>Our team of Positive Technologies researchers has delved deep into the internal architecture of Intel Management Engine (ME) 11, revealing a mechanism that can disable Intel ME after hardware is initialized and the main processor starts
Way more desktops running Minix than any other OS.
Tanenbaum was right.
Christopher Reed
Fuck this is HUGE! I'm very happy to see details about the ME are slowly leaking out. This is extremely close to a full disable, great news!
Thomas Allen
You know Minix is a damn good OS when it is chosen to run on what probably needs to be one of the best secure platforms that exist
Owen Scott
The microkernel approach is pretty much the only non-joke option if you're trying to build a reliable, fault-tolerant system. Minix3 is simply the absolute best such system there is. It'd be bad if the ME wasn't rock solid.
Isaac Moore
They are getting that shit together, which I'm not sure if is a good thing or not. I mean, previous ME versions ran on some ARC frankenstein shit, used ThreadX as the OS that in turn ran a FUCKING JAVA VIRTUAL MACHINE that only then executed the actual ME modules. Fuck me, it is scary to think that. I hope some intel engineer had the foresight to purposely make some real bad design decisions so the project wouldn't work well, but now things seem on track again... Hope it is not for the worst.
Jason Powell
Remember, all you autists need to use ME cleaner without any risk is an SOIC8 clip from ebay for like $6 and figuring out where your board's EEPROM is.
Nathaniel Mitchell
Thankfully, it's too late for Intel anyway. Basically, the industry is split in 2. >intel and arm are telling you to use amd64 and armv8 respectively >everybody else is already on the RISC-V bandwagon. RISC-V will take over microcontrollers, then embedded, then smartphone/tablet/chromebook, then servers, then workstations and, eventually, desktops. The question isn't what anymore, only when. And the clock is ticking for Intel. ARM's already having its last dinner.
Dominic Ramirez
And a SPI programmer and assurance that it will not fry your board if you do it without soldering the chip. Which is far less than it sounds like. 99% of boards will be fine and programmers are very cheap.
Ayden Torres
>ME General Might as well cacll it /meg/ already, if you're going to keep posting the same pasta everyday.
Justin Sullivan
you can't disable the ME
Joshua Bell
>programmers You only need a 3.3v microcontroller devboard, like $10 these days.
Jose Collins
Is there anyway to play with RISC-V today? I'm interested in it, but I don't know where to start.
Luis Reed
Emulator, FPGA or RV32 devboard (some company's already selling those). There just won't be any RV64G chips out for a while still (besides test ASICs, which are being made and have for a while by those working on the actual designs).
Isaac Lewis
i read through the positive tech post about three times and then googled around. as usual, none of the bloggers posting about it read it, since they all said there were tools available NOW to disable ME. there aren't. PT posted one to dump the information about your intel processor, that's it.
me_cleaner requires direct physical access to the processor because it's actually altering the code on it. this new fix appears to be as simple as "setting a bit". does anyone more familiar with this stuff know if that means there'll be a software fix for this users can run, or is it always going to need a soldering iron?
Cameron Fisher
You don't need physical access to use me_cleaner. You can just pass your bios update image to it and if it works, just flash it as you would any normal bios. Results may vary. Me_cleaner already has support for this if I'm not mistaken. If you are afraid to use me_cleaner there is (or will be soon) an option to only set this bit and leave the rest unchanged, so it is a very safe modification.
As of now, you can almost totally disable ME on pretty much any hardware using software tools only and with minimal risk of bricking your board.
Matthew Hill
Also there ARE tools other than me_cleaner. You can use the official intel FIT tool and set the "reserved bit" in the me kernel options to 1 and flash the image. Read it again user.
Adrian Richardson
thanks for clearing that up, i'll wait for the/a tool to be released which just sets the HAP bit and leaves everything else alone. it's my hope that intel will respect people's desires and not interfere with this going forward.
i'm guessing you're not aware of whether or not such a tool will also come in the form of a modifier one must first apply to a BIOS flash update, or if it can be run as a simple .EXE?
Jaxson Robinson
>intel will respect people's desires kek, you are funny user. I will not install any BIOS or microcode updates from now on until I have confirmation they do not modify this behavior. ME is a backdoor, plain and simple. The HAP bit is a fault in it that is going to be patched sooner than later (that is, if they don't already have an exploit that is not affected by HAP, which I would not surprise me at all). Beware of windows updates, if you are dumb enough to actually use windows (if you do, ME is the last of your problems).
>i'll wait for the/a tool to be released which just sets the HAP bit I told you, ME cleaner does this, just not by default. There is a flag that enables that behavior. Look up the issue related to this on github.
>be run as a simple .EXE Extremely unlikely to say the least. This modifies the description region of the ME firmware, I believe it is impossible to modify it from a running system. It should be a safe modification, but there is always the possibility that your bios will refuse to proceed unless the ME is working correctly.
Ian Perry
understood, cheers.
Josiah Butler
So glad I have an X200 with libreboot (which disables the intel me)
Jaxon Anderson
Any of you fags rich on crypto bought a talos 2 yet?
Asher Rivera
Why bother with this shit when you can just buy AMD and not be jewed
Enjoy your AMD botnet as well. Only cure is LIBREBOOT...
Dylan Young
>Libreboot Do you mean trannyboot?
Noah Baker
Is AMD actually free from backdoors or just that we know of?
Hunter White
post 2009 no
Carson Torres
Yes, you can call it trannyboot, go ahead, get your laughs in. But I give ZERO fucks. The project is legit. It allows the user to have 100% control of the system and remove the proprietary BIOS and ME.
AMD is backdoored as well for at least the last 5 years.
Bentley Walker
I like Libreboot but we need to legalize killing trannies because the jails are full and it's becoming a huge issue.
Just look at what they're scheming over at Google. Trannies must be stopped!
Ayden Watson
bulldozer isnt backdoored, at least the CPU's aren't, the APU's are. But it honestly shouldn't matter unless you are hoarding child porn.
Jason Wilson
me doesnt even do shit. Its literally a feature to help you recover your stolen devices.
Aaron Rogers
The backdoors are never in the CPU directly, it's on PCH chipset.
Oh that's good to know. Where can I view the source code to verify that?
>RISC-V shills You have no real corporate backing. Nothing gets moving unless corporations care. Can they get professional support from a reputable vendor? No? I didn't think so. And thus they'll keep choosing ARM.
Jason Mitchell
>Operating system support exists for GNU/Linux, FreeBSD, and NetBSD, but the supervisor-mode instructions are unstandardized as of 10 November 2016,[14] so this support is provisional. The preliminary FreeBSD port to the RISC-V architecture was upstreamed in February 2016, and will ship in FreeBSD 11.0.[20][21]
Jordan Long
I for one hate the i86_64 and ARM hegemony in the consumer market.
David Taylor
What make you think that the US government would have enough competence to make this backdoor safe enough to avoid for example a russian scammer from using it? Someday this shit will backfire hard, with red "pay a bitcoin to recover your compulter files" screens on hundreds of millions of computers.
Christopher Watson
Are you a corporation? No? I didn't think so. Your hate might at best influence some nerds on Sup Forums. The real work happens in big corporations with an Intel/AMD and ARM monopolies in them. Due to their sheer size, they will insist on support from their computer vendor (e.g. HP), who can then complain to Intel/AMD for the corporations. The other market are startups. The only thing they care about is the Apple ecosystem. Apple is a corporation. q.e.d.
Jack Watson
What are you even on about? I just want more competition in the processor like my workstations were like in the 90s.
Honestly, this is all because of Chinese fabs producing literally every piece of silicon. Also doesn't help the market when people (like me) horde their builds for 7-8 years instead of updating every 2 years.
For those who want to have the bit set out of the box.
Are there any other manufacturers who offer this? Sys76?
John Kelly
OY VEYY DELETE THIS NOW
WE NEED TO WATCH YOU IN CASE YOU TRY TO SHOAH ME AGAIN
SHREEEEEEEEEEEEEEEEEEEEE
Josiah Bell
It literally is.
Jaxon Anderson
>risc-v >have no real corporate backing. Are you confused, user? Did you miss the list of risc-v foundation members?
Jaxon Lopez
Foreign intelligence agencies do this all the time. The NSA(US) and GCHQ(UK) are foreign intelligence agencies and hence are barred from spying on their own respective citizens, but obviously not on citizens of other countries. So what they do is they get each other to spy on the other's citizens. Many countries the US is allied with have this arrangement.
Josiah Barnes
NSA outsources it to israelis. did you not even read that shit? what's your point anyway?
Aiden Lee
You can disable all the spyware and backdoor functions. This secret switch was added for use on NSA computers, so you know it's for real.