System76 Will Disable Intel Management Engine On Its Linux Laptops (liliputing.com) 21
System76 is rolling out a firmware update for its recent laptops that will disable the Intel Management Engine altogether. The decision comes after a major security vulnerability was discovered that would allow an attacker with local access to execute arbitrary code. Liliputing reports: What's noteworthy in the System76 announcement is that the PC maker isn't just planning to disable Intel ME in computers that ship from now on. The company will send out an update that disables it on existing computers with 6th, 7th, or 8th-gen Intel Core processors. System76 also notes that Intel ME "provides no functionality for System76 laptop customers and is safe to disable." Right now the firmware update will only be available for computers running Ubuntu 16.04 or later or a related operating system with the System76 driver. But the company says it's working on developing a command line tool that should work on laptops running other GNU/Linux-based operating systems. System76 says it will also release an update for its desktop computers... but on those machines the update will patch the security vulnerability rather than disabling Intel ME altogether.
I want to belieeeeeve!!! Save us system76 you're our only hope!!
There was new-ish news about this from the summer. A few privacy-minded places are starting to shut the ME down in various ways, some by spoofing the flag the government uses to disable it on its own systems, others in other ways.
The problem was understanding what IME does as it is a encrypted black box piece of hunk.
But things are made quite a lot easier with the literal NSA bit that disables everything but the bare essentials to operate the machine.
At this point all AMD has to do is willingly release the information to provably disable their own management engine equivalent and they can sweep the market.
Too late, amd has psp.
Wake me when they start shipping laptops with it physically removed or burned out.
Oh, admit it, you're thinking of drilling some holes in a few motherboards as a test, too.
Second time I've seen this post, and I want to believe it's accurate and complete. Can any 3rd party verify this information in any way with a citation?
Yea, the monitoring time is the real question I have here. Weeks... eh, slight confidence boost. Months... better. YEARS (multiple) and maybe we have reasonable confidence there isn't some timeout that waits before trying other outbound ports.
Are clandestine services staging servers pushing very direct requests over 16992-16995 to an ip that get detected time to time?
Huge malware scans up and down ip ranges in a random attempt to find the hardware that responds as cover? Ty.
/ Yeah, I said 5 years. This thing is 3-4 years old