Purism Now Offers Laptops with Intel's 'Management Engine' Disabled (puri.sm)

← Back to Stories (view on slashdot.org)

Purism Now Offers Laptops with Intel's 'Management Engine' Disabled (puri.sm)

Posted by EditorDavid on Sunday October 29, 2017 @02:30AM from the AMT-away dept.

"San Francisco company Purism announced that they are now offering their Librem laptops with the Intel Management Engine disabled," writes Slashdot reader boudie2. Purism describes Management Engine as "a separate CPU that can run and control a computer even when powered off."

HardOCP reports that Management Engine "is widely despised by security professionals and privacy advocates because it relies on signed and secret Intel code, isn't easily alterable, isn't fully documented, and has been found to be vulnerable to exploitation... In short, it's a tiny potentially hackable computer in your computer that you cannot totally control, nor opt-out of, but it can totally control your system."

Purism writes: Disabling the Management Engine is no easy task, and it has taken security researchers years to find a way to properly and verifiably disable it. Purism, because it runs coreboot and maintains its own BIOS firmware update process, has been able to release and ship coreboot that disables the Management Engine from running, directly halting the ME CPU without the ability of recovery... "Disabling the Management Engine, long believed to be impossible, is now possible and available in all current Librem laptops. It is also available as a software update for previously shipped recent Librem laptops," says Todd Weaver, Founder & CEO of Purism.

5 of 151 comments (clear)

Min score:

Reason:

Sort:

Upgrades? by goombah99 · 2017-10-29 02:35 · Score: 4, Insightful

Does this also mean they can "unlock" the soft-locked downgrades on the cheaper processor series to make them full strength?
So if the management engine isn't actually necessary what actually does it provide?
Is this new one open source? or have we met the new boss, same as the old boss?
What country is Purism based in or owned by?

--
Some drink at the fountain of knowledge. Others just gargle.
1. Re:Upgrades? by fph+il+quozientatore · 2017-10-29 03:09 · Score: 5, Insightful
  
  So if the management engine isn't actually necessary what actually does it provide?
  Oh, honey. It's a backdoor by the NSA. They can remotely access your computer, no matter what is installed on it, and even if it's turned off. No, I'm not kidding and it's not a conspiracy theory.
  
  --
  My first program:
  Hell Segmentation fault
2. Re:Upgrades? by PolygamousRanchKid+ · 2017-10-29 03:33 · Score: 2, Insightful
  
  So if the management engine isn't actually necessary what actually does it provide?
  It provides an excellent opportunity for your government to get to know you better! Your wants, your needs . . . your seditious thoughts and deeds . . . whether you voted for President Zuckerberg or not . . .
  
  What country is Purism based in or owned by?
  Does it even matter any more . . . ? The British share their "intelligence" with the Americans, who usually just buy it from some "leaky" old German SED folks who are still working on the taxpayers' dime to undermine the evil capitalist system. A better question would be to ask which companies own which countries.
  The Clintons sell stuff to Russia; Trump "makes business deals" with Russia, but in Putinist Russia Parlance, it looks like "Russia dealed him!"
  Hey, the various leaders of the world are deeply divided on social and political issues, but they are united in one common goal . . . to keep an eye on, and control their populations.
  I'm American, grew up there, and lived there until I graduated from college, but have been living and working in Europe since then. (It wasn't really planned; it just kinda sorta happened). On one business trip to scenic Austin, Texas, I drove by a car dealership and something unsettled me, but I couldn't determine what it was . . .
  . . . until I realized that there were signs advertising "Pre-Owned Cars!" Um, wouldn't that be what we used to call, "Used Cars" . . . ? Isn't that what they really are . . . ? At any rate, why call this critter the "Intel Management Engine"? To be honest, Intel should call it, "The Intel Secret Backdoor To Your Computer, Allowing Access For Folks Who You Do Not Want!"
  
  --
  Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
3. Re:Upgrades? by Anonymous Coward · 2017-10-29 06:51 · Score: 2, Insightful
  
  No, it's in all Intel motherboards made in the last 7-10 years.
  And the BIOS doesn't disable it. It just makes it unresponsive to YOU - all this has been documented.
Excellent by gweihir · 2017-10-29 03:09 · Score: 5, Insightful

It is time to regard the ME (and the AMD equivalent) as what they are: Hardware back-doors. I would like to see more research into breaking into them, disabling them and eventually also reprogramming them. Until the CPU manufacturers hand out full documentation and a reliable way to disable, they must be regarded as malicious attackers in any scenario where security matters.
In the end, this is a good thing however. With a bit of luck, nobody will get away with hidden undocumented hardware in the not so distant future.

--
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.