What You Need To Know About The Intel Management Engine

HACKADAY
WHAT YOU NEED TO KNOW ABOUT

THE INTEL MANAGEMENT ENGINE
by: Brian Benchoff 93 Comments
December 11, 2017
Over the last decade, Intel has been including a tiny little microcontroller inside their
CPUs. This microcontroller is connected to everything, and can shuttle data between
your hard drive and your network adapter. It’s always on, even when the rest of your
computer is off, and with the right software, you can wake it up over a network
connection. Parts of this spy chip were included in the silicon at the behest of the
NSA. In short, if you were designing a piece of hardware to spy on everyone using an
Intel-branded computer, you would come up with something like the Intel Managment
Engine.
Last week, researchers [Mark Ermolov] and [Maxim Goryachy] presented an exploit at
BlackHat Europe allowing for arbitrary code execution on the Intel ME platform. This is
only a local attack, one that requires physical access to a machine. The cat is out of
the bag, though, and this is the exploit we’ve all been expecting. This is the exploit
that forces Intel and OEMs to consider the security implications of the Intel
Management Engine. What does this actually mean?
What the Management Engine Is and Does

Intel’s Management Engine is only
a small part of a collection of tools,
hardware, and software hidden
deep inside some the latest Intel
CPUs. These chips and software
first appeared in the early 2000s
as Trusted Platform Modules.
These small crypto chips formed
the root of ‘trust’ on a computer. If
the TPM could be trusted, the entire computer could be trusted. Then came Active
Management Technology, a set of embedded processors for Ethernet controllers. The
idea behind this system was to allow for provisioning of laptops in corporate
environments. Over the years, a few more bits of hardware were added to CPUs. This
was the Intel Management Engine, a small system that was connected to every
peripheral in a computer. The Intel ME is connected to the network interface, and it’s
connected to storage. The Intel ME is still on, even when your computer is off.
Theoretically, if you type on a keyboard connected to a powered-down computer, the
Intel ME can send those keypresses off to servers unknown.
In addition to the release of the ME exploit at Black Hat, we’ve learned a lot in the last
few weeks. The ME is actually running Minix, a ‘hobby’ or ‘teaching’ operating system
created by [Andy Tanenbaum], and the OS that gave birth to Linux. There is a
significant discussion of the BSD licensing versus the GPL licensing of Minix and
Linux, but that’s an argument for another time.
For several years now, researchers have been investigating the set of chips Intel has
included in their latest CPUs. Unfortunately, Intel decided that closed-source was the
way to go, and with that security researchers had an idea of what the Intel ME could
do, but had no idea how that was done, and whether or not there were any security
holes. This week, that wall was breached. Now anyone can execute arbitrary code on
the Intel ME with a USB stick.
Mitigation
With the immense problems of the Intel Managment Engine, is there anything a
regular joe can do to mitigate the security risks? Is there any way to just turn the ME
off? Thankfully yes, with a few caveats.
System76, makers of fine Linux laptops and desktops, have released their own
firmware update to disable the ME. Additionally, Dell is now selling a laptop — the
ruggedized Lattitude 14 — with the default option of a disabled ME. There is,
apparently, a market for the security conscious.
However, if you already own a computer, the chances are that you have a
Management Engine somewhere in your box, and it’s running. What are your options,
short of buying a new computer? The first step towards removing the ME is to see if it
is indeed running. For this, Intel has released a tool to detect a running ME.
However, simply detecting the ME

is not enough. You’ll need to
disable it. Unfortunately, the
implementation of the ME is left up
to motherboard manufacturers,
and there is no generic way to turn
it off. This is perhaps the greatest
security threat the ME poses;
without a single, simple tool to turn the ME off in any instance, we’re left with only
instructions and tutorials on how to disable the ME for individual makes and models of
computers.
To that end, some motherboard manufacturers and OEMs have come up with
methods to disable the ME in the last week or so, and it’s expected there will be an
industry-wide response to this problem, with handy guides on how to disable the ME
available from your motherboard OEM.
All of these are incomplete solutions. The recent Evil Maid exploit for the Intel ME,
which requires physical presence, only works on ME versions higher than V. 11. While
this does exclude all Macs, there’s still the possibility other exploits will be found,
affecting earlier versions of the ME. How do you turn the entire thing off?
Unfortunately, you can’t. A computer without valid ME firmware shuts the computer off
after thirty minutes. However, the me_cleaner tool does something rather clever: it
tricks the ME into thinking it has valid firmware, but in fact does nothing. We took a
look at this hack when it was first released, and yes, if you delete the first page of
memory from the ME’s ROM, it stops working but still allows your computer to
function.
This year’s biggest ‘I Told You So’

The Intel ME is a tiny, obscure piece of hardware locked away in nearly every modern
Intel CPU. It’s connected to your storage and your network interface. If someone can
access the ME, they own your computer. Right now, the best exploit for the ME — or
worst, depending on your point of view — is simply a variation of the Evil Maid
scenario. This exploit requires physical access to the device, and we all know physical
access is ultimately root access. In this context, and any realistic threat model, the
current exploit for the Intel ME is a bit overblown.
Consider this Stage One. The

ultimate exploit for the ME is one
over the network interface. With
that, anyone can own an ME-
equipped computer from
anywhere on the planet. This exploit does not exist yet, and we know this by the fact
there isn’t a new, massive botnet mining Bitcoin.
Until that day comes, we’re only left with the realization that yes, the nerds were right.
The idea of the NSA putting hardware in every computer sounds absurd, until you
realize it actually happened.
Over the last few decades, the general population has been dragged kicking and
screaming in the world of information security. In the 80s, it was as simple as not
writing your password down on a Post-It note. In a few years, we’ll get to the
conversation about how Alexas and Google Homes are an Orwellian nightmare. Until
then, we’ll have to use the Intel ME exploit as another example of how important
security is, and how vital it is to listen to the people telling you, “this is bad”. Code that
can’t be audited is code that can’t be trusted.
Posted in computer hacks, News, Security Hacks, Slider

Tagged intel, Intel Management Engine, management engine, ME, security
← SMART STATION RUNS ENTERTAINMENT, IS ENTERTAINMENT
MIKE HARRISON AT THE SUPERCONFERENCE: FLYING LCD PIXELS →
93 THOUGHTS ON “WHAT YOU NEED TO

KNOW ABOUT THE INTEL MANAGEMENT
ENGINE”
KMLM says:
December 11, 2017 at 10:06 am
How does it harvest energy when it is not plugged in anything? Has intel come up with a
free energy harvesting engine inside the ime too?
Reply Report comment
Doc Oct says:

Do you always unplug your computers when you turn them off?
Cree says:
December 11, 2017 at 12:05 pm
Or take out the battery of you laptop?
meninosousa says:
just for info, i acturally do and if you don’t, you are not saving the dolphins:
https://en.wikipedia.org/wiki/Standby_power
robtissy says:
Except for the fact that many laptops and phones do not have hardware
turnoff switches or removable batteries anymore.
We’re getting to a point where someone needs to make a device for the
security conscious and a few manufactures are working on just that.
tomás zerolo says:

Here’s something for you to read: https://en.wikipedia.org/wiki/Standby_power
In a nutshell it’s because we consumers are idiots, and crave for convenience over
everything. Wake on lan, IR remote switch on, wiggle-the-mouse for boot. Those
things are not “off” (and as a collateral they’re draining something around a couple
of W).
Myself? I’ve a power strip with a switch, and separate those things (which today
typically even have no real switch on them) from the supply, as meninosousa does.
There are things I just don’t want to “outsource”.
Adam says:
Just put some cheap AM radio near “turned off” laptop and listen that it is doing
something all the time.

Vic Francis says:
I can use wifi on my laptop but I have cable with wifi odd. if I unplug the cable when I
log off, can they still access?
Ubaldo M. Gomez says:

April 10, 2019 at 4:16 am
It is called the CMOS battery at 3.5volts is enough to power solid state components
on a motherboard whose power supply is turned off.
Gunter Königsmann says:

September 28, 2019 at 12:10 am
Sometimes the CMOS battery isn’t rechargeable and often it seems to small for
powering much more than the real-time clock. In my own laptop I haven’t
found any. But as the accumulator is built in if I unplug my computer it still has
access to the energy needed in order to run the wifi for months.
nsayer says:
The corollary to “code that can’t be audited is code that can’t be trusted” is “the larger a
codebase is, the harder it is to audit.”
salec says:
Alas, the code that can be audited can’t be trusted either. I mean, can you trust that it
was audited, that auditors fully understood the code, that they are well meaning, and
that they are well-meaning towards YOU? The trust is only shifted around, not
eliminated. Auditing everything yourself (and all of us doing it for ourselves) would
destroy productivity gain we got from data processing automation.
And then again, can you be sure that proven innocuous code does not contain …
some sort of “code steganography” (e.g. something like “port knocking”, but only
“register knocking”, or “cache location knocking”) in collusion with underlying
hardware (which you are unable to fully audit). To be sure that code is not conveying
any additional information to hardware apart from its primary public goal there would
be necessary to exist a single canonical form of executive program for each
programming task, and if code strays from it, something is fishy. But can we
enumerate all possible programming tasks, on all levels of architectural hierarchy?
Those who make their move first are always one step ahead.
nsayer says:
“Auditing everything yourself (and all of us doing it for ourselves) would

