Originally posted by uid313
View Post
You can find options to enable/disable the "ME" in UEFI firmware, but it is not disabling the whole ME, it's disabling only the part that allows remote management (AMT/vPro). http://www.tomshardware.com/reviews/...vm,3003-6.html
And exploits on ME can be done by anything that gets local root access, then once they pwned the ME's firmware they can enable again whatever they feel like is needed.
If you erase most of ME from flash, and like this tool also the modules exposing the APIs used to control it from the OS (and also used for exploits), you have actually "disabled" it. Of course you must keep the board initialization part, but all the rest gets nuked.
Leave a comment: