On Sun, March 25, 2018 3:21 pm, thierry.laurion@gmail.com wrote:
On 03/23/2018 05:22 PM, Taiidan@gmx.com wrote:
Please also keep in mind that it is impossible to disable ME.
That is not a binary yes/no fact.
Depending of the ME version, it is possible to deactivate it. The following x230 is not a server, but an example for older ME versions.
The resulting ME is 98304 bytes, containing the ROMP and BUP modules only. The booting system complains about ME, tries to initialize it for 3 seconds and then gives up.
I know that the story is different for newer versions of ME/Servers. But that statement of saying that disabling ME is impossible is not empowering at all and not completely true.
Might just be a matter of semantics. Can you say ME is completely "disabled" or "deactivated", even on older systems, if the system requires ROMP and BUP to function? Have those 98304 bytes of code been analyzed for weaknesses/obfuscation? (Don't actually know the answer to this one although I know there has been some progress like https://mobile.twitter.com/rootkovska/status/938458875522666497).
How about a phrase like "ME can be deactivated after initialization"- I think that evaluates to true for everyone without getting into secret opcodes/silicon. Like you said, probably can't be distilled down into a single +/- word without losing context.