Did you know you're actually running MINIX/GNU/Linux? Well, you are.
If you learned about operating systems in the late '80s and early '90s, you knew MINIX as Andrew S Tanenbaum's educational Unix-like operating system. It was used to teach operating system principles. Today, it's best known as the OS that inspired Linus Torvalds to create Linux.
So, what's it doing in Intel chips? A lot. These processors are running a closed-source variation of the open-source MINIX 3. We don't know exactly what version or how it's been modified since we don't have the source code. We do know that with it there:
1. Neither Linux nor any other operating system have final control of the x86 platform
2. Between the operating system and the hardware are at least 2 ½ OS kernels (MINIX and UEFI)
3. These are proprietary and (perhaps not surprisingly) exploit-friendly
4. And the exploits can persist, i.e. be written to FLASH, and you can't fix that
In addition, thanks to Minnich and his fellow researchers' work, MINIX is running on three separate x86 cores on modern chips. There, it's running:
* TCP/IP networking stacks (4 and 6)
* File systems
* Drivers (disk, net, USB, mouse)
* Web servers
MINIX also has access to your passwords. It can also reimage your computer's firmware even if it's powered off. Let me repeat that. If your computer is "off" but still plugged in, MINIX can still potentially change your computer's fundamental settings.
And, for even more fun, it "can implement self-modifying code that can persist across power cycles". So, if an exploit happens here, even if you unplug your server in one last desperate attempt to save it, the attack will still be there waiting for you when you plug it back in.
How? MINIX can do all this because it runs at a fundamentally lower level.
x86-based computers run their software at different privilege levels or "rings". Your programs run at ring three, and they have the least access to the hardware. The lower the number your program runs at, the more access they have to the hardware. Rings two and one don't tend to be used. Operating systems run on ring zero. Bare-metal hypervisors, such as Xen, run on ring -1. Unified Extensible Firmware Interface (UEFI) runs on ring -2. MINIX? It runs on ring -3.
You can't see it. You can't control it. It's just humming away there, running your computer. The result, according to Minnich is "there are big giant holes that people can drive exploits through." He continued, "Are you scared yet? If you're not scared yet, maybe I didn't explain it very well, because I sure am scared."