Disabling the Intel Management Engine

  • 5 Replies
  • 457 Views
Disabling the Intel Management Engine
« on: August 28, 2017, 12:16:22 PM »
Intel's Management engine has been a topic of discussion on #wetfish several times now, even sporting its own wiki page

If you don't know, ME is a secondary CPU embedded into the motherboard of every Intel computer since 2006, widely considered by experts to be an obvious backdoor. At long last, it looks like somebody finally found a way to disable it:

http://blog.ptsecurity.com/2017/08/disabling-intel-me.html
https://news.ycombinator.com/item?id=15116719


Quote
TL;DR: Intel put a special High Assurance Platform (HAP) mode in ME for the US government. If toggled on, it disables all non-critical ME functionality. Questioned, Intel responded:

> In response to requests from customers with specialized requirements we sometimes explore the modification or disabling of certain features. In this case, the modifications were made at the request of equipment manufacturers in support of their customer?s evaluation of the US government?s ?High Assurance Platform? program.  These modifications underwent a limited validation cycle and are not an officially supported configuration.

That's right, we the people now have a way to disable the backdoor by exploiting an undocumented feature intended for government agencies who wanted to be able to turn it off.

Oh the irony
*spork*

Re: Disabling the Intel Management Engine
« Reply #1 on: October 28, 2020, 08:44:08 PM »
Rachel, you'll love to see this.  I remember many discussions you initiated about the IME, and now there's another bit of a breakthrough.

https://arstechnica.com/gadgets/2020/10/in-a-first-researchers-extract-secret-key-used-to-encrypt-intel-cpu-code/

Quote
Researchers have extracted the secret key that encrypts updates to an assortment of Intel CPUs, a feat that could have wide-ranging consequences for the way the chips are used and, possibly, the way they’re secured.


RACHEL TIPPED 1337 CORAL FOR THIS POST


Re: Disabling the Intel Management Engine
« Reply #2 on: November 02, 2020, 09:26:55 AM »
looks like my next processor is going to be AMD

Re: Disabling the Intel Management Engine
« Reply #3 on: November 02, 2020, 09:31:43 AM »
looks like my next processor is going to be AMD

Let me disappoint you by telling you they have a similar "feature".

Re: Disabling the Intel Management Engine
« Reply #4 on: November 02, 2020, 10:22:40 AM »
ARM pls save us

Re: Disabling the Intel Management Engine
« Reply #5 on: November 02, 2020, 10:26:41 AM »
arm supremacy, can't wait for arm, everything written in arm, 300 ARM CPU cores in my desktop