Slashdot Mirror

← Back to Stories (view on slashdot.org)

System76 Will Disable Intel Management Engine On Its Linux Laptops (liliputing.com)

Posted by BeauHD on from the gone-with-the-wind dept.

System76 is rolling out a firmware update for its recent laptops that will disable the Intel Management Engine altogether. The decision comes after a major security vulnerability was discovered that would allow an attacker with local access to execute arbitrary code. Liliputing reports: What's noteworthy in the System76 announcement is that the PC maker isn't just planning to disable Intel ME in computers that ship from now on. The company will send out an update that disables it on existing computers with 6th, 7th, or 8th-gen Intel Core processors. System76 also notes that Intel ME "provides no functionality for System76 laptop customers and is safe to disable." Right now the firmware update will only be available for computers running Ubuntu 16.04 or later or a related operating system with the System76 driver. But the company says it's working on developing a command line tool that should work on laptops running other GNU/Linux-based operating systems. System76 says it will also release an update for its desktop computers... but on those machines the update will patch the security vulnerability rather than disabling Intel ME altogether.

5 of 149 comments (clear)

  1. Re:If it works by Narcocide · · Score: 3, Interesting

    I want to belieeeeeve!!! Save us system76 you're our only hope!!

  2. Re:I will only buy non-Intel chips now by Narcocide · · Score: 5, Interesting

    At this point all AMD has to do is willingly release the information to provably disable their own management engine equivalent and they can sweep the market.

  3. Re:LOL! Not really (downmod me? I repost)... apk by OrangeTide · · Score: 4, Interesting

    Your downmodded posts aren't hidden. They are correctly categorized as garbage. Some people will browse and see the 0 and -1 garbage, usually other mods or brave people with too much free time.

    Reasons that APK deserves frequent downmoding:
      1. lacks an account and always posts as AC
      2. makes duplicate posts
      3. admits to trying to avoid moderation
      4. frequently posts off topic advertisements for his [free] products and services.
      5. talks like a git. really his English phrasing is bizarre.

    --
    “Common sense is not so common.” — Voltaire
  4. Minix more popular on laptops than Linux by Keruo · · Score: 5, Interesting

    Isn't it mind-boggling that Minix is actually more used on laptops currently than Linux?

    (The management engine runs custom version of Minix)

    --
    There are no atheists when recovering from tape backup.
  5. Re:Having worked at Intel... by tlhIngan · · Score: 4, Interesting

    I suspect that this was brought into the Core line due to those people building servers needing remote management using i7, etc. chips, but that's just a guess.

    No, it was brought into the main chips because servers have stuff like IPMI and ILO for remote management, but employee PCs do not. And the same reason servers can be remotely managed can be applied to employee PCs and laptops. The only difference is servers are usually concentrated in a few areas, so it's much easier for 10,000 servers to be locally managed than 10,000 PCs, making the case for remote management of PCs even more critical.

    You can do bare metal bringups - perhaps the employee got to their desk and their PC is dead - it won't load the OS and there's lots of error messages. IT's effectively ILO or IPMI for consumer grade machines.

    Of course, you can't "disable" IME - you can neuter it. The firmware that controls power and boot and startup and all that must still run in order for the main CPU to be brought up, so you need IME to do that part. Neutering basically disables all the remore management while leaving the power management code still active.