[coreboot] Disabling Intel ME 11 via undocumented mode

Gregg Levine gregg.drwho8 at gmail.com
Sun Dec 17 01:03:23 CET 2017 

Hello!
(Today on my regular laptop who might be so gifted with the Intel ME.)
All this nattering and grommishing around about the Intel ME device is
interesting and fun sort-of. But this does not explain what the Intel
ME is and what it does. And what about it has caused an almost
incredible display of discussions on both this list, and the Hack A
Day regular blog.

For example this laptop does run Linux and in fact does host my
(occasional) efforts to explore the meaning behind coreboot and its
ancestors.

What would be the indicators  to look for via the lspci command? And
what is interesting is that I ran the Windows(!) version of the Intel
tool to tell me what to look for.Suffice to say the response was
confusing,.
-----
Gregg C Levine gregg.drwho8 at gmail.com
"This signature fought the Time Wars, time and again."


On Sat, Dec 16, 2017 at 4:03 PM, Denis 'GNUtoo' Carikli
<GNUtoo at no-log.org> wrote:
> On Thu, 14 Dec 2017 20:25:53 -0500
> Youness Alaoui <kakaroto at kakaroto.homelinux.net> wrote:
>
>> In my opinion, the ME is indeed disabled because the entire ME
>> functionality is disabled, no ME processes are running, and the kernel
>> on its own is irrelevant, even if it keeps running.
>> However, I do not have anymore a strong counter opinion to your
>> statement that you don't consider the ME to be disabled as I
>> originally did.
>> It all depends on how we choose to see it, I consider it to be
>> disabled, and you consider that it's not. It will always differ on
>> each person's interpretation of the definition of the word "disabled".
> [...]
>> All I could find online about the actual definition of the word
>> "disabled" is either :
> [...]
>>   * "rendered inoperative (as by being damaged or deliberately
>> altered)" (Merriam-Webster dictionary)
> [...]
>>   * "to make ineffective or inoperative" (Merriam-Webster dictionary)
>>   * "To deprive of capability or effectiveness, especially to impair
> I find it more interesting to try to explain what is really going on to
> people, by using some construct like that:
> "disabled/limited/etc" by <Setting the HAP BIT>, with the first part
> being a judgment of the person writing that over what is acceptable or
> not, and the last part that tries to explain what it really means, so
> the people reading it could still have their own judgment on whether
> they consider it acceptable or not.
>
> Denis.
>
> --
> coreboot mailing list: coreboot at coreboot.org
> https://mail.coreboot.org/mailman/listinfo/coreboot

More information about the coreboot mailing list