The Intel Management Engine ('IME' or 'ME') is an out-of-band co-processor integrated in all post-2006 Intel-CPU-based PCs. It has full network and memory access and runs proprietary, signed, closed-source software at ring -2, independently of the BIOS, main CPU and platform operating system - a fact which many regard as an unacceptable security risk (particularly given that at least one remotely exploitable security hole has already been reported).

In this mini-guide, I'll run through the process of disabling the IME on your target PC.

Apparently, the IME co-processor runs... MINIX 3. That is incredibly fascinating. This means every post-2006 Intel PC runs MINIX.

Member since:

The article claims AMD has an equivalent but all I have found is a bunch of FUD that all link back to a couple of 2012 articles saying "AMD has licensed Trustzone and plan to use it in the future" but I have found ZERO evidence they ever did anything with ARM Trustzone other than use it for the console APUs they sold to MSFT and Sony.

With the Intel version you can find code for the IME, you can find where it is on the chip layouts, I have scoured over everything I can find on AMD chips and have found exactly squat when it comes to AMD having their own IME, instead it all comes back to those same couple of 2012 articles. Even AMD's Trustzone page hasn't been updated since 2013 so unless someone can show us some current code or chip layouts showing Trustzone on current AMD processors? I'm calling FUD.

ssokolow

It doesn't help that AMD changed the name twice. First to PSP (Platform Security Processor) and now to "Secure Processor".

According to this article, the first in-the-wild PSP cores back in 2014 were 32-bit ARM Cortex-A5 cores:,3813-2.htm...

...and here are some more recent links about it:

Edited 2017-10-13 00:33 UTC

