Technically speaking, Intel can take steps to make it easier for consumers to prevent ME from booting.
Take AMD for example. In 2027, AMD plans to publish OpenSIL, which will basically give the community keys to the initialisation of silicon (which includes AMD PSP). Of course, Intel being the POS that they are aren’t going to do that
Bit of a noob question wrt IME, but I noticed a toggle in the linux kernel configuration menu to disable IME the other day when I was compiling my first custom kernel. I understand that IME is a separate processor with separate network access that operates at or below the BIOS/UEFI level of the system. Does the linux kernel option actually do anything? And if not why is it there.
It doesn’t seem like that should be able to do anything, knowing what I do know about the IME
This is serious (and exciting) news to me. I need to take a look, do you have any resources that talk about this? Indeed, the kernel should not be able to do anything about ME, but what do I know, Kernel developers are much smarter than I am.
Can’t check right now, but I think the option you saw in the kernel config is for a driver to interact with the ME. Intel Management Engine has an interface called HECI for firmware and operating systems to query status and get event messages. It probably is also used to configure other stuff
like AMT remote management.
Technically speaking, Intel can take steps to make it easier for consumers to prevent ME from booting.
Take AMD for example. In 2027, AMD plans to publish OpenSIL, which will basically give the community keys to the initialisation of silicon (which includes AMD PSP). Of course, Intel being the POS that they are aren’t going to do that
Bit of a noob question wrt IME, but I noticed a toggle in the linux kernel configuration menu to disable IME the other day when I was compiling my first custom kernel. I understand that IME is a separate processor with separate network access that operates at or below the BIOS/UEFI level of the system. Does the linux kernel option actually do anything? And if not why is it there.
It doesn’t seem like that should be able to do anything, knowing what I do know about the IME
This is serious (and exciting) news to me. I need to take a look, do you have any resources that talk about this? Indeed, the kernel should not be able to do anything about ME, but what do I know, Kernel developers are much smarter than I am.
Can’t check right now, but I think the option you saw in the kernel config is for a driver to interact with the ME. Intel Management Engine has an interface called HECI for firmware and operating systems to query status and get event messages. It probably is also used to configure other stuff like AMT remote management.
deleted by creator
so … intel is preventing you from disabling IME …
deleted by creator