Stories
Slash Boxes
Comments

SoylentNews is people

How-To: Disabling the Intel Management Engine

posted by martyb on Monday October 16 2017, @01:50AM   Printer-friendly
from the b-b-b-but-I-have-an-AMD! dept.

The Mighty Buzzard writes:

We've covered that it was possible and in theory how to do so before but I think having a proper How-To written up will save even us nerd types some hair pulling. Here's what you'll need to start:

  • an Intel-CPU-based target PC — that does not have Boot Guard enabled — on which you wish to disable the IME;
    • the target PC may be running an OEM BIOS (such as AMI, Dell etc.), or coreboot;
  • a Raspberry Pi 3 Model B single board computer ('RPi3'), for use as an external flash programmer;
  • a spare >= 8GB microSD card (to hold the 64-bit Gentoo O/S image we will use for the RPi3);
  • an appropriate IC clip for your target PC's flash chip, e.g.:
    • a Pomona 5250 for SOIC-8 chips;
    • a Pomona 5208 for unsocketed DIP-8 chips, or
    • a Pomona 5252 for SOIC-16 chips;
  • 8 female-female connector wires (to attach the appropriate clip to the RPi3's GPIO header);
  • a maintenance manual for your target PC, where available, to assist in safe disassembly / reassembly; and
    • whatever tools are stipulated in the above.

Given the above list, you'll obviously need to be comfortable identifying and connecting an IC clip to your flash chip. So, it's not a procedure for most grandmothers but neither is especially complex or difficult for the vast majority of desktop machines (laptop/other difficulty will vary widely). Also, the guide explicitly does not cover PLCC or WSON flash chips, so you're out of luck here if your board has such.

Happy hacking, folks.

Original Submission

 
This discussion has been archived. No new comments can be posted.
How-To: Disabling the Intel Management Engine | Log In/Create an Account | Top | 29 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by bradley13 on Monday October 16 2017, @05:39AM (4 children)

    by bradley13 (3053) on Monday October 16 2017, @05:39AM (#582914) Homepage Journal

    It's great that someone has produced this how-to, but it remains a scary process with a non-zero chance of bricking your machine. What I want to know is why. Why does Intel make this necessary? Why not just make the management engine a cleanly switchable option? Is this laziness, of is it more nefarious?

    --
    Everyone is somebody else's weirdo.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 4, Interesting) by Geezer on Monday October 16 2017, @09:40AM (1 child)

    by Geezer (511) on Monday October 16 2017, @09:40AM (#582938)

    Making sure things like DRM and "customer experience research" always work could certainly be described as nefarious. Intel has long been Microsoft's hardware bitch.

    • (Score: 0) by Anonymous Coward on Tuesday October 17 2017, @04:22AM

      by Anonymous Coward on Tuesday October 17 2017, @04:22AM (#583311)

      Intel has long been Microsoft's hardware bitch.

      ref provided https://en.wikipedia.org/wiki/Wintel [wikipedia.org]

  • (Score: 5, Informative) by pkrasimirov on Monday October 16 2017, @11:15AM

    by pkrasimirov (3358) Subscriber Badge on Monday October 16 2017, @11:15AM (#582960)

    > Is this laziness, of is it more nefarious?
    It is more nefarious.

  • (Score: 3, Insightful) by sjames on Monday October 16 2017, @03:34PM

    by sjames (2882) on Monday October 16 2017, @03:34PM (#583020) Journal

    Better yet, remote management alone is a good thing. Why couldn't they stick to BMCs that have control over power, reset, and the serial port, can present a virtual DVD drive on USB, and NOTHING else?