Feature Request: Allow Disabling of Intel ME |
Post Reply |
Author | ||
wardog
Moderator Group Joined: 15 Jul 2015 Status: Offline Points: 6447 |
Post Options
Thanks(0)
Posted: 08 Mar 2018 at 1:30pm |
|
Interesting System76's Lemur still has ME disabled
https://system76.com/laptops/lemur <me> clutching my left gonad ! |
||
wardog
Moderator Group Joined: 15 Jul 2015 Status: Offline Points: 6447 |
Post Options
Thanks(0)
|
|
Beowulf
Newbie Joined: 08 Mar 2018 Status: Offline Points: 4 |
Post Options
Thanks(0)
|
|
Intel has that much control over what BIOS options various motherboard manufacturers provide? Sounds like a class action lawsuit needs to be filed to order the SEC to reign in Intel and stop them from restraining the free market with over-controlling licensing agreements. Too powerful. As evidence that resistance isn't futile, System 76 is already selling laptops with it disabled right now, and there's this from liliputing.com:
Edited by Beowulf - 08 Mar 2018 at 12:22pm |
||
wardog
Moderator Group Joined: 15 Jul 2015 Status: Offline Points: 6447 |
Post Options
Thanks(0)
|
|
I can all but guarantee you ASRock nor any other motherboard manufacturer will offer a Toggle for this as a BIOS Option. Period. No arguments. Intel would NOT allow it.
Having said that, it will be up to the end user to fudge this to occur. The link you listed has to do with connecting a Rasberry-PI ??? Really?....WTF? See here: http://blog.ptsecurity.com/2017/08/disabling-intel-me.html Mind you, you proceed at your own risk and accept FULL responsibilities should things hose up. Edited by wardog - 08 Mar 2018 at 7:49am |
||
Beowulf
Newbie Joined: 08 Mar 2018 Status: Offline Points: 4 |
Post Options
Thanks(0)
|
|
To summarize the issue (from this website):
"Intel's Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we can't even look at the code. When -- not `if' -- the ME is finally cracked open, every computer running on a recent Intel chip will have a huge security and privacy issue. Intel's Management Engine is the single most dangerous piece of computer hardware ever created." We are all aware of the public vulnerabilities which Intel has admitted, but it's likely NSA or others have toolkits for accessing it which have not been publicized nor patched. In the interests of privacy, it would be desirable for this spyware to be disabled. The ME is actually used to boot the main CPU, but all the rest of its functionality can be removed by BIOS mods, such as are described here. However, this would likely void Asrock's warranty. Much better would be for Asrock to step up and implement this feature themselves, via either a BIOS configuration option, or an alternative BIOS. It would be a selling point for Asrock over its competitors to provide a secure, non-pwnable platform. |
||
Post Reply | |
Tweet
|
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |