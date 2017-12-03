Dell Begins Offering Laptops With Intel's 'Management Engine' Disabled (liliputing.com) 38
An anonymous reader quotes Liliputing.com Linux computer vendor System76 announced this week that it will roll out a firmware update to disable Intel Management Engine on laptops sold in the past few years. Purism will also disable Intel Management Engine on computers it sells moving forward. Those two computer companies are pretty small players in the multi-billion dollar PC industry. But it turns out one of the world's largest PC companies is also offering customers the option of buying a computer with Intel Management Engine disabled.
At least three Dell computers can be configured with an "Intel vPro -- ME Inoperable, Custom Order" option, although you'll have to pay a little extra for those configurations... While Intel doesn't officially provide an option to disable its Management Engine, independent security researchers have discovered methods for doing that and we're starting to see PC makers make use of those methods.
The option appears to be available on most of Dell's Latitude laptops (from the 12- to 15-inch screens), including the 7480, 5480, and 5580 and the Latitude 14 5000 Series (as well as several "Rugged" and "Rugged Extreme" models).
Dell is charging anywhere from $20.92 to $40 to disable Intel's Management Engine.
the problem with opt-out and herd immunity (Score:2)
In general opt-out is problematic. Most people don't do it then the vendors say "see no one wants to opt-out", making it a self-fulfilling prophecy. Now imagine you charge them or limit their options to some expensive computer models if they want to opt-out. That's not going to work.
And the basic problem here is that it's not me that I'm worried about it's, collectively, everyone else. The same logic as getting a Flu shot. THe herd immunity protects you more than the flu shot you just got.
I want everyo
DIY (Score:3, Interesting)
So in theory, it doesn't matter if you order one of these 'Custom Order' editions? You'll be able to apply the exact same changes yourself?
New slogan! (Score:3)
Intel Management Engine: the original Systemd.
"Disabled", not disabled. (Score:2, Interesting)
Does anyone trust Intel or Dell (or AMD or anyone else) enough at this point to actually believe that the chip is disabled? Or that it won't just be magically re-enabled the first time you log in to the machine? How can anyone independently verify that the chip is actually disabled and stays that way?
We need to move back towards more open hardware and things like physical switches to turn devices on and off, DIP switches to configure hardware, and on-board fuses that can be permanently blown to disable thin
No, it won't be disabled. It'll just be hidden, as usual. It'll still be in the silicon and they'll still be able to reenable it at will.
I've also never seen it used. For servers, OEMs add in their own controller chip to implement IPMI and their custom shit, and that's all you need. Dell's DRAC/iDRAC, HP's iLO, etc. They don't live in the CPU have ring negative 9999 access, and you can turn them off!
Re: (Score:3)
On what basis do you claim this? Since Dell is not being specific about how they disable it there's very little reason to assume that it's a physical change. Since the Intel Management Engine can reasonable considered to be directly accessible to law enforcement, I don't see why most vendors will not leave it accessible to court ordered access. They consider it important to cooperate with national governments to retain export licenses and government contract work.
I've also never seen it used.
Not for anything useful, however it is well known to cause horrible, unavoidable latency spikes in real time response, for example in financial transaction platforms.
Sure, use a dip switch for everything. And then build an extra room in your house so you have space for your mainboard.
It's all microcontrollers these days, DIP switches mean nothing since you can't be sure the firmware code will honour the DIP switches configurations.
The reason this shit is in consumer-grade hardware is because it's a "free feature". So, why not include it? It's the same reasoning as to why we can't buy a consumer TV without tons of "smart TV" features we don't want. After all, it's cheaper to offer only a single SKU.
Companies throw in these "extras", but apparently don't really consider the fact that sometimes, extra features can actually be "anti-features", in that they might have an actual penalty in terms of security or usability. It's why compa
From the start this was a problem (Score:2)
Well, its a start, at least. With a little luck, maybe vendors will get the message that we don't want this black box privacy invading systems in our computers. I remember when Intel had us over to show off their latest and greatest and they were just gushing with pride over this system. I asked them then about the potential privacy and security problems and all they could answer with is don't worry, it will be the most secure system ever made. Like I haven't heard that a million times with the same res
Disabling the Intel ME - direct story link (Score:3)
Rather than having to follow yet a Slashdot link to another Slashdot link, which then has a link to the actual story - here is a direct one:
Researchers find a way to disable Intel's Management Engine [bleepingcomputer.com].
If we discussed something on Slashdot before it is of great value to click through and read the comments rather than posting a direct link and have the same discussions over and over again.
Is unprovision the same as disabled? (Score:1)
I ran the INTEL-SA-00075 procedures to verify unprovisioning and that the LMS service was stopped. My question i
"<code>" tag abused, comment ignored.
Intel created it's own operating system on a chip that is almost completely outside of user control. It has full functionality to read and take control of any part of your PC, even when it is powered off. All the code is black boxed and unreadable to the user so there is no auditing it to see if it is secure. If a hacker or virus was able to re-write the OS on the chip (something that has confirmed to be possible), they would have complete control of your system with virtually no way to remove it. For p
Now that the secret is out (it was security by obscurity), hackers, viruses and trojans will try to hack your intel CPU. Once it's hacked, the hack could be inside the CPU itself so reformatting your HDD or even install a different OS wouldn't matter.
does AMD have this sort of feature? (Score:2)
Yes, it's called a "Platform Security Processor".
1. https://libreboot.org/faq.html... [libreboot.org]
Thank you to the Linux laptop vendor (Score:3)
Thank you to the Linux hardware vendor [system76.com] who took the leadership role in opting out of this Intel spyware madness. For any of you thinking about finally escaping the Windows chamber of horrors, this company deserves your business.