destroy productivity gain we got from data processing automation.”
Well, even starting down that road assumes that you can trust your own
auditing skills. See also: Schneier’s Law.
Moryc says:
IIRC there was a backdoor hidden by NSA in important piece of code from
Linux (all of them (something related to network implementation, I think, but
can’t remember details)) that went unnoticed for decade or two. Which proves
that having open source code available is no guarantee that there are no
backdoors. That code was read and edited by many people, yet none of them
noticed any problems…

ytrewq says:
As a counter example, let me cite the old Interbase (a DB engine)

backdoor which went unnoticed for seven years; then one day Borland
released the source publicly and in less than on year later the
vulnerability was discovered by a single developer.
https://www.theregister.co.uk/2001/01/12/borland_interbase_backdoor_e
xposed/
Government agencies can succeed in putting backdoors because they

use gag orders to “discourage” developers to talk about them. Should a
developer discover one, he’d be immediately approached by some
government drone citing national security matters and politely asking to
withdraw any post about it, implying that if he does not comply he’d be
asked again but in a less polite way.
ytrewq says:
Linus Torvalds - Backdoor In Linux
Report comment
salec says:
Mr. gag order, say hello to mr. blockchain :D

Report comment
glwatcdr says:
http://mashable.com/2013/09/19/linus-torvalds-backdoor-
linux/#ooW8CSP4faq0
Report comment
lwatcdr says:
Link or this remark should be removed. I did a google on backdoor

hidden by NSA in Linux code and did not find anything.
RobotBuilder says:
Right, I have serious doubts about the parent comment. I think they
may be thinking about NSAKEY or one of the Windows fiasco’s.
Moryc: [citation needed]
Report comment
fuchikoma says:
They were probably thinking of Shellshock – at least it would fit

the “unnoticed for a decade or two.”
Report comment
Moryc says:
I was unable to find, where I read about this thing, so I probably recalled
it incorrectly. I’m sorry for confusion. It might be a Windows thing
though…
Peter says:
And did you actually compile the same code that you audited? And what
happens after a tiny tiny software update?
Hawkeyeaz1 says:
Can you trust the compiler?
spacedog says:
I trust gcc, Richard Stallman warned about exactly this 25 years

ago, things like this do nothing but vindicate the FSF’s warnings
time and again.
Report comment
Cvnk says:
So what about AMD processors and motherboards? I assume they don’t feature IME but
does AMD have its own version? If not maybe we will see a resurgence of AMD in the
desktop realm (beyond GPUs).
Cvnk says:
Well a quick search answered my question (I knew it would — I just figured it was still
worth posting the question to generate awareness). Unfortunately AMD does have
its own counterpart to IME and it’s just as closed to scrutiny.
Rumburack says:
And this is why I think the focus on Intel is wrong. I assume every current CPU
has such thing. Apples A9/10/whatever, ARM, you name it, it has it.
Has it?
nsayer says:
I don’t purport to know one way or another, but I’d be surprised if such a
thing was in any processor designed for a mobile device.
In the more limited scope of Apple, I’d be even *more* surprised, given
they’re the same bunch that went to war with the FBI over similar issues.
spacedog says:
Edward Snowdens slide shows the exact chronological order in

which each of the major tech companies volenteered to sell out
their massive user bases privacy to the NSA. Apple were late to
the game but they were there (no shock MS were first to throw us
under the bus). When people talk about unrelaible tech companies
from China, Russia not being trustworthy, Huawai, Kesparsky etc.
they are not wrong, but the US tech giants are exactly the same.
As a european I still see the US somewhat as the home team as
we are culturally and linguistically aligned, but the fact remains that
we pretend to hold ourselves to a higher standard, but our actions
and our principals are not aligned.
RMS warned of all this decades ago, The Free Software

