Linked by Thom Holwerda on Tue 24th Oct 2017 19:00 UTC
Intel

Only a few weeks after the news that security researchers had managed to completely disable the Intel Management Engine, Purism has announced it's disabling the IME on all of its available Librem laptops.

Purism's Librem Laptops, running coreboot, are now available with the Intel Management Engine completely and verifiably disabled.

The Management Engine (ME), part of Intel AMT, is a separate CPU that can run and control a computer even when powered off. The ME has been the bane of the security market since 2008 on all Intel based CPUs, with publicly released exploits against it, is now disabled by default on all Purism Librem laptops.

Disabling the Management Engine is no easy task, and it has taken security researchers years to find a way to properly and verifiably disable it. Purism, because it runs coreboot and maintains its own BIOS firmware update process has been able to release and ship coreboot that disables the Management Engine from running, directly halting the ME CPU without the ability of recovery.

Great move.

Thread beginning with comment 650226
To read all comments associated with this story, please click here.
Awesome
by Poseidon on Tue 24th Oct 2017 20:12 UTC
Poseidon
Member since:
2009-10-31

Now this is something I can get behind. However, I bet Intel will start playing whack-a-mole and modifying it with each CPU release instead of offering an option to not have it altogether.

Reply Score: 7

RE: Awesome
by shotsman on Wed 25th Oct 2017 06:05 in reply to "Awesome"
shotsman Member since:
2005-07-22

I agree. There may well be a few DMCA suits flying around as well.
"The Man" has gotta have his backdoors...

Reply Parent Score: 1

RE: Awesome
by BlueofRainbow on Thu 26th Oct 2017 03:29 in reply to "Awesome"
BlueofRainbow Member since:
2009-01-06

Yep - Intel is likely to counter-act every single move to disable IME.
Are AMD products free from such behind the scene interface?

Reply Parent Score: 3

RE[2]: Awesome
by Andre on Thu 26th Oct 2017 19:05 in reply to "RE: Awesome"
Andre Member since:
2005-07-06

According to the LibreBoot FAQ, AMD also has its own IME-like stuff called Platform Security Processor (PSP).

https://libreboot.org/faq.html#amd

Reply Parent Score: 2