Purism Disables Intel ME On Its Privacy-Focused Librem Laptops
Purism, a startup that aims to develop privacy-focused devices, announced that it has now disabled Intel's Management Engine (ME). The company, and many privacy activists, believe that because Intel's ME is a black box to the user, it could hide backdoors from certain intelligence agencies. Alternatively, it may contain vulnerabilities that could even be unknown to Intel, but which might still be exploited by sophisticated attackers to bypass the operating system's security.
[...] The Librem laptops use Coreboot firmware, which is an open source alternative to BIOS and UEFI for Linux. The company said that using Coreboot is one of the primary reasons why they were able to disable Intel ME in the first place. Coreboot allowed them to dig down on how the processor interacts with this firmware and with the operating system.
Purism had already "neutralized" the Intel ME system on its Librem laptops, which essentially meant that the mission-critical components of Intel ME were removed. However, this could still cause some errors, because the Intel ME would still be "fighting" Coreboot's attempt to neutralize it. With the new method that disables it, the Intel ME can be shut down gracefully. Purism's laptops will continue to support both methods for extra security, just in case the Intel ME is able to "wake-up" somehow, after it's disabled.
[...] Both Librem 13 and Librem 15 laptop models will now ship with Intel ME disabled by default. Customers who have purchased the older Librem laptops will also receive an update that will disable Intel ME on their systems.
"The most popular mobile operating system on the planet, Android, is already based on Linux, but with Google in charge of it, many consumers cannot depend on it for privacy. With that said, Purism is planning to fight the impossible fight against Android and iOS with the "Librem 5" smartphone. This is a device that will run a privacy-focused Linux-based OS called "Pure OS," but the hardware is wide open for any OS, really. Purism is trying to raise $1.5 million through crowdfunding, and earlier today, it reached a significant milestone -- $1 million! Maybe the fight isn't impossible after all..." - via BetaNews
(Score: 2) by looorg on Sunday October 22, @04:53PM
Will there be some general solution to disable this that won't involve soldering and voiding warranties? For more machines, not only Librem laptops, and motherboard manufacturers or are they all deep in the Intel pocket(s)?
