Only a few weeks after the news that security researchers had managed to completely disable the Intel Management Engine, Purism has announced it’s disabling the IME on all of its available Librem laptops.
Purism’s Librem Laptops, running coreboot, are now available with the Intel Management Engine completely and verifiably disabled.
The Management Engine (ME), part of Intel AMT, is a separate CPU that can run and control a computer even when powered off. The ME has been the bane of the security market since 2008 on all Intel based CPUs, with publicly released exploits against it, is now disabled by default on all Purism Librem laptops.
Disabling the Management Engine is no easy task, and it has taken security researchers years to find a way to properly and verifiably disable it. Purism, because it runs coreboot and maintains its own BIOS firmware update process has been able to release and ship coreboot that disables the Management Engine from running, directly halting the ME CPU without the ability of recovery.
Now this is something I can get behind. However, I bet Intel will start playing whack-a-mole and modifying it with each CPU release instead of offering an option to not have it altogether.