Benjamin_Loison/linux
1
0
Code Issues 78 Packages Projects Wiki

Get rid of Intel Management Engine #81

New Issue
Open
opened 2025-06-06 01:17:13 +02:00 by Benjamin_Loison · 8 comments
Benjamin_Loison commented 2025-06-06 01:17:13 +02:00
Owner
Copy Link

I strongly suspect that it is a backdoor.

Wikipedia: Intel Management Engine#Commercial ME disablement (1288161181)

Are non-US military, government and intelligence agencies supposed to have it enabled as well?

See the message: 
-----BEGIN PGP MESSAGE-----

hF4DTQa9Wom5MBgSAQdAmahrfcManT3ALSPL5/nJp6ciuLjYtIgwiitgnE18YDsw
a6Gw355ixncBpWyO6Kd1gDPC7/KFS+TniyuQFB13qCCCbE21WWxWS9CWdm9Zlmoq
0qoB9mWVokwAg8ncS7sN7IRNp2I7ZEBqO604fluXW04QLHOqE2P3Tg9d6RbLIe4q
mzB5LQBCAo6a6EjyATNo719+dEidM6q0CcuvqSJ4MPuDRwK1l88ohp9XiTJAFbpu
LIyAZabUi8oh5Cd+ttMM9ZB3lOgLLtXsJBR+L82gDaIFeVbkVyNagk8liGekX2jP
ev8xqZZXEkVNDb2Wp+F9SttapU2m9fgTrVw8vA==
=lSbf
-----END PGP MESSAGE-----

Should investigate again:

Wikipedia: Coreboot
Wikipedia: Libreboot

I have in mind both my Linux Mint 22.1 Cinnamon Framework 13 and Debian 12 GNOME Pegasus.

Should investigate the Internet as for the former I suspect that this issue has already been considered.

I strongly suspect that it is a backdoor. [Wikipedia: Intel Management Engine#Commercial ME disablement (1288161181)](https://en.wikipedia.org/w/index.php?title=Intel_Management_Engine&oldid=1288161181#Commercial_ME_disablement) Are non-US military, government and intelligence agencies supposed to have it enabled as well? <details> <summary>See the message:</summary> ``` -----BEGIN PGP MESSAGE----- hF4DTQa9Wom5MBgSAQdAmahrfcManT3ALSPL5/nJp6ciuLjYtIgwiitgnE18YDsw a6Gw355ixncBpWyO6Kd1gDPC7/KFS+TniyuQFB13qCCCbE21WWxWS9CWdm9Zlmoq 0qoB9mWVokwAg8ncS7sN7IRNp2I7ZEBqO604fluXW04QLHOqE2P3Tg9d6RbLIe4q mzB5LQBCAo6a6EjyATNo719+dEidM6q0CcuvqSJ4MPuDRwK1l88ohp9XiTJAFbpu LIyAZabUi8oh5Cd+ttMM9ZB3lOgLLtXsJBR+L82gDaIFeVbkVyNagk8liGekX2jP ev8xqZZXEkVNDb2Wp+F9SttapU2m9fgTrVw8vA== =lSbf -----END PGP MESSAGE----- ``` </details> Should investigate again: [Wikipedia: Coreboot](https://en.wikipedia.org/wiki/Coreboot) [Wikipedia: Libreboot](https://en.wikipedia.org/wiki/Libreboot) I have in mind both my Linux Mint 22.1 Cinnamon Framework 13 and Debian 12 GNOME *Pegasus*. Should investigate the Internet as for the former I suspect that this issue has already been considered.
Benjamin_Loison commented 2025-06-06 01:23:53 +02:00
Author
Owner
Copy Link

Wikipedia: System76 (1279721800)

System76's firmware partly disables the Intel Management Engine;[13][14] the Intel Management Engine is proprietary firmware which runs an operating system in post-2008 Intel chipsets.[15]

Wikipedia: Purism (company) (1291447068)

Purism does its best to remove Intel's Management Engine from its Librem laptops, considering it a security problem.[25] Still, it was unable to completely avoid using proprietary BIOS firmware, earning criticism from the Coreboot and Libreboot projects (which are working on free firmware, but as of 2015 had not yet achieved support of the contemporary hardware that Librem uses).[26] Since summer 2017, new Librem laptops are shipped with coreboot as their standard BIOS, and updates are available for all older models.[27]

Related to Benjamin-Loison/EmbeddedController/issues/11.

Should read https://puri.sm/projects/coreboot/

[Wikipedia: System76 (1279721800)](https://en.wikipedia.org/w/index.php?title=System76&oldid=1279721800) > System76's firmware partly disables the Intel Management Engine;[13][14] the Intel Management Engine is proprietary firmware which runs an operating system in post-2008 Intel chipsets.[15] [Wikipedia: Purism (company) (1291447068)](https://en.wikipedia.org/w/index.php?title=Purism_(company)&oldid=1291447068) > Purism does its best to remove Intel's Management Engine from its Librem laptops, considering it a security problem.[25] Still, it was unable to completely avoid using proprietary BIOS firmware, earning criticism from the Coreboot and Libreboot projects (which are working on free firmware, but as of 2015 had not yet achieved support of the contemporary hardware that Librem uses).[26] Since summer 2017, new Librem laptops are shipped with coreboot as their standard BIOS, and updates are available for all older models.[27] Related to [Benjamin-Loison/EmbeddedController/issues/11](https://github.com/Benjamin-Loison/EmbeddedController/issues/11). Should read https://puri.sm/projects/coreboot/
Benjamin_Loison commented 2025-06-06 01:24:55 +02:00
Author
Owner
Copy Link

https://system76.com/components/ is quite ridiculous, I prefer a repairable device than one open-source and privacy oriented.

https://system76.com/components/ is quite ridiculous, I prefer a repairable device than one open-source and privacy oriented.
Benjamin_Loison commented 2025-06-06 01:25:16 +02:00
Author
Owner
Copy Link

https://puri.sm/products/librem-14/ > PureBoot and Librem Key

Disabled the Intel Management engine

https://puri.sm/products/librem-14/ > *PureBoot and Librem Key* > Disabled the Intel Management engine
Benjamin_Loison commented 2025-06-06 01:35:06 +02:00
Author
Owner
Copy Link

Laptop Accessories does not mention much but https://shop.puri.sm/shop/ is quite serious:

https://puri.sm/products/liberty-phone/ Toward the greatest phone experience shows missing important features.
Note that the OS is Debian based.

Currently only available in the United States:

*Laptop Accessories* does not mention much but https://shop.puri.sm/shop/ is quite serious: - https://shop.puri.sm/shop/l5-screen/ - https://shop.puri.sm/shop/librem-5-or-liberty-phone-back-cover/ - https://shop.puri.sm/shop/librem-5-evergreen-battery/ - https://shop.puri.sm/shop/librem-5-modem/ - https://shop.puri.sm/shop/privacy-screen-for-librem-5-evergreen/ - https://shop.puri.sm/shop/librem-5-screen-protector/ - https://shop.puri.sm/shop/sparklan-wnfb-266axibt-wifi-module/ https://puri.sm/products/liberty-phone/ *Toward the greatest phone experience* shows missing important features. Note that the OS is Debian based. *Currently only available in the United States*: - https://shop.puri.sm/shop/librem-awesim/ - https://shop.puri.sm/shop/librem-simple-plus/ - https://shop.puri.sm/shop/librem-simple/
Benjamin_Loison commented 2025-06-06 01:37:16 +02:00
Author
Owner
Copy Link

https://shop.puri.sm/shop/librem-15-battery/
https://shop.puri.sm/shop/power-adapter-librem-13-librem-15/
https://shop.puri.sm/shop/privacy-screen-for-librem-15/
https://shop.puri.sm/shop/laptop-screws-set/

seems quite limited compared to Framework.

https://shop.puri.sm/shop/librem-15-battery/ https://shop.puri.sm/shop/power-adapter-librem-13-librem-15/ https://shop.puri.sm/shop/privacy-screen-for-librem-15/ https://shop.puri.sm/shop/laptop-screws-set/ seems quite limited compared to Framework.
Benjamin_Loison commented 2025-06-06 13:08:53 +02:00
Author
Owner
Copy Link

What about AMD?

I have in mind the server: 
-----BEGIN PGP MESSAGE-----

hF4DTQa9Wom5MBgSAQdANaIL8YLMA7PbkC5ljsztVR3mn8VUVtBNnU0FnuBtklUw
y2R7C5kcyw77dg0aDFvRofHlkgaSs6ZQ2uNlJJE5WBl5zGN47MeoVFTCdr/MCkq1
1FEBCQIQ9a4jlh6AHHOOuLHtzXtkkswlZ3R1ll9854NqSZjSQUKYKOfQk/2IfCNH
3Bg6Ag2QGaEiF5mQ2gt++YX4jFbWClsrGrBPeUZbMnk+5Qo=
=R8iQ
-----END PGP MESSAGE-----

What about ARM for Oracle Cloud?

What about AMD? <details> <summary>I have in mind the server:</summary> ``` -----BEGIN PGP MESSAGE----- hF4DTQa9Wom5MBgSAQdANaIL8YLMA7PbkC5ljsztVR3mn8VUVtBNnU0FnuBtklUw y2R7C5kcyw77dg0aDFvRofHlkgaSs6ZQ2uNlJJE5WBl5zGN47MeoVFTCdr/MCkq1 1FEBCQIQ9a4jlh6AHHOOuLHtzXtkkswlZ3R1ll9854NqSZjSQUKYKOfQk/2IfCNH 3Bg6Ag2QGaEiF5mQ2gt++YX4jFbWClsrGrBPeUZbMnk+5Qo= =R8iQ -----END PGP MESSAGE----- ``` </details> What about ARM for Oracle Cloud?
Benjamin_Loison commented 2025-06-06 13:09:26 +02:00
Author
Owner
Copy Link

Is there a similar thing for NVIDIA GPUs?

Is there a similar thing for NVIDIA GPUs?
Benjamin_Loison commented 2025-06-06 13:20:15 +02:00
Author
Owner
Copy Link

Wikipedia: Minix 3 (1283797043)

[Wikipedia: Minix 3 (1283797043)](https://en.wikipedia.org/w/index.php?title=Minix_3&oldid=1283797043)
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Benjamin_Loison
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Benjamin_Loison/linux#81
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?