Stories
Slash Boxes
Comments

SoylentNews is people

Intel Management Engine Partially Defeated

posted by janrinok on Sunday January 15 2017, @12:21AM   Printer-friendly
from the where-there-is-a-will,-there-is-a-way dept.

The Mighty Buzzard writes:

In some shiny good news to us of the tinfoil hat crew, Phoronix is reporting:

Many free software advocates have been concerned by Intel's binary-only Management Engine (ME) built into the motherboards on newer generations of Intel motherboards. The good news is there is now a working, third-party approach for disabling the ME and reducing the risk of its binary blobs.

Via an open-source, third-party tool called me_cleaner it's possible to partially deblob Intel's ME firmware images by removing any unnecessary partitions from the firmware, reducing its ability to interface with the system. The me_cleaner works not only with free software firmware images like Coreboot/Libreboot but can also work with factory-blobbed images. I was able to confirm with a Coreboot developer that this program can disable the ME on older boards or devices with BootGuard and disable Secure Boot. This is all done with a Python script.

Those unfamiliar with the implications on Intel's ME for those wanting a fully-open system can read about it on Libreboot.org.

Looks like I may not have to go ARM on my next desktop build after all.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Intel Management Engine Partially Defeated | Log In/Create an Account | Top | 39 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Sunday January 15 2017, @05:37AM

    by Anonymous Coward on Sunday January 15 2017, @05:37AM (#454016)

    For vPro?
    You want the Open Manageability Developer Tool Kit.
    Get it here: http://www.meshcommander.com/open-manageability [meshcommander.com]
    You will also need a PC with it enabled. The default password is admin which it forces you to change before AMT is active and you will need to pick a strong password. You get into it by pushing ctrl-P when the machine is booting up. All you have to do is change the password and activate in the settings. Then you can remotely control that PC. You can turn on the VNC server in the NIC and VNC to the computer. You need a strong password that is exactly eight characters.

  • (Score: 0) by Anonymous Coward on Sunday January 15 2017, @06:34AM

    by Anonymous Coward on Sunday January 15 2017, @06:34AM (#454025)

    Ok, that's pretty friggin' sweet...

  • (Score: 2) by Scruffy Beard 2 on Sunday January 15 2017, @07:40AM

    by Scruffy Beard 2 (6030) on Sunday January 15 2017, @07:40AM (#454038)

    OK, you said: "You need a strong password that is exactly eight characters."

    That is only about 48bits of entropy.

    I hope time-outs are implemented.