Take a look at your desktop computer. What operating system is it currently running?
Now take a look in your data center — at all of your servers. What operating system are they running?
Linux? Microsoft Windows? Mac OS X? You could be running any of those three — or one of countless others.
But here’s the crazy part: That’s not the only operating system you’re running.
If you have a modern Intel CPU (released in the last few years) with Intel’s Management Engine built in, you’ve got another complete operating system running that you might not have had any clue was in there: MINIX.
MINIX is running on “Ring -3” (that’s “negative 3”) on its own CPU. A CPU that you, the user/owner of the machine, have no access to. The lowest “Ring” you have any real access to is “Ring 0,” which is where the kernel of your OS (the one that you actually chose to use, such as Linux) resides. Most user applications take place in “Ring 3” (without the negative).
The first thing that jumps out at me here: This means MINIX (specifically a version of MINIX 3) is in all likelihood the most popular OS shipping today on modern Intel-based computers (desktops, laptops and servers). That, right there, is absolutely crazy.
The second thing to make my head explode: You have zero access to “Ring -3” / MINIX. But MINIX has total and complete access to the entirety of your computer. All of it. It knows all and sees all, which presents a huge security risk — especially if MINIX, on that super-secret Ring -3 CPU, is running many services and isn’t updated regularly with security patches.
Google wants to remove MINIX from its internal servers
According to Google, which is actively working to remove Intel’s Management Engine (MINIX) from their internal servers (for obvious security reasons), the following features exist within Ring -3: