We could just remove or cleanse the ME to seal this loophole.

在 2017年05月02日 00:13, Sam Kuper 写道:
On 01/05/2017, Shawn <citypw@gmail.com> wrote:

https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/

The piece states, "on April 25, Intel released a firmware fix for this
unnamed issue. It affects every Intel machine from Nehalem in 2008 to
Kaby Lake in 2017."

Has anyone here got a link describing or including the fix, either
directly from Intel, or from an OEM? At the moment, there are no
advisories listed at https://security-center.intel.com/advisories.aspx
newer than April 3, so presumably either the piece is false, or else
the firmware fix was released to OEMs but not publicly.

Discussion elsewhere:

https://news.ycombinator.com/item?id=14237266

https://www.reddit.com/r/linux/comments/68ma1a/every_intel_platform_with_amt_ism_and_sbt_from/