Researchers disable Intel Management Engine via undocumented function
blog.ptsecurity.com
>Our team of Positive Technologies researchers has delved deep into the internal architecture of Intel Management Engine (ME) 11, revealing a mechanism that can disable Intel ME after hardware is initialized and the main processor starts
yes user, the management engine is jewish.
Delete this
OwO
What's this?
>minix based
Year of the Minix desktop!
Way more desktops running Minix than any other OS.
Tanenbaum was right.
Fuck this is HUGE!
I'm very happy to see details about the ME are slowly leaking out. This is extremely close to a full disable, great news!
You know Minix is a damn good OS when it is chosen to run on what probably needs to be one of the best secure platforms that exist
The microkernel approach is pretty much the only non-joke option if you're trying to build a reliable, fault-tolerant system.
Minix3 is simply the absolute best such system there is.
It'd be bad if the ME wasn't rock solid.
They are getting that shit together, which I'm not sure if is a good thing or not.
I mean, previous ME versions ran on some ARC frankenstein shit, used ThreadX as the OS that in turn ran a FUCKING JAVA VIRTUAL MACHINE that only then executed the actual ME modules.
Fuck me, it is scary to think that. I hope some intel engineer had the foresight to purposely make some real bad design decisions so the project wouldn't work well, but now things seem on track again... Hope it is not for the worst.
Remember, all you autists need to use ME cleaner without any risk is an SOIC8 clip from ebay for like $6 and figuring out where your board's EEPROM is.
Thankfully, it's too late for Intel anyway.
Basically, the industry is split in 2.
>intel and arm are telling you to use amd64 and armv8 respectively
>everybody else is already on the RISC-V bandwagon.
RISC-V will take over microcontrollers, then embedded, then smartphone/tablet/chromebook, then servers, then workstations and, eventually, desktops.
The question isn't what anymore, only when. And the clock is ticking for Intel. ARM's already having its last dinner.
And a SPI programmer and assurance that it will not fry your board if you do it without soldering the chip.
Which is far less than it sounds like. 99% of boards will be fine and programmers are very cheap.
>ME General
Might as well cacll it /meg/ already, if you're going to keep posting the same pasta everyday.
you can't disable the ME
>programmers
You only need a 3.3v microcontroller devboard, like $10 these days.
Is there anyway to play with RISC-V today? I'm interested in it, but I don't know where to start.
Emulator, FPGA or RV32 devboard (some company's already selling those). There just won't be any RV64G chips out for a while still (besides test ASICs, which are being made and have for a while by those working on the actual designs).
i read through the positive tech post about three times and then googled around. as usual, none of the bloggers posting about it read it, since they all said there were tools available NOW to disable ME.
there aren't. PT posted one to dump the information about your intel processor, that's it.
me_cleaner requires direct physical access to the processor because it's actually altering the code on it. this new fix appears to be as simple as "setting a bit".
does anyone more familiar with this stuff know if that means there'll be a software fix for this users can run, or is it always going to need a soldering iron?
You don't need physical access to use me_cleaner. You can just pass your bios update image to it and if it works, just flash it as you would any normal bios. Results may vary.
Me_cleaner already has support for this if I'm not mistaken. If you are afraid to use me_cleaner there is (or will be soon) an option to only set this bit and leave the rest unchanged, so it is a very safe modification.
As of now, you can almost totally disable ME on pretty much any hardware using software tools only and with minimal risk of bricking your board.
Also there ARE tools other than me_cleaner. You can use the official intel FIT tool and set the "reserved bit" in the me kernel options to 1 and flash the image.
Read it again user.
thanks for clearing that up, i'll wait for the/a tool to be released which just sets the HAP bit and leaves everything else alone. it's my hope that intel will respect people's desires and not interfere with this going forward.
i'm guessing you're not aware of whether or not such a tool will also come in the form of a modifier one must first apply to a BIOS flash update, or if it can be run as a simple .EXE?
>intel will respect people's desires
kek, you are funny user. I will not install any BIOS or microcode updates from now on until I have confirmation they do not modify this behavior.
ME is a backdoor, plain and simple. The HAP bit is a fault in it that is going to be patched sooner than later (that is, if they don't already have an exploit that is not affected by HAP, which I would not surprise me at all).
Beware of windows updates, if you are dumb enough to actually use windows (if you do, ME is the last of your problems).
>i'll wait for the/a tool to be released which just sets the HAP bit
I told you, ME cleaner does this, just not by default. There is a flag that enables that behavior. Look up the issue related to this on github.
>be run as a simple .EXE
Extremely unlikely to say the least. This modifies the description region of the ME firmware, I believe it is impossible to modify it from a running system.
It should be a safe modification, but there is always the possibility that your bios will refuse to proceed unless the ME is working correctly.
understood, cheers.
So glad I have an X200 with libreboot (which disables the intel me)
Any of you fags rich on crypto bought a talos 2 yet?
Why bother with this shit when you can just buy AMD and not be jewed
I'm guessing you never heard of PSP?
libreboot.org
libreboot.org
Enjoy your AMD botnet as well.
Only cure is LIBREBOOT...
>Libreboot
Do you mean trannyboot?
Is AMD actually free from backdoors or just that we know of?
post 2009 no
Yes, you can call it trannyboot, go ahead, get your laughs in. But I give ZERO fucks. The project is legit. It allows the user to have 100% control of the system and remove the proprietary BIOS and ME.
AMD is backdoored as well for at least the last 5 years.
I like Libreboot but we need to legalize killing trannies because the jails are full and it's becoming a huge issue.
Just look at what they're scheming over at Google. Trannies must be stopped!
bulldozer isnt backdoored, at least the CPU's aren't, the APU's are. But it honestly shouldn't matter unless you are hoarding child porn.
me doesnt even do shit. Its literally a feature to help you recover your stolen devices.
The backdoors are never in the CPU directly, it's on PCH chipset.
Oh that's good to know. Where can I view the source code to verify that?
nice try, NSA
Soon.
>shouldn't matter unless you are hoarding child porn.
Haha, dumb pig shit computer slave. You don't even know the taste of freedom.
I'm sure having the backdoor is juuuust fine. Who cares if literally anyone can remotely log-in to your laptop that AMD never released the BIOS update for: theregister.co.uk
>RISC-V shills
You have no real corporate backing. Nothing gets moving unless corporations care. Can they get professional support from a reputable vendor? No? I didn't think so. And thus they'll keep choosing ARM.
>Operating system support exists for GNU/Linux, FreeBSD, and NetBSD, but the supervisor-mode instructions are unstandardized as of 10 November 2016,[14] so this support is provisional. The preliminary FreeBSD port to the RISC-V architecture was upstreamed in February 2016, and will ship in FreeBSD 11.0.[20][21]
I for one hate the i86_64 and ARM hegemony in the consumer market.
What make you think that the US government would have enough competence to make this backdoor safe enough to avoid for example a russian scammer from using it?
Someday this shit will backfire hard, with red "pay a bitcoin to recover your compulter files" screens on hundreds of millions of computers.
Are you a corporation? No? I didn't think so.
Your hate might at best influence some nerds on Sup Forums. The real work happens in big corporations with an Intel/AMD and ARM monopolies in them. Due to their sheer size, they will insist on support from their computer vendor (e.g. HP), who can then complain to Intel/AMD for the corporations.
The other market are startups. The only thing they care about is the Apple ecosystem. Apple is a corporation.
q.e.d.
What are you even on about? I just want more competition in the processor like my workstations were like in the 90s.
Honestly, this is all because of Chinese fabs producing literally every piece of silicon. Also doesn't help the market when people (like me) horde their builds for 7-8 years instead of updating every 2 years.
For those who want to have the bit set out of the box.
Are there any other manufacturers who offer this? Sys76?
OY VEYY DELETE THIS NOW
WE NEED TO WATCH YOU IN CASE YOU TRY TO SHOAH ME AGAIN
SHREEEEEEEEEEEEEEEEEEEEE
It literally is.
>risc-v
>have no real corporate backing.
Are you confused, user?
Did you miss the list of risc-v foundation members?
Foreign intelligence agencies do this all the time. The NSA(US) and GCHQ(UK) are foreign intelligence agencies and hence are barred from spying on their own respective citizens, but obviously not on citizens of other countries.
So what they do is they get each other to spy on the other's citizens. Many countries the US is allied with have this arrangement.
NSA outsources it to israelis. did you not even read that shit? what's your point anyway?
You can disable all the spyware and backdoor functions. This secret switch was added for use on NSA computers, so you know it's for real.
bump
OY VEY DELET THIS GOY
