Announcement

Collapse
No announcement yet.

It's Becoming Possible To Soft-Disable Intel ME 12 On Newer Motherboards

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • It's Becoming Possible To Soft-Disable Intel ME 12 On Newer Motherboards

    Phoronix: It's Becoming Possible To Soft-Disable Intel ME 12 On Newer Motherboards

    The past few years there's been the me_cleaner software for disabling and stripping parts of Intel's Management Engine for soft-disabling the notorious bit on modern Intel boards. ME_Cleaner has been making much progress and now there is work pending for being able to disable the newer Management Engine 12 found on more recent Intel motherboards...

    http://www.phoronix.com/scan.php?pag...-ME-12-Cleaner

  • #2
    If you're that paranoid to be trying to disable Intel ME then maybe you shouldn't use computers in the first place: CPUs/MB chipsets/NICs/GPUs/audio chips all have a closed design and all have built-in ROM and/or firmware which can't really be extracted or analyzed. Even HDDs/SSDs now contain ARM/MIPS CPUs with firmware. It's pretty much a lost cause.

    Comment


    • #3
      Originally posted by birdie View Post
      If you're that paranoid to be trying to disable Intel ME then maybe you shouldn't use computers in the first place: CPUs/MB chipsets/NICs/GPUs/audio chips all have a closed design and all have built-in ROM and/or firmware which can't really be extracted or analyzed. Even HDDs/SSDs now contain ARM/MIPS CPUs with firmware. It's pretty much a lost cause.
      If you're that stupid then you're a lost cause.

      Comment


      • #4
        birdie reducing attack surface by disabling services that you don't use has nothing to do with paranoia. It's called common sense.
        Try reading a system hardening manual, might give you a clue.
        Last edited by FrankL; 06-15-2019, 08:52 AM.

        Comment


        • #5
          Originally posted by FrankL View Post
          birdie reducing attack surface by disabling services that you don't use has nothing to do with paranoia. It's called common sense.
          Try reading a system hardening manual, might give you a clue.
          All my systems have their attack surface reduced to the minimum. Funny to hear comments from a Phoronix no one directed towards a network administrator who manages a fleet of over five dozen servers which serve over a hundred network requests every second. Security wannabe "experts" at Phoronix are always extremely funny and equally pathetic: they call for disabling access to dmesg (no publicly known breaches due to it), now IntelME (likewise) and most of them don't really understand hardware CPU vulnerabilities (likewise), so those must always have mitigations enabled against them even in environments where such attacks are impossible to carry out. Also, this wonderful tool for disabling IntelME can easily kill your motherboard.

          Yeah, I'll now rush to read such a manual. Thank you for enlightening me. No idea how I've lived without it previously.
          Clueless fucking idiots are all around giving advice no one asked them for.

          Originally posted by xnor View Post

          If you're that stupid then you're a lost cause.
          Who are you? An internet troll? xnor doesn't ring a bell for me. Perhaps you're also a renowned security expert in your sandbox.
          Last edited by birdie; 06-15-2019, 10:51 AM.

          Comment


          • #6
            Originally posted by birdie View Post
            If you're that paranoid to be trying to disable Intel ME then maybe you shouldn't use computers in the first place: CPUs/MB chipsets/NICs/GPUs/audio chips all have a closed design and all have built-in ROM and/or firmware which can't really be extracted or analyzed. Even HDDs/SSDs now contain ARM/MIPS CPUs with firmware. It's pretty much a lost cause.
            The big difference is that firmware in HDDs doesn't have below ring-0 access to network

            Comment


            • #7
              Originally posted by Termy View Post

              The big difference is that firmware in HDDs doesn't have below ring-0 access to network
              They effectively do. They could insert arbitrary rootkits into your operating system.

              Comment


              • #8
                Originally posted by birdie View Post

                All my systems have their attack surface reduced to the minimum. Funny to hear comments from a Phoronix no one directed towards a network administrator who manages a fleet of over five dozen servers which serve over a hundred network requests every second. Security wannabe "experts" at Phoronix are always extremely funny and equally pathetic: they call for disabling access to dmesg (no publicly known breaches due to it), now IntelME (likewise) and most of them don't really understand hardware CPU vulnerabilities (likewise), so those must always have mitigations enabled against them even in environments where such attacks are impossible to carry out. Also, this wonderful tool for disabling IntelME can easily kill your motherboard.

                Yeah, I'll now rush to read such a manual. Thank you for enlightening me. No idea how I've lived without it previously.
                Clueless fucking idiots are all around giving advice no one asked them for.



                Who are you? An internet troll? xnor doesn't ring a bell for me. Perhaps you're also a renowned security expert in your sandbox.
                such an eloquent way of calling NSA's high assurance platform mode a bunch of bullshit used by wannabe security experts. Sure it is...

                I wish the organization you work for a lot of luck, they may need it.

                Comment


                • #9
                  Originally posted by FrankL View Post

                  such an eloquent way of calling NSA's high assurance platform mode a bunch of bullshit used by wannabe security experts. Sure it is...

                  I wish the organization you work for a lot of luck, they may need it.
                  Haven't had a single breach in my 20+ years of work but perhaps it's just pure stupid luck. Phoronix experts surely know better. Keep posting your BS.

                  Comment


                  • #10
                    Originally posted by archkde View Post

                    They effectively do. They could insert arbitrary rootkits into your operating system.
                    Good luck with that when your operating system.

                    Comment

                    Working...
                    X