Stories
Slash Boxes
Comments

SoylentNews is people

Purism Disables Intel Management Engine on Librem Laptops

posted by martyb on Sunday October 22 2017, @04:42PM   Printer-friendly
from the hold-my-beer,-I-wanna-be-free dept.

takyon writes:

Purism Disables Intel ME On Its Privacy-Focused Librem Laptops

Purism, a startup that aims to develop privacy-focused devices, announced that it has now disabled Intel's Management Engine (ME). The company, and many privacy activists, believe that because Intel's ME is a black box to the user, it could hide backdoors from certain intelligence agencies. Alternatively, it may contain vulnerabilities that could even be unknown to Intel, but which might still be exploited by sophisticated attackers to bypass the operating system's security.

[...] The Librem laptops use Coreboot firmware, which is an open source alternative to BIOS and UEFI for Linux. The company said that using Coreboot is one of the primary reasons why they were able to disable Intel ME in the first place. Coreboot allowed them to dig down on how the processor interacts with this firmware and with the operating system.

Purism had already "neutralized" the Intel ME system on its Librem laptops, which essentially meant that the mission-critical components of Intel ME were removed. However, this could still cause some errors, because the Intel ME would still be "fighting" Coreboot's attempt to neutralize it. With the new method that disables it, the Intel ME can be shut down gracefully. Purism's laptops will continue to support both methods for extra security, just in case the Intel ME is able to "wake-up" somehow, after it's disabled.

[...] Both Librem 13 and Librem 15 laptop models will now ship with Intel ME disabled by default. Customers who have purchased the older Librem laptops will also receive an update that will disable Intel ME on their systems.

Related: Purism Exceeds $1 Million in Funding for Librem 5 Linux-Based Smartphone
How-To: Disabling the Intel Management Engine

Original Submission

 
This discussion has been archived. No new comments can be posted.
Purism Disables Intel Management Engine on Librem Laptops | Log In/Create an Account | Top | 29 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Interesting) by Anonymous Coward on Sunday October 22 2017, @06:51PM (3 children)

    by Anonymous Coward on Sunday October 22 2017, @06:51PM (#586006)

    Pretty damn "opaque" if you are used to text logs.

    Starting Score:    0  points
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Total Score:   1  

  • (Score: 2) by Azuma Hazuki on Sunday October 22 2017, @07:54PM (1 child)

    by Azuma Hazuki (5086) on Sunday October 22 2017, @07:54PM (#586029) Journal

    On the other hand if Debian works, Devuan should also. I will always love Arch and Gentoo best but I've used Devuan and it's really good. It feels nice, less corporate and more techie.

    --
    I am "that girl" your mother warned you about...

    • (Score: 1, Informative) by Anonymous Coward on Monday October 23 2017, @04:20AM

      by Anonymous Coward on Monday October 23 2017, @04:20AM (#586167)

      Yeah. antiX is also based on Debian.
      It's been around since 2006.
      Never shipped with Lennart's crap by default.

      It's entirely possible to have a Debian-based distro without systemd.

      -- OriginalOwner_ [soylentnews.org]

  • (Score: 0) by Anonymous Coward on Monday October 23 2017, @07:40PM

    by Anonymous Coward on Monday October 23 2017, @07:40PM (#586513)

    you can have it output to normal text logs, you lazy fuck.