuted into the current mobile processors "tiger lake" the eleventh core i generation.

In the 30-page "csme security whitepaper" intel now completes many functions of csme and the innovations of version 15.0, which, among other things, improves protection against attacks and manipulations. Accordingly, some security algorithms have been strengthened to complicate the reproduction with art quantum computers (post-quantum cryptography, pqc). This concerns about aes (now 256-bit), rsa key (3072 bits), elliptic curve cryptography (ecc-384) and sha-2 digigas (also 384 bits).

Odca instead of epid

Intel has also built new features to react reliably with firmware updates to essential cryptographic signatures and certificates on essential cryptographic signatures and certificates. Among other things, intel replaces the enhanced privacy id (epid) used to be previously used in the csme by on-certificate authority (odca). With the help of the odca, after a firmware update, the csme can generate new security certificates for internal firmware functions without establishing a server connection.

Intel publishes details about the new management Engine CSME 15.0

The csme generates and manages numerous cryptographic keys.

The csme 15.0 is also the basis of the tiger lake control flow enforcement technology (cet) for protection against attacks with return-oriented programming (rop) by shadow stack (shstk) and indirect branch tracking (ibt). In addition, the csme manages the key for total memory encryption (tme).

With csme 15.0 intel also scams different internal csme functions even strongly against each other to limit the effects of a successful attack on one of these functions. Like ubag, intel tries to keep the code scope of the basic code of the basic security features (tcb) potentially small to reduce the likelihood of errors (minimum tcb). The csme uses the operating system minix with microkernel architecture.

Leave a Reply

Your email address will not be published. Required fields are marked *