I know there are a lot of folks that do not like Intel Management Engine and whatever they think it might do on their computers. The simple fact is though that it is a needed component for years now. Positive Technologies has laid out everything you need to keep enough of Intel ME around to initialize and launch the Intel processor, and then shut down the process once that has all taken place. And it seems that the HAP NSA program might be responsible for this all. If you are willing to get your hands a bit dirty, you can now turn Intel ME off once booted.
Closing thoughts - So we have found an undocumented PCH strap that can be used to switch on a special mode disabling the main Intel ME functionality at an early stage. We can prove this by the following facts: Binary analysis of Intel ME firmware, as described in this paper. If we remove some critical ME modules and enable HAP mode, Intel ME does not crash. This proves that HAP disables ME at an early stage. We are quite sure that Intel ME is unable to exit this mode because we have not found code capable of doing so in the RBE, KERNEL, and SYSLIB modules.
Read the full article here by [H]ardOCP News/Article Feed
No comments:
Post a Comment