Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 19 submissions in the queue.

Intel Management Engine Partially Defeated

posted by janrinok on Sunday January 15 2017, @12:21AM   Printer-friendly
from the where-there-is-a-will,-there-is-a-way dept.

The Mighty Buzzard writes:

In some shiny good news to us of the tinfoil hat crew, Phoronix is reporting:

Many free software advocates have been concerned by Intel's binary-only Management Engine (ME) built into the motherboards on newer generations of Intel motherboards. The good news is there is now a working, third-party approach for disabling the ME and reducing the risk of its binary blobs.

Via an open-source, third-party tool called me_cleaner it's possible to partially deblob Intel's ME firmware images by removing any unnecessary partitions from the firmware, reducing its ability to interface with the system. The me_cleaner works not only with free software firmware images like Coreboot/Libreboot but can also work with factory-blobbed images. I was able to confirm with a Coreboot developer that this program can disable the ME on older boards or devices with BootGuard and disable Secure Boot. This is all done with a Python script.

Those unfamiliar with the implications on Intel's ME for those wanting a fully-open system can read about it on Libreboot.org.

Looks like I may not have to go ARM on my next desktop build after all.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Intel Management Engine Partially Defeated | Log In/Create an Account | Top | 39 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Insightful) by The Mighty Buzzard on Sunday January 15 2017, @02:51AM

    by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Sunday January 15 2017, @02:51AM (#453988) Homepage Journal

    It's proprietary hardware that you're utterly and completely unable to shut off in this case. It's another CPU running below ring 0 that's able to access memory and peripherals, up to and including activating while the computer is "powered off". It is straight up a hardware root kit that it has been completely impossible to remove and still have a functioning computer. What possible reason could there be for not allowing the disabling of it in home computers besides allowing remote surveillance?

    --
    My rights don't end where your fear begins.
    Starting Score:    1  point
    Moderation   +3  
       Insightful=2, Informative=1, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5  

  • (Score: 0) by Anonymous Coward on Sunday January 15 2017, @05:20AM

    by Anonymous Coward on Sunday January 15 2017, @05:20AM (#454011)

    So is absolute computrace but at least you can supposedly disable that in the Bios/uefi sometimes. UEFI rootkits are what scare me.

  • (Score: 3, Informative) by RamiK on Sunday January 15 2017, @11:28AM

    by RamiK (1813) on Sunday January 15 2017, @11:28AM (#454051)

    What possible reason could there be for not allowing the disabling of it in home computers besides allowing remote surveillance?

    As with the case of HDCP [wikipedia.org], the official rational is DRM.

    And yeah, it's bull-manure.

    --
    compiling...