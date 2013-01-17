from the where-there-is-a-will,-there-is-a-way dept.
In some shiny good news to us of the tinfoil hat crew, Phoronix is reporting:
Many free software advocates have been concerned by Intel's binary-only Management Engine (ME) built into the motherboards on newer generations of Intel motherboards. The good news is there is now a working, third-party approach for disabling the ME and reducing the risk of its binary blobs.
Via an open-source, third-party tool called me_cleaner it's possible to partially deblob Intel's ME firmware images by removing any unnecessary partitions from the firmware, reducing its ability to interface with the system. The me_cleaner works not only with free software firmware images like Coreboot/Libreboot but can also work with factory-blobbed images. I was able to confirm with a Coreboot developer that this program can disable the ME on older boards or devices with BootGuard and disable Secure Boot. This is all done with a Python script.
Those unfamiliar with the implications on Intel's ME for those wanting a fully-open system can read about it on Libreboot.org.
Looks like I may not have to go ARM on my next desktop build after all.
omnipotent (Score:3, Interesting)
I won't pretend to know much about CPU internals, but that last statement of its "omnipotent" capability reminded me of the Super Snapshot [pcmuseum.ca] cartridge for Commodore 64 computers. You could freeze execution of whatever was running, debug it, modify it, save it to disk as a runnable snapshot file that would resume the program at the point when it was interrupted. It could even scan memory before and after losing a life in a game and often was able to auto-detect what memory location had to be modified to give you infinite lives. I've always missed that kind of functionality with PCs.
Sorry, couldn't help take a trip down memory lane. :)
Surprised this is a thing (Score:0)
I'm an open-source loving, Linux using, Fortune 500 IT guy and I'm kind of surprised to see people up in arms about Intel ME/AMT. Like this article is the first I've heard about it.
I am a huge fan of vPro (AMT/ME specifically) - we now have it on thousands of our machines and the number of literal truck rolls it saves is measurable. So easy to remotely diagnose a computer even if it has a failing motherboard. So easy to remotely reimage a machine.
That said, this technology is primarily only on business desktops and notebooks as far as I know. If you build your own machine from Newegg or Amazon, it's not going to have this on it. I guess maybe the market came from people buying used business equipment on eBay?
