Disable Intel ME
qub...@tutanota.com
--
Securely sent with Tutanota. Claim your encrypted mailbox today!
https://tutanota.com
Connor Page
Reg Tiangha
> thank you for the link. I have successfuly tried it on a Haswell notebook. it doesn't disable ME but (supposedly) limits it's functionality by removing all modules but 2.
>
do this procedure, or are there software tools that can be used within
Windows or Linux to flash the ME with the modified image?
qmast...@gmail.com
Yes, of course you need an external hardware flasher, because it is a laptop. Laptops have EC embedded controller, which interferes with "software" internal flashing and makes it either fail completely, or write a corrupted BIOS image (which would result in computer not booting next time). That is why in flashrom, a flag for internal flashing on laptops is: -p internal:laptop=force_I_want_a_brick . See more information here - https://www.flashrom.org/Laptops
About external hardware flashing: this method is described in great detail here - http://dangerousprototypes.com/docs/Flashing_a_BIOS_chip_with_Bus_Pirate although most of the time it talks about Bus Pirate programmer, this method is almost the same for CH341A - which is the cheapest hardware programmer supported by flashrom (costs just $2-$3). Just a slightly different flashrom command - mentioned at the end of this article. It will be great if you could reproduce this method - not just for the sake of reflashing a BIOS of your laptop to remove ME, but also you will be able to reflash other laptops who failed a BIOS update and now not booting, - probably earning some good money on it
Stickstoff
On 01/08/2017 07:17 PM, qub...@tutanota.com wrote:
> This article may help some Users who wish to disable INTEL ME
> https://hackaday.com/tag/intel-me
There is a new method to mostly disable Intel ME, two days old [1].
The former approach which you linked to is from november 28 and needs
"physical" flashing of the flash.
The new approach works with a python script.
The wiki [2] lists what exactly is removed (five modules) and what
remains (one to two basic modules).
It's too bad the "Talos" crowdsourcing [3] (The world's first
ATX-compatible, workstation-class mainboard for the IBM POWER8
processor.) failed. But at least we're making progress on the Intel ME
front as well.
[1] https://www.phoronix.com/scan.php?page=news_item&px=Intel-ME-Cleaning
[2] https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F
[3]
https://www.crowdsupply.com/raptor-computing-systems/talos-secure-workstation
Reg Tiangha
(it first surfaced in October) and it's only just recently that Phoronix
picked the story up.
The python script will strip down a full ME image (either dumped or
procured from an archive of ME firmwares that exists on the internet, if
you trust that repository of course), but I don't think it'll flash the
new image within an OS because the entire chip isn't exposed in
software, only certain areas that allow for certain partitions to be
upgraded hence the need for an external hardware flasher, unless things
have really changed recently?
Have things changed and does the python script also flash the rom now??
I can't tell from their instructions, and their wiki still points to the
page that shows how to do it with a hardware flasher. I know a hardware
flasher is cheap, although I don't know how things will work if the ME
is soldered onto the main board (I don't have much experience with these
things). If this could be done successfully through software (you can
flash an ME upgrade firmware in Windows with Intel's tools, just not a
stock rom AFAIK), that'd be really convenient.
Tai...@gmx.com
disables MEcleaner for good (and now we have AMD PSP too)
A more realistic goal for secure computing is making libre firmware for
the "affordable" (for the level of juice you get) $4.5K IBM "Habanero"
S812LC rather than a crowdfunding campaign with a 3.5Mil funding goal,
most people in the linux community really suck and don't actually care
that much about truly free computing :[
IMO they should have went after corporate and government secure
computing funding (DARPA is really interested in that ATM) as that is
where the money is.