Feature Request: Allow Disabling of Intel ME
Printed From: ASRock.com
Category: Technical Support
Forum Name: Intel Motherboards
Forum Description: Question about ASRock Intel Motherboards
URL: https://forum.asrock.com/forum_posts.asp?TID=7974
Printed Date: 27 Dec 2024 at 12:37am
Software Version: Web Wiz Forums 12.04 - http://www.webwizforums.com
Topic: Feature Request: Allow Disabling of Intel ME
Posted By: Beowulf
Subject: Feature Request: Allow Disabling of Intel ME
Date Posted: 08 Mar 2018 at 3:48am
|
To summarize the issue (from https://hackaday.com/2016/11/28/neutralizing-intels-management-engine/" rel="nofollow - this website ): "Intel's Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, https://hackaday.com/2016/01/22/the-trouble-with-intels-management-engine/" rel="nofollow - and we can't even look at the code . When -- not `if' -- the ME is finally cracked open, every computer running on a recent Intel chip will have a huge security and privacy issue. Intel's Management Engine is the single most dangerous piece of computer hardware ever created." We are all aware of the public vulnerabilities which Intel has admitted, but it's likely NSA or others have toolkits for accessing it which have not been publicized nor patched. In the interests of privacy, it would be desirable for this spyware to be disabled. The ME is actually used to boot the main CPU, but all the rest of its functionality can be removed by BIOS mods, such as are described https://www.hardocp.com/news/2017/10/12/disabling_intel_management_engine" rel="nofollow - here . However, this would likely void Asrock's warranty. Much better would be for Asrock to step up and implement this feature themselves, via either a BIOS configuration option, or an alternative BIOS. It would be a selling point for Asrock over its competitors to provide a secure, non-pwnable platform. |
Replies:
Posted By: wardog
Date Posted: 08 Mar 2018 at 7:48am
|
" rel="nofollow - I can all but guarantee you ASRock nor any other motherboard manufacturer will offer a Toggle for this as a BIOS Option. Period. No arguments. Intel would NOT allow it. Having said that, it will be up to the end user to fudge this to occur. The link you listed has to do with connecting a Rasberry-PI ??? Really?....WTF? See here: http://blog.ptsecurity.com/2017/08/disabling-intel-me.html Mind you, you proceed at your own risk and accept FULL responsibilities should things hose up. |
Posted By: Beowulf
Date Posted: 08 Mar 2018 at 12:16pm
Intel has that much control over what BIOS options various motherboard manufacturers provide? Sounds like a class action lawsuit needs to be filed to order the SEC to reign in Intel and stop them from restraining the free market with over-controlling licensing agreements. Too powerful. As evidence that resistance isn't futile, System 76 is https://it.slashdot.org/story/17/11/30/2230208/system76-will-disable-intel-management-engine-on-its-linux-laptops" rel="nofollow - already selling laptops with it disabled right now, and there's this from https://liliputing.com/2017/11/system76-will-disable-intel-management-engine-linux-laptops.html" rel="nofollow - liliputing.com :
|
wardog wrote:Posted By: wardog
Date Posted: 08 Mar 2018 at 1:19pm
|
" rel="nofollow - I'll bet my left gonad Intel tries their damnest is ceasing their practice. Yes. Intel is notorious for stiff arming Co's that don't abide by their demands. What's a manufacturer to do when Intel stops selling you the req'd chipsets but cease production? They have their "ways'. |
Posted By: wardog
Date Posted: 08 Mar 2018 at 1:30pm
|
Interesting System76's Lemur still has ME disabled https://system76.com/laptops/lemur" rel="nofollow - https://system76.com/laptops/lemur <me> clutching my left gonad ! |