Submitted via IRC for TheMightyBuzzard
Linux computer vendor System76 announced this week that it will roll out a firmware update to disable Intel Management Engine on laptops sold in the past few years. Purism will also disable Intel Management Engine on computers it sells moving forward. Those two computer companies are pretty small players in the multi-billion dollar PC industry. …
... Intel's Management Engine is a hardware and software system designed to provide some remote management features. But it's come under criticism from privacy advocates, security researchers, and the free and open source software community.
That's because Intel Management Engine is basically a mystery. It's software that runs independently of a computer's operating system, which means that even if you wipe the OS, the Management Engine is still there. And there's no good way to know what it's doing.
The risks aren't just theoretical – Intel recently acknowledged a security vulnerability affecting nearly every PC that shipped with a 6th, 7th, or 8th-gen Intel Core processor. While the company is working with PC makers to roll out updates to patch that vulnerability, it wouldn't even exist if Intel hadn't bundled a feature many users don't need and won't use with its latest chips.
System76 are making a similar move:
System76 is one a handful of companies that sells computers that run Linux software out of the box. But like most PCs that have shipped with Intel’s Core processors in the past few years, System76 laptops include Intel’s Management Engine firmware. Intel recently confirmed a major security vulnerability affecting those chips and it’s working with …
Source: https://liliputing.com/2017/12/dell-also-sells-laptops-intel-management-engine-disabled.html
Source: https://liliputing.com/2017/11/system76-will-disable-intel-management-engine-linux-laptops.html
(Score: 0) by Anonymous Coward on Wednesday December 06 2017, @07:05PM (4 children)
"6th, 7th, or 8th-gen"
which really helps narrow it down...
(Score: 2) by bob_super on Wednesday December 06 2017, @07:34PM (3 children)
Reworded: Almost every PC shipped with a chip sold under the 6th, 7th, and 8th generations, aka iN-6xxx, iN-7xxx, and iN-8xxx.
Not quite sure if you were jesting. That's proper English form. The bug is a case of code reused across 3 generations before found.
(Score: 1, Insightful) by Anonymous Coward on Wednesday December 06 2017, @08:27PM
Enough people wouldn't have a clue what generation CPU they have that it probably would have been more helpful to offer "nearly every PC sold since date".
(Score: 1) by hereweareagain on Wednesday December 06 2017, @08:54PM
Detection utility also says Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz is "considered vulnerable." Be advised
--I'm willing to admit I just *might* be wrong... Are you?
(Score: 2) by FatPhil on Thursday December 07 2017, @03:04PM
Or you mean the Intel Core architecure generations Core, Nehalem, Sandy Bridge, Haswell, Sky Lake, 6th is Ice Lake, 7th isn't, 8th isn't? So it's a bunch of processors that mostly don't exist yet?
Orrrrrr, Intel's marketting is deliberately obfuscatory.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves