Trojan Horse

3 January 2021

I’m in the process of upgrading my computer system. It poses certain challenges, not the least of which is that I’m moving from an old mac system to a hardened version of Linux. It’s the hardened part that poses the biggest challenge.

Chances are your home computer either runs a version of Windows or MacOS. They’re popular because they are well designed and easy to use. You don’t need to be a computer expert to use them. Both Microsoft and Apple have put a great deal of effort into making their operating systems, so they have made them proprietary. That means no one can look at the raw code to see how they work. This means you have to trust Microsoft and Apple when they say their software is secure.

But even without readable code, we know both operating systems have problems. Not just the usual glitches and virus vulnerabilities, but outright spyware. Spyware is written into the code. I use the term in a broad sense, where software gathers data about you without clearly notifying you. Burying your consent in the legalese of a software agreement isn’t a clear notification.

For example, Windows 10, the latest Microsoft operating system, gathers a wide range of personal data by default. Everything from biometric data and location history to a log of your visit websites and purchase history. Apple gathers similar data, even going so far as “phoning home” every time you open an application. You can minimize data collection by opting out in the preferences, but some collection happens no matter what. Without looking at the raw code it’s difficult to verify.

A better alternative is to move to an open operating system such as the many flavors of Linux. You can even build your OS from the raw code if you like. Most of us aren’t going to do that, but having open code means that folks can look at all the details to make sure its spyware free. That’s great, but it just kicks the can down the road to another security problem: proprietary hardware.

Almost all computers run on proprietary hardware. Chip manufacturers such as Intel and AMD don’t reveal their designs. If the chips have spyware or a back door hardwired into them, even Linux can’t be entirely hardened. Some hidden bit of silicon could give someone direct access to your system.

While that sounds paranoid, we know it exists. Since 2008, Intel chips have a subsystem known as the Intel Management Engine (ME) that has absolute authority over what runs on the chip. The ME is not only proprietary, its design is obfuscated to hinder reverse engineering. There’s a similar subsystem on AMD chips known as the Platform Security Processor (PSP). While both companies claim these subsystems enhance the security and efficiency of their chips, they are fuzzy on the details.

Because these subsystems have a higher privilege level than even your operating system or the boot loader, they could in principle inject all kinds of spyware or viruses into your system. This makes them huge targets for both hackers and government agencies. If a hacker can control the ME or PSP, they own the computer.

Because of this, some computer manufacturers have moved to disable them on their systems. Companies such as Purism and System 76 now disable Intel ME on all their computers. Even Dell disables ME on some of their computers. While this hardens your system from any backdoor Intel might intentionally put in the code, it remains a weakness in the armor of your system. There may be some vulnerability that can be leveraged to reset these subsystems.

Of course, the real solution would be to use both hardware and software that is completely open-source. Enter RISC-V.

Pronounced “risk five,” RISC-V is an open-source chip architecture. It began at the University of California - Berkeley but is now run by the RISC-V foundation. It’s a completely open architecture released under a creative commons license. Anyone can suggest improvements to the designs, and anyone can use the designs to fabricate their own chips. Since RISC-V is based on long-used reduced instruction set computer principles used in ARM chips and Apple’s new M1 chips, we know the chips can be powerful, reliable, and robust. A RISC-V chipset running Linux would give you complete control over your personal computer.

The only problem is that RISC-V computers aren’t easily available at the moment. A few RISC-V personal computers have been built, but you can’t just order one as a replacement for your old computer. So for now, I’ll have to rely on proprietary hardware for my next computer. It can still be reasonably secure, but I’ll talk about that another time.