Foundation called it, but the entire business model of the Tech
sector is incompatible with the concept of democratic freedom and
the ideal free civic society. I love technology, but sadly it’s misuse
is gradually enslaving us and robbing us of our freedoms
Report comment
nsayer says:
@spacedog, there is a possibility that Snowden is doing the

government’s bidding and this is all a very long con job. Likely? No.
Possible? Yes.
Report comment
Gunplumber says:
I had heard a rumor that they’re giving users the option to disable it in an
upcoming BIOS update.
CRJEEA says:
It used to be as simple as cutting the write enable pin. [ or tying it high. ]
doubtful most are that trivial these days.
Short of building your own hardware from the wafer up.
[ and writing your own wafer design tools because they could add things
in after you press print and you’d probably never know. ]
You’re always going to have that in the back of your mind.
Waiting for someone to add a virus to routers that waits for them to not
be in use and switches them to a network extending and file sharing
mode. Sort of wifi only internet. With the shear number of wifi sources in
built up areas the bandwidth would be huge.
CupOfJoe says:
There is: AMD’s TrustZone

http://www.amd.com/en-us/innovations/software-technologies/security
Unfortunately also not open-source, and I wish that neither existed.

Intel’s mainly getting crap because they’re the ones who’ve been dominant in this
space for forever- AMD’s comeback was rather recent, and so they don’t have as
much exposure on it (They’re around the honeymoon stage of media coverage right
now)
Truth says:
To be fair Intel got into that position with a long history of dirty tricks.
Intel - Anti-Competitive, Anti-Consumer, Anti-Technology.

herringbone says:
Ugh! It seems like an article about IME has come up at least once every two weeks
for years now and yet still somebody asks this same question every time!
Cvnk says:
You have my deepest apologies.
PAVUK says:
https://www.reddit.com/r/security/comments/4ot223/do_amdprocessors_have_som
ething_like_intel/
jwebola says:
Now that you’ve covered Intel, does AMD have the same sort of tattletale built in or have
they been able to duck Big Brother?
Truth says:
AMD’s system is called PSP (Platform Security Processor)
LOL says:
Now a class action lawsuit to add to our cost of replacing the 40k Intel based
motherboards we currently have deployed.
The least Intel could have done is offered a free removal tool — Steve Jobs was right when
his said Intel managers had no class.
Anyone have any SPARC64 machines for sale?
herringbone says:
Replace them with what?!?! If the NSA asked for part of the IME to be in there then
do you really think off is off? Do you think a new model CPU/Motherboard is right
around the corner that doesn’t have an IME? What are you going to do? Open RISC
in an FPGA as a desktop?!?!
Ostracus says:
PowerPC for the win. But it still needs to be said that business hardware needs
to be managed in a non-proprietary way.

herringbone says:
Hmm… Is PowerPC free of that crap? If so then that might be a good

solution for some people. I have to imagine that there is a reason Intel
and AMD both have this while ARM is usually so full of vendor added
crap that there is no telling what’s in there. If everyone switched to
PowerPC without first putting the three-letter-agencies in check… How
long before PowerPC get’s it’s own version of IME?
Olsen says:
For the costs of PPC stuff, you might as well be a three letter
agency to purchase and design custom hardware or Google.
Report comment
herringbone says:
This has me thinking… a desktop class processor custom fabbed so that we can know for
sure what is on it is probably not happening any time soon. But… what if one purposely
connected a computer to a network in such a way that the IME or AMD’s equivalent just
doesn’t know how to use it? As a home computer user I’m not to worried about an evil
maid but we all want protection from strangers on the internet.
The first thing that comes to my mind, and about the only thing that might be within my
own technical capability I have thought of is to connect via an ESP chip. The IME wouldn’t
see a NIC, it would just see data going over a serial port. Would it recognize that as it’s
connection to the outside world and use it? Even if there were a backdoor in the ESP chip
(which I doubt) it’s not like it would be able to access my hard drive or my RAM or anything.
But… that connection would be very slow.
How about an open source NIC? Something on an FPGA maybe? I’m not sure exactly how
this would work. Maybe there could be some sort of unique encryption key flashed onto
the nic that must also be compiled into the driver. Even if someone ported the driver to
Minix and it was built into the IME it wouldn’t work so long as the user changed their key to
something other than the default one.
The only way I can imagine the IME getting around that would be if it looked in RAM and
recognized whatever represents the operating system’s TCP/IP stack and POKE’d it’s crap
right into it. I’m thinking that maybe Linux with PIE could secure against that?
bob says:
It’s a clever idea and crossed my mind too, although I lack the skill to understand it. A
beowulf cluster composed of amd and intel would be naturally resistant as the same
exploit should not affect two systems in the same manner. Buffer overflows were
such a big threat a few years back that the linux kernel was altered to randomize
memory locations. I doubt an alternative firmware for routers to obfuscate network
traffic would be a workable approach as they couldn’t approach the speed of a
usable cpu.
Blecky says:
Just build a CPU from nothing but 555 timer logic –

