Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 13 submissions in the queue.

Intel Management Engine Partially Defeated

posted by janrinok on Sunday January 15, @12:21AM   Printer-friendly
from the where-there-is-a-will,-there-is-a-way dept.
Security

The Mighty Buzzard writes:

In some shiny good news to us of the tinfoil hat crew, Phoronix is reporting:

Many free software advocates have been concerned by Intel's binary-only Management Engine (ME) built into the motherboards on newer generations of Intel motherboards. The good news is there is now a working, third-party approach for disabling the ME and reducing the risk of its binary blobs.

Via an open-source, third-party tool called me_cleaner it's possible to partially deblob Intel's ME firmware images by removing any unnecessary partitions from the firmware, reducing its ability to interface with the system. The me_cleaner works not only with free software firmware images like Coreboot/Libreboot but can also work with factory-blobbed images. I was able to confirm with a Coreboot developer that this program can disable the ME on older boards or devices with BootGuard and disable Secure Boot. This is all done with a Python script.

Those unfamiliar with the implications on Intel's ME for those wanting a fully-open system can read about it on Libreboot.org.

Looks like I may not have to go ARM on my next desktop build after all.

Original Submission


«  Physicists Cool Object to Below "Quantum Limit"
Intel Management Engine Partially Defeated | Log In/Create an Account | Top | 5 comments | Search Discussion
Display Options Threshold/Breakthrough:

Reply to Article
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • omnipotent (Score:3, Interesting)

    by driven (6295) Subscriber Badge on Sunday January 15, @12:41AM (#453969)

    Like the AMT application, these DRM applications, which in themselves are defective by design, demonstrate the omnipotent capabilities of the ME: this hardware and its proprietary firmware can access and control everything that is in RAM and even everything that is shown on the screen.

    I won't pretend to know much about CPU internals, but that last statement of its "omnipotent" capability reminded me of the Super Snapshot [pcmuseum.ca] cartridge for Commodore 64 computers. You could freeze execution of whatever was running, debug it, modify it, save it to disk as a runnable snapshot file that would resume the program at the point when it was interrupted. It could even scan memory before and after losing a life in a game and often was able to auto-detect what memory location had to be modified to give you infinite lives. I've always missed that kind of functionality with PCs.
    Sorry, couldn't help take a trip down memory lane. :)

    • Re:omnipotent by Anonymous Coward (Score:0) Sunday January 15, @01:05AM
    • Re:omnipotent by Ethanol-fueled (Score:1) Sunday January 15, @01:22AM
    • 1 reply beneath your current threshold.

  • Surprised this is a thing (Score:0)

    by Anonymous Coward on Sunday January 15, @01:29AM (#453977)

    I'm an open-source loving, Linux using, Fortune 500 IT guy and I'm kind of surprised to see people up in arms about Intel ME/AMT. Like this article is the first I've heard about it.
    I am a huge fan of vPro (AMT/ME specifically) - we now have it on thousands of our machines and the number of literal truck rolls it saves is measurable. So easy to remotely diagnose a computer even if it has a failing motherboard. So easy to remotely reimage a machine.
    That said, this technology is primarily only on business desktops and notebooks as far as I know. If you build your own machine from Newegg or Amazon, it's not going to have this on it. I guess maybe the market came from people buying used business equipment on eBay?