Sakaki's EFI Install Guide/Disabling the Intel Management Engine - Gentoo Wiki


16 bookmarks. First posted by hace 7 days ago.


Sakaki's EFI Install Guide/Disabling the Intel Management Engine
security  hardware  from twitter_favs
7 days ago by dne
In this mini-guide, I'll run through the process of disabling the IME on your target PC. To do so, we will use Nicola Corna's me_cleaner. This software operates on the firmware stored in your PC's BIOS chip (where the bulk of the ME's code resides), and does two things:

sets the 'High Assurance Program' bit, an ME 'kill switch' that the US government reportedly[8] had incorporated for PCs used in sensitive applications[9];
removes the vast majority of the ME's software modules (including network stack, RTOS and Java VM), leaving only the essential 'bring up' components (the latter being necessary because, on modern systems, if the IME fails to initialize, a 30 minute watchdog timer resets the whole PC[10]).
This combined 'belt-and-braces' approach means that the ME ought
diy  hardware  security  ime  intel  chip 
7 days ago by ivar
Gentoo Wiki
hardware  diy  security  tutorial 
7 days ago by hace