Deactivation of Intel Management Engine.
JRamirez
New Member Posts: 16 ✭
Intel Management Engine is a Computer with an own Operating System that is build into Intel CPU since many Years.
It is not intended for the Customer/User/Owner of the Hardware to disable that piece of the CPU.
The Management Engine has full Access to all Hardware, even if you want to run a secure Operating System that
respects your Privacy, Intel ME does not.
Now Intel ME was getting cracked once again and we cannot do anything agains this severe Security Hole in out Hardware.
We simply can not trust this Hardware and use it for critical Things.
Can you provide a Firmware that deactivates Intel ME so our Privacy is respectec by our own Hardware?
Can you provide Coreboot and ideally Libreboot to UP Hardware to replace proprietary untrustable UEFI Firmware?
It is not intended for the Customer/User/Owner of the Hardware to disable that piece of the CPU.
The Management Engine has full Access to all Hardware, even if you want to run a secure Operating System that
respects your Privacy, Intel ME does not.
Now Intel ME was getting cracked once again and we cannot do anything agains this severe Security Hole in out Hardware.
We simply can not trust this Hardware and use it for critical Things.
Can you provide a Firmware that deactivates Intel ME so our Privacy is respectec by our own Hardware?
Can you provide Coreboot and ideally Libreboot to UP Hardware to replace proprietary untrustable UEFI Firmware?
Comments
-
Hi JRamirez,
For the moment you can look at this article and check how to disable Intel AMT (which is needed to exploit the ME vulnerabilities over the network) for both Windows and Linux:
https://mattermedia.com/blog/disabling-intel-amt/
We will look into the issue and provide you an update as soon as possible.
At the moment we don't have a Coreboot or Libreboot option unfortunately, thanks for your feedback! -
dcleri wrote:Hi JRamirez,
For the moment you can look at this article and check how to disable Intel AMT (which is needed to exploit the ME vulnerabilities over the network) for both Windows and Linux:
https://mattermedia.com/blog/disabling-intel-amt/
We will look into the issue and provide you an update as soon as possible.
At the moment we don't have a Coreboot or Libreboot option unfortunately, thanks for your feedback!
You really should consider Coreboot Support for UP, this will give Users a better, faster and more secure Option and
would surely boost Sales.
Support of Coreboot will boost your Reputation and gets you Headlines in nearly all IT relevant Media for free.
As Intel ME becomes more and more of a scandal, your board will be one very few options on the Market. -
There's also this tool from Intel
https://github.com/intel/INTEL-SA-00075-Linux-Detection-And-Mitigation-Tools?_ga=2.119390217.1668796747.1510046182-539301925.1508411548
Regards
Nicola Lunghi
