System76's Coreboot open firmware now manages to disable Intel ME

submitted by [deleted] from (blog.system76.com)

all 6 comments
sorted by:
top
newinsightfulfun

[–]Alphix 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (2 children)

Holy shit, if they can do this, how come no linux distro is doing it?

More importantly, are they also going to defeat the AMD equivalent? (I forget its name)

Either way, it looks like right now, Intel + System76 is the way forward. How close is this to Linux in terms of compatibility?

[–]Megatron95 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (1 child)

They have their own Linux distro called Pop! OS that's based on Ubuntu.

https://pop.system76.com/

[–]Alphix 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Well goddamn, now all I gotta do is change my high end AMD system for an Intel one and I'm free. Digitally, at least.

[–]Drewski 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (1 child)

Top comment on hacker news:

This does not "disable" Intel ME. The ME is instrumental to the boot process and it is impossible to boot a modern Intel x86 system without it. It's quite tiring seeing x86 vendors continuing to misrepresent this.

See comment by bri3d below for details. It appears they're just sending a command to the ME politely asking it to stop doing things, maybe. Of course, this happens long after the ME has already done a great deal of work bringing up the system.

Of the three options for ME scope reduction, none are good and none actually "disable" the ME, but it seems like they've chosen the least effective/audited option of the three. I should add that if you don't trust the ME not to be owned, there's not really any reason to trust that it will honour a polite request to stop doing anything sent to it, and you can't trust it not to have compromised the boot process anyway, making this rather pointless.

[–]iamonlyoneman 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

besides which, you are trusting some literallywho programmer to be nice enough to not jack your shit from a different direction if you use this. So.

[–]newguy 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

I hope there is a new era of non-backdoored CPUs. But given that all CPUs are manufactured at like 2 production facilities worldwide, seems unlikely.

I love the software disable, but how complete is it? Is there a backup ME system on the chip? Can the firmware update be bypassed? Is this update actually affecting the ME or just the CPU's communication with it?

It's probably fiction, but I can't help but think of John Titor and his quest to find a certain Intel CPU model that existed before the hardware backdoors were built in