We've covered that it was possible and in theory how to do so before but I think having a proper How-To written up will save even us nerd types some hair pulling. Here's what you'll need to start:
- an Intel-CPU-based target PC — that does not have Boot Guard enabled — on which you wish to disable the IME;
- the target PC may be running an OEM BIOS (such as AMI, Dell etc.), or coreboot;
- a Raspberry Pi 3 Model B single board computer ('RPi3'), for use as an external flash programmer;
- a spare >= 8GB microSD card (to hold the 64-bit Gentoo O/S image we will use for the RPi3);
- an appropriate IC clip for your target PC's flash chip, e.g.:
- a Pomona 5250 for SOIC-8 chips;
- a Pomona 5208 for unsocketed DIP-8 chips, or
- a Pomona 5252 for SOIC-16 chips;
- 8 female-female connector wires (to attach the appropriate clip to the RPi3's GPIO header);
- a maintenance manual for your target PC, where available, to assist in safe disassembly / reassembly; and
- whatever tools are stipulated in the above.
Given the above list, you'll obviously need to be comfortable identifying and connecting an IC clip to your flash chip. So, it's not a procedure for most grandmothers but neither is especially complex or difficult for the vast majority of desktop machines (laptop/other difficulty will vary widely). Also, the guide explicitly does not cover PLCC or WSON flash chips, so you're out of luck here if your board has such.
Happy hacking, folks.
(Score: 2) by bradley13 on Monday October 16 2017, @05:39AM (4 children)
It's great that someone has produced this how-to, but it remains a scary process with a non-zero chance of bricking your machine. What I want to know is why. Why does Intel make this necessary? Why not just make the management engine a cleanly switchable option? Is this laziness, of is it more nefarious?
Everyone is somebody else's weirdo.
(Score: 4, Interesting) by Geezer on Monday October 16 2017, @09:40AM (1 child)
Making sure things like DRM and "customer experience research" always work could certainly be described as nefarious. Intel has long been Microsoft's hardware bitch.
(Score: 0) by Anonymous Coward on Tuesday October 17 2017, @04:22AM
ref provided https://en.wikipedia.org/wiki/Wintel [wikipedia.org]
(Score: 5, Informative) by pkrasimirov on Monday October 16 2017, @11:15AM
> Is this laziness, of is it more nefarious?
It is more nefarious.
(Score: 3, Insightful) by sjames on Monday October 16 2017, @03:34PM
Better yet, remote management alone is a good thing. Why couldn't they stick to BMCs that have control over power, reset, and the serial port, can present a virtual DVD drive on USB, and NOTHING else?