Minix Inside!
Written by Mike James   
Saturday, 11 November 2017

What is the most used operating system? You might say Windows and then you might remember all those servers and opt for Linux, but either way you would be wrong. And no, it isn't OSX or Android. It is an operating system called Minix, created for educational purposes by Andrew Tanenbaum in the 1980s, which is currently running on all the Intel machines you can think of.

This is a strange story that spans quite a few years. Back in the early days of microcomputer, finding an operating system was a real problem. There was MSDOS, of course, but it was commercial and not well designed. A lot of people wanted to use Unix, but it too was commercial and had a restrictive licence and subject to all sort of legal actions. Then Andrew Tanenbaum, a computer scientist working at Vrije University in Amsterdam, created a small educational operating system called Minix. It was only 12,000 lines of C code and it was included in his 1987 book "Operating Systems: Design and Implementation".

 

minix3

Andrew S. Tanenbaum Credit:Jantangring 

 

minixbook1

 

I used this book to teach a university course in Operating systems and was pleased to have access to the code and I wasn't the only one to think that with some work Minix could become the operating system we were all looking for.

One such was a young programmer called Linus Torvalds who you might have heard of. He studied Minix hard and decided it was possible to create a Unix based OS of his own. As they say the rest is history, but you have to ask the question - why Linux and why not Minix?

The answer reveals much about the development of Open Source and the open source mentality. You need to remember that back then open source wasn't established and there were few tools and only inefficient ways of communicating. There was no Git, thanks a second time to Linus, no GitHub, and no web and... well it would be quicker to list what there was.

The point is that I, along with a few others, made changes and additions to Minix, but the licencing, which was permissive for the time, put us all off from pursuing it, as what could have been a big open source project. The problem was that the book publisher wasn't prepared to allow the source code to be freely copied and used. The licence was restricted and asked for $69 for the privilege of using it. I wasn't clear what would happen if you dared to develop it and make it available. It took till 2000 for Minix to become free and open source in the modern sense. 

You can't help but think that if it wasn't for a traditional view of copyright taken by the publishers, Tanenbaum and Minix would probably have been Linus and Linux - if you see what I mean.

Over the years the tensions between Linux and Minix and Linus and Tanenbaum have been pretty much below the surface (see Tanenbaum–Torvalds debate), but it must have been a source of irritation that it was Linux in the limelight and not Minix.

And now we come to the strange twist.

Intel CPUs have had a separate management chip alongside the main processor for some years. You may have encountered AMT - Active Management Technology - in some server management software. It provides remote access even when the machine is switched off but connected to the mains. You can use a KVM application to connect to the machine while it is off, configure it, switch it on, boot and generally work with it. These are features that sys admins find indispensable, but most users simply ignore them and the management hardware. 

Everything was find but in May a major security flaw was discovered and the fix required an update data to the AMT code. An update that many machines are unlikely to get. Since then various security researchers, mostly Google-based, have been looking into the hardware and the software and have made the discovery that there is an additional layer in the hardware that Intel doesn't talk about. Ring 3 is user land, Ring 0 is OS land and Ring -1 is for hypervisors. These we know about, but in addition there is Ring -2, used for the secure UEFI kernel and Ring -3, which is where the management OS runs. Guess what the management OS is Minix 3 - or rather a closed commercial version of Minix 3. 

 

minix2

 

The sort of makes sense as Minux is a micro-kernel based OS, unlike Linux, and so more suited to this sort of low level hardware task. What this means, however, is that every Intel chipset since 2015 is running Minix 3, even if it is also running Windows, Linux or OSX as well. This could mean that the crown goes to Minix.

Tanenbaum finally found out that Intel was using Minix and wrote them an open letter:

"Dear Mr. Krzanich,

Thanks for putting a version of MINIX inside the ME-11 management engine chip used on almost all recent desktop and laptop computers in the world. I guess that makes MINIX the most widely used computer operating system in the world, even more than Windows, Linux, or MacOS.

...

I knew that Intel had some potential interest in MINIX several years ago when one of your engineering teams contacted me about some secret internal project and asked a large number of technical questions about MINIX, which I was happy to answer. I got another clue when your engineers began asking me to make a number of changes to MINIX, for example, making the memory footprint smaller 

...

Also a hint was the discussion about the license. I (implicitly) gathered that the fact that MINIX uses the Berkeley license was very important. I have run across this before, when companies have told me that they hate the GPL because they are not keen on spending a lot of time, energy, and money modifying some piece of code, only to be required to give it to their competitors for free. These discussions were why we put MINIX out under the Berkeley license in 2000 (after prying it loose from my publisher).

After that initial burst of activity, there was radio silence for a couple of years, until I read in the media (see above) that a modified version of MINIX was running on most x86 computers, deep inside one of the Intel chips. This was a complete surprise. I don't mind, of course, and was not expecting any kind of payment since that is not required. There isn't even any suggestion in the license that it would be appreciated.

The only thing that would have been nice is that after the project had been finished and the chip deployed, that someone from Intel would have told me, just as a courtesy, that MINIX was now probably the most widely used operating system in the world on x86 computers. That certainly wasn't required in any way, but I think it would have been polite to give me a heads up, that's all.

..."

 You have to think, however, that it would have been "nice" of Intel to contribute something to the project, but of course Intel have been keeping the whole thing quiet. It seems to be an attempt to implement security by obscurity. It might also be to avoid any criticism, after all they are running code on the processor you have paid for and because it is cryptographically protected and you have to buy software from Intel to work with it.

The discovery of a number of vulnerabilities in the software has resulted in comments that Minix isn't secure. This has prompted Google and others to work towards finding ways of switching the management hardware off - given the number of servers they must have that are vulnerable to any flaws in the OS this is understandable.

Is it a major security risk?

Who knows but there are Ring -3 root kits floating around and it all depends on someone getting creative.

What is interesting is the where we are now compared to where we were then angle. We have a complete CPU, a Quark 32bit x86 core, running a complete operating system as a management system for the main processor - unthinkable back in the days of Minix 1. It is also amazing how much open source has progressed and developed, mainly due to  improved communications and the collaboration this has made possible.

minix4

Minix inside..... Yes indeed. 

More Information

An Open Letter to Intel

http://www.minix3.org/

Related Articles

Linus Torvalds Receives IEEE Computer Pioneer Award

GNU Hurd 0.6 Released

Pi To Take Over The Desktop?

Android Becomes World's Most Popular OS

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

 

Banner


Google Adds Multiple Database Support To Firestore
04/03/2024

Google has announced the general availability of Firestore Multiple Databases, which can be used to manage multiple Firestore databases within a single Google Cloud project.



iOS 17.4 Released With Support For App Stores In The EU
06/03/2024

I have written about Apple's approach to complying with regulation, characterizing it as malicious compliance. It also seems that Apple is a master of creating the unintended consequence and letting i [ ... ]


More News

raspberry pi books

 

Comments




or email your comment to: comments@i-programmer.info

<ASIN:9332550514>

<ASIN:B00XN476W0>

<ASIN:1292061421>

 

 

Last Updated ( Saturday, 11 November 2017 )