Linked by Thom Holwerda on Tue 10th Oct 2017 23:45 UTC

The Intel Management Engine ('IME' or 'ME') is an out-of-band co-processor integrated in all post-2006 Intel-CPU-based PCs. It has full network and memory access and runs proprietary, signed, closed-source software at ring -2, independently of the BIOS, main CPU and platform operating system - a fact which many regard as an unacceptable security risk (particularly given that at least one remotely exploitable security hole has already been reported).

In this mini-guide, I'll run through the process of disabling the IME on your target PC.

Apparently, the IME co-processor runs... MINIX 3. That is incredibly fascinating. This means every post-2006 Intel PC runs MINIX.

Permalink for comment 649787
To read all comments associated with this story, please click here.
RE: Interesting process but ...
by CaptainN- on Thu 12th Oct 2017 18:12 UTC in reply to "Interesting process but ..."
Member since:

Wow, this FAQ page makes a strong case for Apple (and maybe others) to ditch x86 quickly

From the FAQ:
"it is our opinion that all performant x86 hardware newer than the AMD Family 15h CPUs (on AMD’s side) or anything post-2009 on Intel’s side is defective by design and cannot safely be used to store, transmit, or process sensitive data. Sensitive data is any data in which a data breach would cause significant economic harm to the entity which created or was responsible for storing said data, so this would include banks, credit card companies, or retailers (customer account records), in addition to the “usual” engineering and software development firms. This also affects whistleblowers, or anyone who needs actual privacy and security."

Apple is really the only larger player that has not only vocally supported privacy, but also actually done some things about it. A switch away from x86 to ARM could allow them to engineer their CPUs without these problems. Of course, I wonder whether they would...

Reply Parent Score: 1