http://www.paleotechnologist.net/?p=530
Robot says:
Ha ha, joke is on the NSA, all of my personal computers are at least 10 years old!
One thing that is not clear to me; what about Apple hardware? It would be great to know
there is at least one mass market option out there.

herringbone says:
Apple has used Intel for years now. Hmm… I always wondered why.
Robot says:
Yeah but my understanding is that the ME can’t do it’s thing of the MB doesn’t
support it, yeah?
nsayer says:
Because IBM couldn’t keep up with Intel on performance, that’s why.
Olsen says:
Apple devoted all of their silicon engineers to the Iphone that were previously
helping with the PPC chips.
Ø says:
I was under the impression it’s only the recent generations that’s running Minix and the
other is using some other proprietary embedded OS.
Nathan says:
pretty sure this only worked because the PC manufacturer left JTAG turned on… it’s not
Intel’s fault, it’s the carelessness of the PC manufacturer who didn’t follow the
recommendations and warnings laid out. Just like you can’t fault a car company for your
cell phone getting stolen from your dashboard when you left the windows open all day in a
bad neighborhood.
Cluso99 says:
I am no lawyer, but it would seem to me that Intel could, and should, be held accountable
for intentionally installing, what can only be described as a backdoor virus, into the silicon
of their ’86 processors.
Surely as such, Intel should be held legally liable for any and all damage, direct and
consequential, to all owners of computers with those “Intel Inside” computers. Thus, even
examining what possible security risks they pose, is a cost, personal and corporate, to
owners of those said computers, and is therefore both a direct and consequential
expense/loss directly caused by Intel knowingly installing specific silicon inside their chips.
Intel is smart/big enough to have reasonably have known, and indeed that was the
purpose, that this would impose unreasonably security risks to everyone who bought/used
their processors. Thus, they cannot deny legal liability.
Some smart lawyers are going to make $$$$$$ going after Intel. Meanwhile we all pay for
this monumental breach of confidence. The cat is out of the bag, so to speak.
herringbone says:
“Parts of this spy chip were included in the silicon at the behest of the NSA.”
So… scapegoat the manufacturers while letting the real criminals carry on?!? This is
why we can’t have nice things.
Reply
Report comment
Ø says:
They better aim for releasing the x86 license and related patents for free use to
everyone without strings attached rather than big sacks of money being first priority.
herringbone says:
:-( I don’t think my RepRap would be quite up to the task of fabricating a new
Intel-clone CPU. Can yours do it for me?
Ø says:
I was more hinting at any silicon IC fabrication facility with interest in

trying to get a slice of the x86 pie would have zero legal troubles with
doing so.
Ostracus says:
Maybe the Chinese will come up with an alternative? ;-)
Report comment
herringbone says:
That would bring prices down. I don’t think it would eliminate the
IME though. Every fab that touches x86 would get a visit from a
guy in a black suite with a bag of money in one hand and a ticket
to Gitmo in the other. Funded by the taxpayers this could continue
indefinitely.
Report comment
JB says:
“Ostracus says:
Maybe the Chinese will come up with an alternative? ;-) ”
Yeah. Chinesium CPU with Communist party backdoor :P
Report comment
fanoush says:
so, umm, why disable it, why not run linux or something opensource on those ME core(s),
could have some good uses
Damien Smith says:

