In some shiny good news to us of the tinfoil hat crew, Phoronix is reporting:
Many free software advocates have been concerned by Intel's binary-only Management Engine (ME) built into the motherboards on newer generations of Intel motherboards. The good news is there is now a working, third-party approach for disabling the ME and reducing the risk of its binary blobs.
Via an open-source, third-party tool called me_cleaner it's possible to partially deblob Intel's ME firmware images by removing any unnecessary partitions from the firmware, reducing its ability to interface with the system. The me_cleaner works not only with free software firmware images like Coreboot/Libreboot but can also work with factory-blobbed images. I was able to confirm with a Coreboot developer that this program can disable the ME on older boards or devices with BootGuard and disable Secure Boot. This is all done with a Python script.
Those unfamiliar with the implications on Intel's ME for those wanting a fully-open system can read about it on Libreboot.org.
Looks like I may not have to go ARM on my next desktop build after all.
(Score: 0) by Anonymous Coward on Sunday January 15 2017, @05:37AM
For vPro?
You want the Open Manageability Developer Tool Kit.
Get it here: http://www.meshcommander.com/open-manageability [meshcommander.com]
You will also need a PC with it enabled. The default password is admin which it forces you to change before AMT is active and you will need to pick a strong password. You get into it by pushing ctrl-P when the machine is booting up. All you have to do is change the password and activate in the settings. Then you can remotely control that PC. You can turn on the VNC server in the NIC and VNC to the computer. You need a strong password that is exactly eight characters.
(Score: 0) by Anonymous Coward on Sunday January 15 2017, @06:34AM
Ok, that's pretty friggin' sweet...
(Score: 2) by Scruffy Beard 2 on Sunday January 15 2017, @07:40AM
OK, you said: "You need a strong password that is exactly eight characters."
That is only about 48bits of entropy.
I hope time-outs are implemented.