Intel processors now get OS locked

In an GOLEM interview at CEBIT 2014 fair, Frank Kuypers, technical account manager at INTEL corp., proudly presented a new feature in INTEL processors, called "hooks", beginning with the new 2014 "Merrifield" 64 bit SoC chip generation.

The manager gave an example: In the Intel network only mobiles with certain Android versions are allowed to use certain functionalities. If you then replace your Android version, e.g. by a free Cyanogenmod Android kernel, not only some chips would stop working, e.g. LTE/UMTS, but also mails from your employer would be blinded out, because now the processor itself would 'classify' the new software as 'risk'.

'Hooks' allow custom code to be executed when some defined event (such as saving an article or a user logging in) occurs. This technology is well known and often used to patch binaries or to add functionality to binary code.

But now this functionality is implemented in hardware, so that the OS itself doesn't even notice the execution of e.g. a virus scanner, Frank Kuypers said.

By design, INTEL processors, in opposite to 'hard coded' ARM processors, use microcode. Microcode is used to decode CISC operations (Complex Instruction Set Computer), breaking down instructions to RISC code. Bugs in the processor instruction set so can be corrected by just updating the microcode.

Now, beginning with the new 2014 power efficient mobile "Merrifield" processor generation, this functionality can and will (so are WINTEL alliance plans) be used to lock the processor for certain OS'es or OS versions.

First implementation will be the INTEL owned McAffee virus scanner, which now operates in the background on microcode level, completely unnoticeable by the OS or system operator, Frank Kuypers proudly added.

Whether there will be a SDK or use of this 'functionality' will be kept a secret, still is undecided, Kuypers said.

Have fun!

Shared publiclyView activity