>What is the Intel Management Engine? The Intel ME is a small co-processor located in the die of modern Intel CPUs. It's advertised as an enterprise feature, but is dangerous for home users that don't need it. You can't buy any modern Intel chips without it. The ME is dangerous because it has access to all of your memory (RAM and hard disks) and access to your OS network stacks, or it can set up its own network stack in memory if no OS is present. This means that it could potentially phone home to Intel or the CIA niggers and feed them every single one of your rare pepes and anime girls. The ME is always running even when the PC is off as long as power is supplied from the wall or a battery. Removing the ME firmware completely or destroying the ME hardware renders the PC completely unbootable, or may trigger the 30 minute boot loop where it shuts down every half hour.
>But no vulnerabilities have ever been found, r-r-right? Wrong. There's an optional (optional for the board vendor) firmware frontend for the ME called AMT which can emulate a serial connection for remote keyboard input, which is one of the official enterprise "features" I mentioned above. There was a proof of concept attack done that would allow an attacker with access to your network to pass data from machine to machine silently and you wouldn't be able to tell if it was happening, since the ME operates at the hardware level of your PC. Just search for "Intel ME vulnerable" and be amazed.
>So what are my options right now? You can use some really old Intel x86 hardware that's from the early Core2 era, or MIPS, or SPARC, or ARM, or AMD stuff from 2011 or before. For some Core2 machines that have the ME you can use Libreboot which contains replacement firmware that completely disables it. The final and newest option is a project by Nicola Corna called ME Cleaner, which essentially neuters the ME and renders it harmless on your system.
>What's the ME firmware like? The Intel ME firmware is stored on the same ROM chip as your BIOS/EFI. The ME firmware itself is highly modular providing flexibility for board vendors. We can use this to our advantage by stripping out the modules that are harmful, and ME Cleaner automates that process. The ME firmware consists of a few basic modules; ROMP (only one some chipsets, starts the BUP securely), BUP (low level hardware init, controls 30 minute watchdog), KERN/KERNEL (scheduler, oversees and loads other modules), POL/POLICY (high level hardware and software [AMT] init), NFTP (networking stuff).
>What does ME Cleaner do? It strips the ME firmware all the way down to just the ROMP (if available) and BUP so that the ME is only doing basic hardware init at boot and power management in the form of shutting off the 30 minute watchdog to prevent the bootloop problem. You use ME Cleaner by first dumping the BIOS ROM. To do this you need to hook up a SPI clip and connect to a Raspberry Pi with Linux where you can run flashrom to interface with the BIOS chip. Once you have a old-firmware.bin (you can name it anything) you run ME Cleaner on that file which will produce new-firmware.bin which you can flash back to the ROM. It's that simple. If anything goes wrong you can just restore to the original dump.
>muh AMD! If it's anything made 2012 or later it has a PSP, which is basically the ME with more uncertainty and less documentation.
You think this is that kind of board? I'm literally considering doing away with Sup Forums altogether. When autists became the new normies it was time to leave.
Landon Cox
Heard about this, will try to disable it on mz i5 after I switch to AMD.
Isaiah Watson
I was considering making a thread like this. I keep bringing this up, but if you're rich as fuck, buy one of these. raptorcs.com/content/base/products.html It's an OpenPOWER-based workstation that is likely to get RYF certification soon. Fully-debotneted, but very expensive
Nathaniel Wright
>having an CPU with ME at all
You big sillies.
Noah Lee
>amd >it has a PSP, which is basically the ME what a shitload of crap bs.
Ethan Wood
I was under the impression that the Management Engine was only present on newer Intel CPUs like, post-Ivy Bridge. Is it on all of them?
Ryder Rogers
>Is it on all of them? and by all of them I mean all Core products like Sandy Bridge and Ivy Bridge.Obviously it doesn't exist on Pentium 2.
Nice. I'm thinking about getting one but I don't really need all that power just for shitposting and extremely light gaming.
I guess this thread isn't for you.
Adults don't need stupid images to back up their claims. Research the PSP a little more, stupid faggot gaymur. If in doubt, run lspci under Linux. If the ME is present it'll show up under your PCI devices.
Matthew Moore
>buying intel LMAO @ ur LIFE
Evan Hernandez
As much as I want open source firmware that's gonna be impossible with how complicated CPUs and GPUs nowadays are, a lot of performance critical and power management is in the firmware and releasing it would make a company less competitive. There's also a issue of 3rd party IP that's no doubt in AMD's PSP(trustzone) I think Intel's should be 99% in house.
Nathaniel Gomez
00:00.0 Host bridge: Intel Corporation Xeon E3-1200 v2/3rd Gen Core processor DRAM Controller (rev 09) 00:01.0 PCI bridge: Intel Corporation Xeon E3-1200 v2/3rd Gen Core processor PCI Express Root Port (rev 09) 00:02.0 VGA compatible controller: Intel Corporation Xeon E3-1200 v2/3rd Gen Core processor Graphics Controller (rev 09) 00:14.0 USB controller: Intel Corporation 7 Series/C210 Series Chipset Family USB xHCI Host Controller (rev 04) 00:16.0 Communication controller: Intel Corporation 7 Series/C210 Series Chipset Family MEI Controller #1 (rev 04) 00:1a.0 USB controller: Intel Corporation 7 Series/C210 Series Chipset Family USB Enhanced Host Controller #2 (rev 04) 00:1b.0 Audio device: Intel Corporation 7 Series/C210 Series Chipset Family High Definition Audio Controller (rev 04) 00:1c.0 PCI bridge: Intel Corporation 7 Series/C210 Series Chipset Family PCI Express Root Port 1 (rev c4) 00:1c.4 PCI bridge: Intel Corporation 7 Series/C210 Series Chipset Family PCI Express Root Port 5 (rev c4) 00:1d.0 USB controller: Intel Corporation 7 Series/C210 Series Chipset Family USB Enhanced Host Controller #1 (rev 04) 00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev a4) 00:1f.0 ISA bridge: Intel Corporation B75 Express Chipset LPC Controller (rev 04) 00:1f.2 SATA controller: Intel Corporation 7 Series/C210 Series Chipset Family 6-port SATA Controller [AHCI mode] (rev 04) 00:1f.3 SMBus: Intel Corporation 7 Series/C210 Series Chipset Family SMBus Controller (rev 04) 01:00.0 Ethernet controller: Intel Corporation 82574L Gigabit Network Connection
Am I safe Onii-chan?
Mason Scott
For open devices, you can get either the TALOS II above, or a device with Libreboot. We can also hope for the best for RISC-V.
Sebastian Morgan
I think I see it on line 5
Cooper Sanders
No.
Hunter Foster
>thinking that this is a chip shilling thread Enjoying the kool-aid, user?
The issue is that people's requirements are so high. Stallman's Lemote had a 800MHz processor, which is fine for him on the command line, but for people who want to do more than email people in emacs, something with a bit more juice is needed.
Jonathan Hernandez
>after I switch to AMD AMD have their own equivalent.
Austin Harris
A 2GHz Core2 is good enough for day to day use still. It's not the fastest and the battery life isn't great but you can run modern software on Libreboot machines like the T400.
Logan Murphy
00:16.0 Communication controller: Intel Corporation 7 Series/C210 Series Chipset Family MEI Controller #1 (rev 04) Subsystem: Gigabyte Technology Co., Ltd Device 1c3a Kernel driver in use: mei_me Kernel modules: mei_me
>Kernel driver in use: mei_me >Kernel modules: mei_me
There's fucking KERNEL DRIVERS for the Management Engine Interface!?!?!
John Lee
Yeah and libreboot devices are 2.26GHz and up. I didn't even bring up the reeeeemote?
Jason Hughes
Blacklist em, see what happens.
Hunter Roberts
I know, but I wont risk destroying my CPU without an alternative, didn't mean to say that I will switch to AMD because they don't have that.
Yes. And the only way to escape the botnet is to go full freetard Stallman was right.
Aaron Diaz
MEI Controller is the Intel Management Engine, so no.
