System76's Coreboot open firmware now manages to disable Intel ME
submitted 10 months ago by [deleted] from (blog.system76.com)
view the rest of the comments →
[–]Drewski 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 0 fun3 insightful - 1 fun - 10 months ago (1 child)
Top comment on hacker news:
This does not "disable" Intel ME. The ME is instrumental to the boot process and it is impossible to boot a modern Intel x86 system without it. It's quite tiring seeing x86 vendors continuing to misrepresent this. See comment by bri3d below for details. It appears they're just sending a command to the ME politely asking it to stop doing things, maybe. Of course, this happens long after the ME has already done a great deal of work bringing up the system. Of the three options for ME scope reduction, none are good and none actually "disable" the ME, but it seems like they've chosen the least effective/audited option of the three. I should add that if you don't trust the ME not to be owned, there's not really any reason to trust that it will honour a polite request to stop doing anything sent to it, and you can't trust it not to have compromised the boot process anyway, making this rather pointless.
This does not "disable" Intel ME. The ME is instrumental to the boot process and it is impossible to boot a modern Intel x86 system without it. It's quite tiring seeing x86 vendors continuing to misrepresent this.
See comment by bri3d below for details. It appears they're just sending a command to the ME politely asking it to stop doing things, maybe. Of course, this happens long after the ME has already done a great deal of work bringing up the system.
Of the three options for ME scope reduction, none are good and none actually "disable" the ME, but it seems like they've chosen the least effective/audited option of the three. I should add that if you don't trust the ME not to be owned, there's not really any reason to trust that it will honour a polite request to stop doing anything sent to it, and you can't trust it not to have compromised the boot process anyway, making this rather pointless.
[–]iamonlyoneman 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 0 fun2 insightful - 1 fun - 10 months ago (0 children)
besides which, you are trusting some literallywho programmer to be nice enough to not jack your shit from a different direction if you use this. So.
use the following search parameters to narrow your results:
e.g. sub:pics site:imgur.com dog
sub:pics site:imgur.com dog
advanced search: by author, sub...
~6 users here now
Technology and related articles and discussion
view the rest of the comments →
[–]Drewski 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 0 fun3 insightful - 1 fun - (1 child)
[–]iamonlyoneman 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 0 fun2 insightful - 1 fun - (0 children)