Brian,
You’ll find the information you’ve said is actually outdated by at least a week or so… What
you’ve documented is almost an exact of what I was thinking along the lines of before
recent days ;)
It doesn’t appear like an NSA requested backdoor but more like NSA found it to be too
convenient a backdoor and so kept it secret whilst asking Intel for a reassuring kill-switch.
NSA looked over something about the HAP-bit though:
The kill-switch is after the bring-up-program (BUP) that is loaded from flash (Not USB…
We’ll get to that later),
The bring-up program had a fatal flaw in that it required a fixed size allocation for a file to
load it’s configuration from (Not much was needed to be configured this early, we
suppose).
That config wasn’t signed, else it would’ve been a dead end to try and abuse as it wouldn’t
even get past the signing checks.
So a larger than max config would overflow the memory… but too big would knock out
other stack canaries and ultimately cause a stack fault. Also if it’s own canary did get
knocked off and the fn() returned, then game over. So now the overflow has occurred, they
used a return-oriented-programming approach to jump to the last executable offset in any
function that returned straight after the last instruction and use that against an address
table to run custom code, this can then highlight the payload as executable to the CPU so
it won’t triple-fault (Hang in the case of IME-x86-CPU or cut Power-Good to PSU)
Like the twin-towers, it could be an inside job or genuine actors… at this stage we’re in the
dark, but yet Intel haven’t hired people to give the “Official story” with a tin-foil explanation.
As for the USB, I haven’t seen it released as a document, but maybe the BUP is actually
burnt to the chip and boots the config off the separate ROM for board quirks and
adjustments (PCIeNum_of_lanes, Me_Config, InRecoveryMode, Intel_NDA_Config_Optz,
NSA_HAP_Bit for example).
The USB, AFAIK, was a way of connecting via J-TAG and would only be for USB3.x systems
as there are another 2x lanes for to include all 6 J-TAG wiring of the platform. Maybe, that
is how they got how the BUP worked, or, how they took direct control before, between, or
after power-on (possibly also when the ME-CPU is reset, the early bring-up can be viewed)
This bit is just about the USB and NSA involvement bit… I’ve got another tonne of updated
information about more of this Intel ME stuff, including pointing out some misconceptions).
So much to say, not easy to proof read, I may put up sources should people here not have
before myself. Hint, google for “Where there’s a JTAG there’s a way PTsecurity” PDF
warning though, look at this PDF, if you know just enough C/C++ to get yourself into
trouble, then you can see where I’ve got the description as above for the over-flow ;)
TL;DR, USB is put into JTAG mode,

NSA may of back-doored the IME after NSA found flaws befor asking for HAP-bit
Damien Smith says:

P.s. being out of date isn’t too bad of a situation, thence the wink smiley in hope you
take the comment lightly and informatively. :-)
Reply
Report comment
Dan says:
https://media.giphy.com/media/3oEjI789af0AVurF60/giphy.gif
DougM says:
I used to think that there wasn’t a problem so long as the computer was off, but lately I’ve
found my computers are turning themselves on regardless of what I do to stop it. Then this
IME thing, plus the Echo and the Google Home all exacerbate the problem, except one
thing: There is a single gateway to the internet.
What I’d like to see is an open source hardware device that sits between my internet
connection and my network that allows me to set rules for connections and packets. I’m
not sure if this is possible, but it seems like it wouldn’t be that hard to tell if packets are
trying to get through when they shouldn’t be, and maybe even a public blacklist/whitelist
process similar to what ad blockers use.
On the other hand that might just add another easily hackable device to the mix.
thoughts?
Bill says:
Sounds like your want a good, configurable router.
Tomshon says:
Look after Turris Omnia:-)
keithsnape says:
You’re looking for something like pfSense.
Cameron Snyder says:

How does this affect Bitlocked or other HDD encryption? Does this affect virtual machines
as well?
Truth says:
There is a not so secret CPU with full access to every instruction that runs on the
CPU, and access to all RAM.
As long as your machines hard disk is encrypted, powered off and disconnected
from all computers it is relatively secure. But as soon as you want to access it the
data there is the decryption key stored in somewhere in RAM and a decryption
algorithm which needs to run instructions on the CPU. There is nothing that you can
hide by having a virtual OS, unless it is using a totally different CPU not made by
Intel(IME)/AMD(PSP).
And since you are asking about Microsoft bitlocker, I have no logical way to answer
you other than mentioning that Microsoft (like Intel) is a part of the “nsa strategic
partnerships” (plug the term into your search engine of choice, it was part of the
Snowden documents, and mentioned in some wikileaks)

christophercope356911057 says:
Minix 3 was intended to be more than a hobby or teaching OS AFAIK.
jedhodson says:
Doesn’t the motherboard have a jumper to disable the management engine? Mine does.
neuechristian says:
Your motherboard does… have a jumper.

The question, does it do what it says?
Can your prove that is really disabled?
jedhodson says:
Looks like im going to hack my pc to find out
corna says:
January 13, 2018 at 8:57 am
Yes, there’s the HDA_SDO jumper that disables ME, but it also unlocks all the SPI
regions. This pin is described by the “Intel SPI programming guide”, but it’s not very
clear when ME is stopped and which parts are really disabled.

Jerry says:
As I recall, IBM got busted many years ago, using hidden folders and software that
“Phoned Home” activity on the system. An IBM worker bee found the “flaw” reported it
upstairs and was fired for his cleverness.
limroh says:
not relevant to the topic but “[Andy Tanenbaum]”? Has Andrew S. Tanenbaum a son
named Andy and you mistook him for his dad? ;)
…, and the OS that gave birth to Linux.

not really sure how to interpret that but I think it’s a stretch to call MINIX a parent of Linux.
I’d recommend reading Tanenbaum’s statements to the Ken Brown Incident and the
Tanenbaum-Torvalds Debate Part II
CRJEEA says:
Thought for the day. What if the firmware update to disable the ME functions just makes it
hide better.
Time to go back to pen, paper and whispering within a faraday cage behind closed doors.
Truth says:
There is a special microphone for whispers, it uses two heated platinum wires to
detect velocity changes in a tiny number of atoms of air,
https://image.slidesharecdn.com/internoise2012-120830051407-
phpapp01/95/internoise-2012-5-728.jpg
You are going to have to whisper much much much much much quieter.
lwatcdr says:
So is this Minix or Minix 3? If so it is not a hobby or teaching OS.
Hawkeyeaz1 says:
The point that exploitation currently requires physical access, which limits the attack.
However you really have to ask if this is fully true. It has been demonstrated that NICs can
be infected (yes, primarily physical access), however bugs have been found that could
allow remote access. Additionally, what is to stop the NSA from putting IME/PSP/similar in
the NICs? They send an “untraceable” packet that when received by the NIC, it performs
it’s requisite action, and drops it from any data it sends to the computer’s bus, even if the
NIC is in promiscuous mode.
If it is possible, and governments/businesses have been shown to do it before (and it is a

middle link), you have to expect it may currently be in use.
Hawkeyeaz1 says:
The point that exploitation currently requires physical access, which limits the attack
is not valid*

spacedog says:
Would be nice to see a snort definition and be able to go over historical logs for events of
this subsystem being called. See how it was used in the past and what payloads were
delivered and executed. was it used for a few targets of spys, politicians, criminals etc. or
was it used en masse to deploy malware to hundreds of millions of devices.
Forrest says:
Does the Intel ME have to do with the Kernel page-table isolation issue?
Canuz says:
What about if we disable the ONBOARD LAN and dont use the onboard WIFI and add
another network interface.. can IME access through another network working in PCI / PCI-
ex / USB / USB-WIFI ?
if ime cant i preffer to add another network interface than loss 30 to 50% of processor
Keith Leisure says:

January 7, 2018 at 12:40 pm
I bought Optiplex 980 (new) w/SSD in it and when i power off there is still a light on the
inside of the mini tower (or SFF) and now I am compelled to think that that’s what it is the
ME that keeps that portion of the motherboard or inside the case lit?
Rog Fanther says:

No, it shows the power supply is alive and supplying power to the stand-by circuits
of the motherboard. It is the same as putting a led inside the power supply to show
when it is ‘hot”. The meaning is more to signal that the computer is energized.
If you turn the computer off at the surge protector, the led will be dark also.
Greenaum says:
PCs have had a +5VSB, standby, supply from the power supply I think since the ATX
specification in the mid 1990s. So they’re never truly off, as long as the mains supply
is connected. It’s used for a few bits in the PC, including the IME. Things like wake on
LAN, and letting keyboard presses wake it up, etc.
It means if you’re ever upgrading the thing, cut the mains. Keep the plug in the
socket if you can, but the socket’s switch turned off. That way the earth connection is
still there, earth isn’t switched. The earth connection is useful against ESD, just touch
the PC’s case now and then to earth yourself.
That’s assuming your mains has an earth connection and a switch. In the UK we’re
spoiled, best domestic mains socket in the world, no brownouts, and only blackouts
once every few years if they dig the cables up.
Keith Leisure says:

