On Wed, Nov 22, 2017 at 10:36 PM, taii...@gmx.com <taii...@gmx.com> wrote:
> On 11/22/2017 11:16 PM, R0b0t1 wrote:
>
>> Does anyone have more information on this? Has anything been
>> published? I'm interested in exploiting my own computers so I can
>> control the ME.
>
> It seems that it is the same people who figured out HAP mode but they
> haven't made a blog update I would ask on the coreboot mailinglist, there
> are some very smart people there.
>
> Although I doubt you will find any real information anywhere at all due to
> the recent "white hat" tendency to restrict the real nuts and bolts info and
> utilities to wealthy corporations instead of us peons who *gasp* might do
> something "bad" with it/don't have lots of money to pay for a "premier"
> support account.
>
This does make me sad. In a case such as this it makes the most sense
to me that the details be released so people who want to control their
devices are allowed to do so before the holes are patched.
> I am curious as to why you wish to do this, considering you can buy a libre
> firmware owner controlled motherboard with better functionality (ex:
> OpenBMC) than any me/psp board for only $250 and $100 for a FX-8310
> equivalent cpu.
>
I attempted to use some vPro/ME functionality and found it broken or
unsuable. So, I suppose I want access to the ME so I can use it for
what it was advertised to do. Currently I have not gotten it to do any
of those things, and its security is unprovable.
> On 11/22/2017 11:18 PM, R0b0t1 wrote:
>
>> On Wed, Nov 22, 2017 at 6:03 PM, taii...@gmx.com <taii...@gmx.com> wrote:
>>>
>>> Using ME cleaner would also solve the issue and you wouldn't need any
>>> more
>>> firmware updates when the next "bug" comes around.
>>>
>> Intel ME has been found to remain active after being disabled, and
>> some motherboards that do not ship as "vPro enabled" and consequently
>> haven't had the licensing paid for certain features have been found
>> with those same features enabled. I own an Asus laptop which is
>> affected. Some Asus forum post reported that there's a Java-based SOAP
>> webserver listening on the port associated with Intel ME. Intel ME is
>> not visible to the BIOS, and so it can't be turned any more "off."
>
> I understand the limitations of me_cleaner, although in this case it would
> in fact solve the problems as all the currently *publicly* discovered "bugs"
> are all ME feature exploits (and the features are removed by me_cleaner)
> rather than exploits of the ME kernel although I am certain that one is on
> the way.
>
> Believe me I know what I am talking about, I regularly provide support on
> the coreboot mailinglist and I own a variety of devices that are owner
> controlled with libre firmware (and of course no ME/PSP).
Well, at no point did I question your aptitude, but I think the
information I outlined is a pretty good argument for assuming the ME
can not be disabled.
Even if true, there's not much to be done about it anyway.
Cheers,
R0b0t1
