SoylentNews is people
SoylentNews
We've covered that it was possible and in theory how to do so before but I think having a proper How-To written up will save even us nerd types some hair pulling. Here's what you'll need to start:
- an Intel-CPU-based target PC — that does not have Boot Guard enabled — on which you wish to disable the IME;
- the target PC may be running an OEM BIOS (such as AMI, Dell etc.), or coreboot;
- a Raspberry Pi 3 Model B single board computer ('RPi3'), for use as an external flash programmer;
- a spare >= 8GB microSD card (to hold the 64-bit Gentoo O/S image we will use for the RPi3);
- an appropriate IC clip for your target PC's flash chip, e.g.:
- a Pomona 5250 for SOIC-8 chips;
- a Pomona 5208 for unsocketed DIP-8 chips, or
- a Pomona 5252 for SOIC-16 chips;
- 8 female-female connector wires (to attach the appropriate clip to the RPi3's GPIO header);
- a maintenance manual for your target PC, where available, to assist in safe disassembly / reassembly; and
- whatever tools are stipulated in the above.
Given the above list, you'll obviously need to be comfortable identifying and connecting an IC clip to your flash chip. So, it's not a procedure for most grandmothers but neither is especially complex or difficult for the vast majority of desktop machines (laptop/other difficulty will vary widely). Also, the guide explicitly does not cover PLCC or WSON flash chips, so you're out of luck here if your board has such.
Happy hacking, folks.
This discussion has been archived.
No new comments can be posted.
How-To: Disabling the Intel Management Engine
|
Log In/Create an Account
| Top
| 29 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
(1)
The more I know men the more I like my horse.
(Score: 5, Insightful) by takyon on Monday October 16 2017, @01:59AM (21 children)
Will you buy superior price/performance x86 chips, or pin your hopes on SoylentNews favorite RISC-V to break the monopoly?
Does this mean Intel is a better buy than AMD?
Is this just a ruse to get you to disable the management engine you know about?
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 3, Informative) by Anonymous Coward on Monday October 16 2017, @02:19AM
Using a turquoise case is the only way to shut down the one the lizard people put in there.
(Score: 5, Informative) by The Mighty Buzzard on Monday October 16 2017, @02:22AM (13 children)
Well, RISC-V is years away from giving the world a chip comparable with even the low-end x86_64 chips, so that's out. ARM would be a better bet but while finding a respectable ARM chip isn't too hard, finding a board that gives you options comparable to a modern desktop is exceedingly difficult, so that's out as well for a bit longer. If you need a desktop this year, you have no realistic choice but x86_64 unless you're willing to pay thousands of dollars extra for an underperforming Talos II.
My rights don't end where your fear begins.
(Score: 1) by Ethanol-fueled on Monday October 16 2017, @02:28AM (8 children)
YES!
https://www.youtube.com/watch?v=LdH1hSWGFGU [youtube.com]
(Score: 1) by Ethanol-fueled on Monday October 16 2017, @02:36AM (2 children)
https://youtu.be/LdH1hSWGFGU?t=97 [youtu.be]
HAHHAHAHA
YEAH!
(Score: 2) by takyon on Monday October 16 2017, @02:41AM
ni🅱️️🅱️️a wot m9
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by RS3 on Monday October 16 2017, @04:23AM
OK, I'm missing something: why are you posting those links?
Obviously off topic, but certainly awesome.
I was not at this concert but I saw this woman do this piece 2 years ago: https://www.youtube.com/watch?v=YKGPe31nWZs/ [youtube.com]
(Score: 2) by The Mighty Buzzard on Monday October 16 2017, @02:46AM (3 children)
If you're going to go all Offtopic and link that song at least link the Bugs Bunny version.
My rights don't end where your fear begins.
(Score: 2) by c0lo on Monday October 16 2017, @03:10AM
Those bugs were closed as "fixed" a long time ago.
Wanna reopen them? Fair warning: bugs is trademarked [justia.com] to them.
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 1) by Ethanol-fueled on Monday October 16 2017, @04:34AM
They are all Bugs Bunny versions.
From Hungarian Rhapsody to The Marrage of Figaro, [youtube.com] We were taught well.
Hahahhaahheeheehooooo!
(Score: 1) by Ethanol-fueled on Monday October 16 2017, @05:10AM
Gotdammit, why the hell does all the good shit have to be posted when I'm drunk off my ass and unable to use it at the moment?!
(Score: 2) by curunir_wolf on Monday October 16 2017, @05:06PM
I am a crackpot
(Score: 0) by Anonymous Coward on Monday October 16 2017, @02:48AM (1 child)
It seems all three major manufacturers love to piss final users. ARM can come with TrustZone, so you are under board maker's will about chip selection and what is loaded in it. https://en.wikipedia.org/wiki/ARM_architecture#TrustZone_.28for_Cortex-A_profile.29 [wikipedia.org]
(Score: 1) by Ethanol-fueled on Monday October 16 2017, @05:16AM
Yeah, really. Qualcomm loves to hand out their Snapdragon (ARM based) dev boards but those sonsabitches are known for being difficult, just as the cell processors were.
(Score: 1, Interesting) by Anonymous Coward on Monday October 16 2017, @04:08AM (1 child)
Any real stats about that Talos II? It's not a crappy embedded CPU abused to be a PC. It seems to come with 2 CPUs, each with 4 cores, and each with 4 threads (called SMT4 by IBM, instead of x86's 2 so far, and Power9 also has SMT8 option). 2 sockets, 8 cores, 32 threads, with 180W TDP. The board has 16 ECC DDR4 slots, can fit up to 2TB. Also three 16x PCIe 4.0 and two 4x. That is going to cost money on x86 too, if avaliable at all.
So how does it really compare to AMD/Intel offerings? Anyone with Power8 experience (Power 9 is 1.5-2.2x times better by IBM paper)?
For reference (sparse on final GHz or even bogomips to get an idea):
https://en.wikipedia.org/wiki/POWER9 [wikipedia.org]
https://www.raptorcs.com/content/TL2WK2/intro.html [raptorcs.com]
https://www.ibm.com/developerworks/community/wikis/form/anonymous/api/wiki/61ad9cf2-c6a3-4d2c-b779-61ff0266d32a/page/1cb956e8-4160-4bea-a956-e51490c2b920/attachment/56cea2a9-a574-4fbb-8b2c-675432367250/media/POWER9-VUG.pdf [ibm.com]
(Score: 2) by driverless on Monday October 16 2017, @10:36AM
A system can be underperforming in two senses, you pay PC prices for something with the performance of a cellphone, or you pay high-end server prices for something that performs like a PC. The Talos II is the latter, the price makes it a top-of-the-line PowerEdge, the specs make it an eBayed Inspiron.
(Score: 2) by isostatic on Monday October 16 2017, @10:35AM (3 children)
Is this just a ruse to get you to disable the management engine you know about?
Unless they have some real spy stuff infecting every chip like Uraei or similar, somebody would be able to see traffic passing through their router
(Score: 3, Funny) by takyon on Monday October 16 2017, @10:47AM (2 children)
The chips use an internal neutrino router to communicate directly with the NSA.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 1, Funny) by Anonymous Coward on Monday October 16 2017, @11:25PM (1 child)
Great, now I have to build a million gallon tank directly below my house just so I can see what the NSA is siphoning off!?! I have stuff to do this weekend!
(Score: 2) by Wootery on Tuesday October 17 2017, @09:55AM
Try siphoning the stream of bile from YouTube comments. You'll have it full in no time.
(Score: 2) by crafoo on Tuesday October 17 2017, @02:04AM (1 child)
Days like this I really miss my Amiga. Assembly was more fun on it too.
(Score: 1) by anubi on Tuesday October 17 2017, @04:08AM
That's the reason I stay with my simple stuff.
I do not need to refresh a HD screen 60 FPS, but I *must* be able to trust the thing.
If I can't trust it, I am really afraid to connect anything really important to it.
I'd be more comfortable knowing my systems are running Arduinos than running something someone else can pwn me anytime he wants.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 5, Interesting) by jmorris on Monday October 16 2017, @04:22AM
It is possible to disable this by the vendor, Intel apparently will allow it.
Dell Lattitude 14 Rugged Laptop [dell.com]
Note they ship the default of "No Out-of-Band management" but sell two options, "vPro Enabled" and "vPro ME Disabled, Custom Order" for the same $20.92 upcharge.
Haven't seen the option on other Dell offerings yet but somebody yelled at their sales rep loudly enough to get that option added. We need to yell until we make that universal, then a zero charge option, finally get it to be the default. PC sales are flat right now, customers have the whip hand. USE. IT.
(Score: 2) by bradley13 on Monday October 16 2017, @05:39AM (4 children)
It's great that someone has produced this how-to, but it remains a scary process with a non-zero chance of bricking your machine. What I want to know is why. Why does Intel make this necessary? Why not just make the management engine a cleanly switchable option? Is this laziness, of is it more nefarious?
Everyone is somebody else's weirdo.
(Score: 4, Interesting) by Geezer on Monday October 16 2017, @09:40AM (1 child)
Making sure things like DRM and "customer experience research" always work could certainly be described as nefarious. Intel has long been Microsoft's hardware bitch.
(Score: 0) by Anonymous Coward on Tuesday October 17 2017, @04:22AM
ref provided https://en.wikipedia.org/wiki/Wintel [wikipedia.org]
(Score: 5, Informative) by pkrasimirov on Monday October 16 2017, @11:15AM
> Is this laziness, of is it more nefarious?
It is more nefarious.
(Score: 3, Insightful) by sjames on Monday October 16 2017, @03:34PM
Better yet, remote management alone is a good thing. Why couldn't they stick to BMCs that have control over power, reset, and the serial port, can present a virtual DVD drive on USB, and NOTHING else?
(Score: 5, Informative) by RamiK on Monday October 16 2017, @10:23AM
Get yourself a CH341A instead. Cheaper and safer since you want a real-time clock doing the R/W which the Pi can't guarantee.
As an additional side-note, some EEPROMS are 1.8v Vcc and high logic so pushing 3.3v down their lanes is dangerous even for the first probing operation. For those you'll need a relatively expensive TL866CS and its respective 1.8v adapter module (~40$).
I guess the only caveat with the CH341A is the incomplete linux software compared to the windows software. But I doubt the Pi is doing any better.
compiling...