Yeah, there's Linux firmware for it. It's an enterprise "feature" and lots of businesses use Linux.
Nothing happens but the ME still runs independently of the OS.
Dylan Jones
Why not just do deep packet inspection at the router? If you find anything fishy going somewhere you simply block both sides and the port. Unless the ME is magical and can get a TCP/UDP packet outside of the router without it knowing, this shouldn't be too hard.
Elijah Richardson
>router has ME too
YOOOOOOOOOOOOO
Jason Mitchell
>millions of ME enabled devices owned by millions of people >millions of unsecured, outdated, or otherwise not properly configured routers >implying the CIA niggers don't know this >implying they don't use the ME against tech illiterate targets >implying they won't just pull up in a van and take you and your computer to a black site and beat you with an old pipe until you give them your passwords Wew lad.
Jack Kelly
>>millions of ME enabled devices owned by millions of people >>millions of unsecured, outdated, or otherwise not properly configured routers Okay man, but that's not MY problem, I'm worried about botnets on my machines, not theirs.
Nolan Richardson
How do you know that the ME isn't connecting to your neighbors unsecured network and phoning home anyways? What will you do about public wireless networks? How do you know what to block on your router? I guess your plan is fine if you're a NEET that lives in the sewer and only connects to Sup Forums.
Hudson Morris
>ME isn't connecting to your neighbors unsecured network and phoning home anyways? There's no unsecure network near me thankfully. And wireless signals are pretty easy to spot with a analyser, that's unlikely as well.
Would be worried if it was integrated 2G/3G though, I'd have to get creative so that it doesn't work but my phone does.
Connor Wright
Will there ever be a fully open source processor?
Grayson Williams
For a non-botnet processor, we have the previously-mentioned Libreboot devices and TALOS II. If you meant "open" then you gotta wait for RISC-V riscv.org/
Robert Ross
Look at all the glow in the dark shills literally REEEEEEing in this thread.
Keep at 'em lads, bump.
Elijah Ortiz
>BSD license Damn. They could've had it so much better if it was GPL
Gabriel Kelly
They want companies to use it though
there's also nothing stopping a company from making a risc-v cpu with something like ME or PSP
Brayden Thomas
GPL is a fucking meme for communists.
Kayden Edwards
On the other hand, there's nothing stopping one from making a cpu without it. Nothing is perfect, but I think we can admit that this along with OpenPOWER are far better than the x86 situation.
Levi Garcia
bump
Angel Robinson
they need to make this process of removing JEWINTEL backdoor easyer
Owen Gonzalez
Maybe you should talk to Intel about that.
Ethan Carter
...
Charles Hughes
What if i want to upgrade from a 4770k to something non-botnet I don't want a 2,400 dollar cpu/mobo combination though. What would Sup Forums recommend?
Levi Morgan
4770k is already a botnet
Jace Ross
You fags throwing those links at me but never read them yourself? PSP is completely different from ME, learn to read damn it. Seriously, Sup Forums is full of 12 yo retards these days.
>adults If you are 34yo virgin neckbeard you are not an adult
Charles Sanchez
Disable AMT in the BIOS. Use a PCIe NIC as ME relies on the motherboard NIC apparently.
Any info on AMD's equivalent? Can you fuck it up by using a PCIe NIC like you allegedly can with ME?
Nathaniel Campbell
Most MIPS based routers don't let you control your router at all, since the large majority of them are ISP trash
Jason Long
Thus is why I only use librebooted X200 thinkpad
Ian James
You're wrong.
William Morris
>PSP is completely different from ME Only in name, you tech illiterate brand whore.
Juan Allen
No info on the PSP really.
Jackson Perez
Sit back and enjoy your computing experience, soyim.
Liam Jackson
>I don't want a 2,400 dollar cpu/mobo combination though. What would Sup Forums recommend? Thinkpad T60, or X60, or older, or Powerbook G4 of some kind or another.
Hunter Watson
>PSP is completely different from ME This is a complete and total lie from a CIA nigger, go kill yourself bitch.
