Announcement

**torsionbar28** · 02 June 2023, 09:50 PM

System76 is doing the Good Things in Linux hardware land. If I were in the market for a new machine, I'd be giving them serious consideration.

**JEBjames** · 03 June 2023, 12:22 AM

Michael

typo/grammar

"have managed to disable the Intel Management Engine (ME) to be disabled".

Redundant. Disable one of your disables.

**darkbasic** · 03 June 2023, 03:56 AM

Originally posted by chithanh View Post

That System76 can disable Intel ME is a dubious claim. The most they can do is set the HAP bit, and remove parts of the ME firmware.
OEMs cannot disable Intel ME, only Intel can.

https://twitter.com/rootkovska/statu...64351008395264

^ This (stupid character limit)

**Michael** · 03 June 2023, 05:44 AM

Originally posted by JEBjames View Post

Michael

typo/grammar

"have managed to disable the Intel Management Engine (ME) to be disabled".

Redundant. Disable one of your disables.

Yep fixed thanks.

**CTTY** · 03 June 2023, 09:13 AM

Measured and secure boot is massive!
Probably I will get one of their devices then.

**Daktyl198** · 03 June 2023, 06:26 PM

Originally posted by scottishduck View Post

AMD do basically nothing to support coreboot and have a system exactly like Intel ME. Go use them if you want.

AMD's move to OpenSIL to replace AGESA comes with explicit CoreBoot support, as per AMD themselves. It'll take a few years to get OpenSIL consumer ready and stable, but once it gets there then coreboot on AMD will be possible. Hopefully, once both AMD and Intel support coreboot, most motherboard manufacturers will switch to coreboot instead of their proprietary UEFI interfaces since it'll be less work on them.

But also yes, AMD has a "security engine" or whatever they call it as well, and it's also impossible to disable.

**scottishduck** · 04 June 2023, 03:59 PM

Originally posted by Daktyl198 View Post

AMD's move to OpenSIL to replace AGESA comes with explicit CoreBoot support, as per AMD themselves. It'll take a few years to get OpenSIL consumer ready and stable, but once it gets there then coreboot on AMD will be possible. Hopefully, once both AMD and Intel support coreboot, most motherboard manufacturers will switch to coreboot instead of their proprietary UEFI interfaces since it'll be less work on them.

But also yes, AMD has a "security engine" or whatever they call it as well, and it's also impossible to disable.

Intel’s coreboot support is real and exists right now. I’ll care about OpenSIL when it actually exists.

**mitchellrenouf** · 07 June 2023, 09:53 PM

Originally posted by NotMine999 View Post

I would be more interested to read a list of the ME features that this "open firmware" (System76's own words, but my quotes) has disabled. Then we would all know what is being done behind the scenes that is now being disabled for us. It would allow consumers to make an informed decision: System76 "open firmware" or Intel "closed firmware".

After all, isn't transparency supposed to be a good thing ?

Care to step up to this System76 ?

The mangement engine hap bit or the dynamic disable disables only the fTPM 2.0, PVP, and the pcie interface. You won't be able to use high resolution encrypted video like netflix or disney+ unless you have a dGPU if you disable it. SGX and loading programs any other way with it would also be an issue if you cared to use that. A lot of the features don't exist in the home mangement engine outside of manufacturing mode. Most of the security benefit comes from the disabling of the pcie interface so it's a lot harder to send programs or commands to it. You should research the mangement engine more it's actually quite complex what it does there are ways to flash firmware over usb and the pcie interface for example. The home edition one is called consumer not corporate.

Announcement

System76's Coreboot Open Firmware Manages To Disable Intel ME For Raptor Lake

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment