On Wed, Sep 27, 2017 at 10:10 AM, J.B. Nicholson jbn@forestfield.org wrote:
Quite; does this disable function fully and completely disable all attempts at using any ME functionality such that nothing can re-enable the ME, or is this disablement somehow impermanent or more limited in some way?
AFAIK the ME will start booting, see the switch, disable the watchdog that would shut the machine down in 30 minutes normally and turn itself off.
I ask because I vaguely recall that someone (Purism, perhaps?) had remote ME accesses disabled but still allowed local accesses. This struck me as nearly useless because such an arrangement would allow running a program to relay ME requests and responses over a network connection (an ME proxy, basically).
No Purism has effectively disabled the ME completely at this point. I say effectively because they have disabled everything but the BUP module. So no it doesn't have remote access and it can't run anny 3d party code. It seems like they have put this on hold and switched to porting Coreboot. But even assuming they had only disabled remote access wouldn't that mean that an attacker would need physical access to the machine instead of doing a remote attack?
https://puri.sm/posts/neutralizing-intel-management-engine-on-librem-laptops...
arm-netbook mailing list arm-netbook@lists.phcomp.co.uk http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook Send large attachments to arm-netbook@files.phcomp.co.uk