Announcement

Collapse
No announcement yet.

It's Now Possible To Disable & Strip Down Intel's ME Blob

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • It's Now Possible To Disable & Strip Down Intel's ME Blob

    Phoronix: It's Now Possible To Disable & Strip Down Intel's ME Blob

    Many free software advocates have been concerned by Intel's binary-only Management Engine (ME) built into the motherboards on newer generations of Intel motherboards. The good news is there is now a working, third-party approach for disabling the ME and reducing the risk of its binary blobs...

    http://www.phoronix.com/scan.php?pag...el-ME-Cleaning

  • #2
    Sounds gound. The user controls their machine, and not vice versa.

    Comment


    • #3
      I don't think it's disables it completely, it just trims it down. The article title is misleading.

      Comment


      • #4
        Originally posted by Mystro256 View Post
        I don't think it's disables it completely, it just trims it down. The article title is misleading.
        what makes you say that?

        Comment


        • #5
          It's a start and step in the right direction. But to get rid of all this blob stuff in the firmware could be a lengthy walk...
          I really dislike the idea of something that runs at ring <0 and is totally transparent to my OS kernel - but is possibly always active and has higher rights than my kernel. Especially when it can possibly be activated from a remote position or send data. Regardless if it's from intel, AMD, some ARM implementer...
          Stop TCPA, stupid software patents and corrupt politicians!

          Comment


          • #6
            Originally posted by cj.wijtmans View Post

            what makes you say that?
            The website gives that impression. Only some of the modules are currently removed, and it depends on exactly what ME version you're dealing with.

            Comment


            • #7
              Is there any way to restore full ME in-case issues arise (aside from hardware SPI chip restore)? And do tools that interact with ME firmware still work?

              Comment


              • #8
                Originally posted by SaucyJack View Post
                The website gives that impression. Only some of the modules are currently removed, and it depends on exactly what ME version you're dealing with.
                https://github.com/corna/me_cleaner/...oes-it-work%3F After a while I updated me_cleaner to remove also most of the Huffman-compressed modules, leaving only:
                • ROMP (not always present)
                • BUP - Bringup (hardware initialization/configuration)


                while all this stuff gets nuked
                • KERNEL - Scheduler, low-level APIs for other modules
                • POLICY - Secondary init tasks, some high-level APIs
                • FTCS
                • The network stack (partition NFTP)
                • The PAVP (partition MDMV, module JCOM) (pavp = protected audio and video path = drm stuff)

                All in all, I wouldn't say it's too bad.

                My Ivy Bridge workstation has a socketed chip and I also happen to have a spare because reasons.... (hehehehehehe, I'mma bricking my own PC, imma bricking my....)

                Comment


                • #9
                  Originally posted by Espionage724 View Post
                  Is there any way to restore full ME in-case issues arise (aside from hardware SPI chip restore)?
                  I'd say no as fuckign with board firmware in general might brick the board completely (no boot at all).
                  Buy a SPI flasher, nowadays there are dirt cheap ones (CH341A) supported by Flashrom.

                  And do tools that interact with ME firmware still work?
                  I'd say also no, as it removes pretty much everything that is not hardware initialization, see above.

                  EDIT: confirmed, tools interacting with ME don't work, and MEI disappears form lspci https://github.com/corna/me_cleaner/issues/3
                  Last edited by starshipeleven; 01-12-2017, 05:13 PM.

                  Comment


                  • #10
                    It is silly how difficult it is to disable this Intel Management Engine (ME). I wish there was just an option in the UEFI setup screen to disable this feature.
                    Why isn't there?

                    Is it possible to restore this functionality once disabled with this Python script?
                    Are there any side-effects to disabling Intel ME, does anything useful stop working?

                    Comment

                    Working...
                    X