SoylentNews is people
SoylentNews
from the where-there-is-a-will,-there-is-a-way dept.
In some shiny good news to us of the tinfoil hat crew, Phoronix is reporting:
Many free software advocates have been concerned by Intel's binary-only Management Engine (ME) built into the motherboards on newer generations of Intel motherboards. The good news is there is now a working, third-party approach for disabling the ME and reducing the risk of its binary blobs.
Via an open-source, third-party tool called me_cleaner it's possible to partially deblob Intel's ME firmware images by removing any unnecessary partitions from the firmware, reducing its ability to interface with the system. The me_cleaner works not only with free software firmware images like Coreboot/Libreboot but can also work with factory-blobbed images. I was able to confirm with a Coreboot developer that this program can disable the ME on older boards or devices with BootGuard and disable Secure Boot. This is all done with a Python script.
Those unfamiliar with the implications on Intel's ME for those wanting a fully-open system can read about it on Libreboot.org.
Looks like I may not have to go ARM on my next desktop build after all.
(Score: 2, Insightful) by Anonymous Coward on Sunday January 15 2017, @04:07PM
Um everything I have built has had this built in, with no way to disable it, and slowing the boot process (perhaps not much -- but it's there).
I cannot opt out of getting it, and I can't get the same CPU without this built into it in order to save a few bucks.
I don't know what you've been building that doesn't have this in it, but my builds are not used ebay equipment. I am not buying celerons or peons or whatever the low end hardware has in them these days -- I put xeons on the desktop and often play games with them. I pay extra for top performance and this is something I would spend 8 hours searching for an alternative so I can save $1 on the price, because I do not want to have it available on my hardware.
In much the same way, I do not want video streaming built into my video card drivers, I do not want additional apps and social feedback enabled. I DONT WANT THAT. But they charge me for it and I have to accept it because the only alternatives are from people more skilled than me assembling drivers for free on their own time that don't work as well as the real thing.
For all of this wisdom of the crows and social economy, vendors and manufactuers dont care about what people want -- they care about getting people to want things more efficiently. And remote control and remote viewing and telemetry are real great ways to gain insight into that, don't you think?
AMD and nvidia building in the video streaming stuff in their cards makes it so that way the vpro and intel management engine is able to deliver your high resolution desktop via the modernized NSAkey-- in hardware. Who needs tempest or packet captures when you can just target user that regularly reports in because of the drivers, and start streaming? It works great for people not regularly posting to social networks...
People that manage their own computers are a secretive threat that support russia; that is what I learned in the movie wargames at least! and as entertaining as it was, its already true that people that take their security and privacy seriously are suspicious and worthy of additional analysis. Baking it into the hardware doesnt make me feel any safer, in fact, it makes me even more paranoid--but even more pissed that I have to pay for my own shackles.
(Score: 0) by Anonymous Coward on Monday January 16 2017, @12:02PM
but even more pissed that I have to pay for my own shackles.
It has always been that way. If shackles didn't pay for themselves, they wouldn't had been made.