[coreboot] Disabling Intel ME 11 via undocumented mode

[Youness Alaoui]

> I guess I still disagree with the use of the word "disabled".  If the ME
> wasn't required for boot, and was actually disabled within a few cycles
> of its CPU starting, the remaining attack surface simply wouldn't exist.
>  This is not what happens though, and AFAIK even the ME kernel continues
> to run since the ME needs to continue handling platform power events.
> If this many holes are present in even the ROM code, then having the ME
> kernel running remains a massive security problem.
>

I'm just going to answer the bit about the use of the term "disabled".
I've explained it in my blog post before (here if you missed it :
https://puri.sm/posts/deep-dive-into-intel-me-disablement/) but I do
believe the ME is in this case Disabled. What you are thinking about
is what I called "Removed". The reason it's called disabled is because
the ME stops running, it's not actively doing anything, it doesn't
respond to HECI, it doesn't even boot into the kernel. You said that
"the ME kernel continues to run", but that's not the case. The entire
ME core stops execution during the bring-up phase, so it's technically
disabled because it stops itself at some point after boot.
Having the ME *removed* would be interesting because that would mean
that even the bring up phase wouldn't get executed and we could remove
the entire ME firmware from the flash. But that still wouldn't mean
that nothing runs on the ME core because there is still some small
code embeded in the ROM.
Anyways, that's my justification on why using the term "disabled" is
valid in this case when HAP is enabled. You are free to disagree if
that didn't convince you.