Stories
Slash Boxes
Comments

SoylentNews is people

Submission Preview

Link to Story

How-To: Disabling the Intel Management Engine

Accepted submission by The Mighty Buzzard mailto:themightybuzzard@soylentnews.org at 2017-10-13 11:51:38
Hardware

We've covered that it was possible and in theory how to do so before but I think having a proper How-To [gentoo.org] written up will save even us nerd types some hair pulling. Here's what you'll need to start:

  • an Intel-CPU-based target PC — that does not have Boot Guard [github.com] enabled — on which you wish to disable the IME;
    • the target PC may be running an OEM BIOS (such as AMI, Dell etc.), or coreboot [coreboot.org];
  • a Raspberry Pi 3 Model B [gentoo.org] single board computer ('RPi3'), for use as an external flash programmer;
  • a spare >= 8GB microSD card (to hold the 64-bit Gentoo O/S image we will use for the RPi3);
  • an appropriate IC clip for your target PC's flash chip, e.g.:
    • a Pomona 5250 for SOIC-8 chips;
    • a Pomona 5208 for unsocketed DIP-8 chips, or
    • a Pomona 5252 for SOIC-16 chips;
  • 8 female-female connector wires (to attach the appropriate clip to the RPi3's GPIO header);
  • a maintenance manual for your target PC, where available, to assist in safe disassembly / reassembly; and
    • whatever tools are stipulated in the above.

Given the above list, you'll obviously need to be comfortable identifying and connecting an IC clip to your flash chip. So, it's not a procedure for most grandmothers but neither is especially complex or difficult for the vast majority of desktop machines (laptop/other difficulty will vary widely). Also, the guide explicitly does not cover PLCC or WSON flash chips, so you're out of luck here if your board has such.

Happy hacking, folks.


Original Submission