January 16, 2018 at 11:00 pm
Well, it’s taken a minute to circulate what i’m reading from the responses to this
issue and hanks BTW, for the info & replies. I was just going to kind of ask or
suggest then that i could go ahead & turn off the surge protector at night if i
want the ‘light’ out(?) without any big deal to the computer, I mean, not that it’s
going to use up that big of an energy splat but it’s a small room and so the light
alongside the modem especially keeps the room not as dark as preferred and i
definitely hide the modem without suffocating it (you know).
You know one other thing I’d like to quick-get in, is ever since I bought that
computer last year, the internal speaker takes full charge, even when applying
the external 2.1 speakers, they sort of “co exist” because in order to play the
computer speakers or external, the internal has to be on or playing as well or
there’s simply no sound. Pretty weird stuff that the Dell tech advised of just
pulling the internal speaker and i never did. I guess I wasn’t as anxious to get
rid of it even though, I’d definitely like to. I was hesitant and didn’t return to the
shop where i purchased it (brand ndw) even though a friend’s the owner, as
well, i didn’t want to ask Dell again or piggy back w/the new question and sort
of here i end up with it…but i was trying to think in removing the internal
speaker altogether would i automatically have sound in the computer or
external speakers then?? Do you guys maybe know or have an idea of the way
it must be wired on the motherboard etc..? Just thought I would ask. And
thanks a lot again for the original subject and question!!
Keith Leisure says:

January 24, 2018 at 10:29 pm
Well-here goes with a question if it’s out of place, i apologize, but on my Dell Optiplex 980
the internal speaker takes over (regardless). I attached the 2.1 computer Creative speakers
and the only way they play is if the internal speaker’s playing or enabled to play. Ok, a Dell
(forum) Tech advised to go in and just remove the internal speaker from the motherboard
w/enclosed diagram instructs. Ok, well i didn’t do that yet and here’s probably a un-
educated looking question but if I do-do that, will i lose the capacity of the external
speakers then(?) because one has nothing to do w/the other but in this case, yes it does
and if the Dell techs seem to indicate that that’s the only method in order to have
computer speakers operate by default (Windows 64 Bit 7 is my OS) then i guess that’s the
only way to do it and i purchased new set of (pretty nice) Klipsch speakers to attach this
weekend. So, if anyone can take a stab at that with the given info. and may be possibility
beyond de-tach of internal speaker, i appreciate it and would like to have a normal default
port for one set of external speakers on this desktop without having this co-exist process,
that doesn’t even make sense!! Thanks for any helpful input & it’s appreciated, if so.
Leave a Reply
Enter your comment here...

What You Need To Know About The Intel Management Engine

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

What You Need To Know About The Intel Management Engine

Uploaded by

Copyright:

Available Formats

HACKADAY

WHAT YOU NEED TO KNOW ABOUT

December 11, 2017

What the Management Engine Is and Does

However, simply detecting the ME

This year’s biggest ‘I Told You So’

Consider this Stage One. The

Posted in computer hacks, News, Security Hacks, Slider

MIKE HARRISON AT THE SUPERCONFERENCE: FLYING LCD PIXELS →

93 THOUGHTS ON “WHAT YOU NEED TO

Reply Report comment

Doc Oct says:

Reply Report comment

Or take out the battery of you laptop?

Reply Report comment

Reply Report comment

Reply Report comment

tomás zerolo says:

Here’s something for you to read: https://en.wikipedia.org/wiki/Standby_power

Reply Report comment

Reply Report comment

Reply Report comment

Ubaldo M. Gomez says:

Reply Report comment

Gunter Königsmann says:

Reply Report comment

Reply Report comment

Reply Report comment

“Auditing everything yourself (and all of us doing it for ourselves) would

Reply Report comment

Reply Report comment

As a counter example, let me cite the old Interbase (a DB engine)

Government agencies can succeed in putting backdoors because they

Reply Report comment

Linus Torvalds - Backdoor In Linux

Mr. gag order, say hello to mr. blockchain :D

Link or this remark should be removed. I did a google on backdoor

Reply Report comment

They were probably thinking of Shellshock – at least it would fit

Reply Report comment

Reply Report comment

Can you trust the compiler?

Reply Report comment

I trust gcc, Richard Stallman warned about exactly this 25 years

Reply Report comment

Reply Report comment

Reply Report comment

Reply Report comment

Edward Snowdens slide shows the exact chronological order in

RMS warned of all this decades ago, The Free Software

@spacedog, there is a possibility that Snowden is doing the

Reply Report comment

Reply Report comment

There is: AMD’s TrustZone

Unfortunately also not open-source, and I wish that neither existed.

Reply Report comment

Intel - Anti-Competitive, Anti-Consumer, Anti-Technology.

Reply Report comment

You have my deepest apologies.

Reply Report comment

Reply Report comment

AMD’s system is called PSP (Platform Security Processor)

Reply Report comment