1. 32
    Intel ME is finally cracked hardware security twitter.com

  2. 8

    I feel I need to point out, since we’re now getting daily postings, this all part of the pre black hat dribble disclosure hype train.

    Here’s an article from September about the same. https://www.theregister.co.uk/2017/09/26/intel_management_engine_exploit/ (Not the same reg article as the one posted yesterday, either.)

    1. 2

      I’m not really following this, I’m just aware that it’s a privacy nightmare and that it’s running on pretty much all the hardware I own, so I have a question: does this mean we’re anywhere near finding a way to reliably turn it off?

      1. 7

        Hardware from mid-2008 and earlier, the ME can be completely erased.

        After 2008, the ME is required for booting (specifically the bup “bring-up” module). Additionally, if the ME is missing then the CPU will reboot every thirty minutes. The me_cleaner project is able to neuter the ME by deleting most of the modules. Certain modules (especially bup) need to remain intact. It works with most chips, but check the wiki for compatibility.

        For Skylake and onward, there is also a HAP flag (Hardware Assurance Platform) which, if toggled, disables the ME after boot. The ME is still required for powering on, though.

        Purism has some really great blog posts documenting their struggles with the ME: https://puri.sm/posts/deep-dive-into-intel-me-disablement/