1. 9

  2. 4

    This is my understanding of this thread so far:

    The Intel ME is an additional chip (commonly an ARC microprocessor) added to all Intel processors of the past decade. It is used to provide some security and management features for large enterprises, and things like an anti-theft lock. If paired with an Intel network adapter and appropriate configuration, it can access the Internet. It is impossible to disable. The firmware is signed and encrypted or compressed in a way that makes reverse engineering challenging. Basically, it is a network connected, always-on black box system inside your CPU.

    From the logs posted by the author, it seems that flashing the last 4KiB of the SPI ROM cause the Intel ME to get stuck in a boot-crash-reset loop, making it incapable of performing at least some of its duties, such as powering down the system after 30 minutes if it detects the firmware has been tampered with.

    If true, this could be an interesting development! I wonder if this works with other generations as well.

    Am I missing something important/wrong about any of this?

    1. 3

      Am I missing something important/wrong about any of this?

      Incredibly late reply, but I recently learned that if the Intel CPU advertises the “Anti-Theft” feature, then the Management Engine includes a 3G transmitter can access the internet over a paired 3G card as well. Even supports location beaconing. Found in vPro chips, Sandy Bridge and up.

      1. 1

        Reliable source for that?

        1. 2

          Foot slightly in mouth, the “3G module” inside the Management Engine appears to work with 3G cards found inside supported laptops, but the transmitter is not literally included in the CPU die.

          Intel ME Secrets by Igor Skochinsky (pdf), see slides 8 and 17. Slide 8 indicates that the ME will use a 3G connection if available. Slide 17 details ME modules including TDT (Anti-Theft / Theft Deterrence Technology).

          The most detailed info is straight from one of Intel’s promotional documents: Protect Laptops and Data with Intel® Anti-Theft Technology (pdf)

          New Intel AT features take advantage of 3G networks With Intel® Anti-Theft Technology (Intel® AT), IT administrators can now use encrypted SMS messages over a 3G network to send a poison pill, remotely unlock a recovered laptop quickly, or direct the system to send location information (GPS coordinates) back to the central server:

          • Poison pill delivery via an encrypted SMS message over a 3g network. 3G connections can occur regardless of the state of the OS, via a direct hardware link between Intel AT and the 3G module.
          • Remote unlock via an encrypted SMS message over a 3g network. This lets IT reactivate the laptop within minutes of recovering the PC.
          • Location beaconing. Intel AT can now transmit latitude and longitude (using GPS coordinates) to the central server if the system is equipped with a supported 3G module. IT administrators can specify automated beaconing at regular intervals or location information on request when the laptop is marked as lost or stolen.

          To take advantage of 3G-based communication, the laptop does not need to be connected to the Internet, but it must be within range of a 3G network.

          So, this probably does not affect desktops which lack a 3G card. It would be more of a concern for enterprise-grade laptops.

        2. 1

          Interesting to know. Luckily, very few laptops include a 3G or 4G module. Good to know I should avoid that option whenever possible, though!

      2. 4

        Nitpicker’s corner: X230 is Ivy Bridge.

        1. 1

          I seem to recall there being an i3 model that was Sandy Bridge (mine is Ivy Bridge, though).