Hacker News new | past | comments | ask | show | jobs | submit login

AFAIK the ME is required to initialize the processor so it can never be completely disabled. The best you could do is remove any code beyond necessary initialization which has mostly already been done by me_cleaner.



How easy is it to use me_cleaner? Last time I looked it required some wiring and a Raspberry Pi.


Quite straightforward, I used a ch341A SPI programmer. Just make sure you take multiple copies of your original ROM image and compare the hashes of them to make sure there was no screwup.

It took me about 10 minutes to do my ThinkPad. All I lost was some enhanced integrated GPU power management and integrated thermal management, but I use a userland fan control program anyhow.


How much did it cost? Everything


On some devices it's fairly easy: pop the chip out (or attack to it in-circuit with a clip), drop it in a programmer, run a tool.. run me cleaner.. run a tool again.

On other devices you just can't read the chip or you can and me cleaner can't make any sense of it.


Or buy a laptop from a manufacturer with the ME inoperable.


The entire ME can't "technically" be disabled on modern Intel silicon. It's essentially the processor that "bootstraps" the whole CPU. Without (cryptographically signed) code running on the ME, the system can never boot.

All the non-necessary bits can be disabled out of the box, however.


My understanding is that the DOD has access to machines with ME disabled. What is the capability that is disabled there, I wonder and how is that different than ME cleaner? Are they doing basically the same thing?



In what sense?


Afaik that stil leaves Computrace backdoor in the bios.


UEFI can also be "cleaned" in most cases.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: