Intel ME Removal {Help} 11-09-2017, 06:49 AM
#1
Ok so a little backstory into Intel ME, I have taken some snippets of information to get my point across (Now I could just be paranoid about this).
Intel’s Management Engine (ME) technology is built into almost all modern Intel CPUs, Intel’s ME technology is a hardware-level system within Intel CPUs that consists of closed-source firmware running on a dedicated microprocessor, ME has access to many, if not all, of the platform’s integrated devices, such as Intel network controllers. It can also access the main system RAM (the DDR RAM) through DMA. Much has changed in Intel’s platform since some of this was reported, however, so the state of ME now isn’t well understood. Intel, of course, keeps many of the details veiled in secrecy for security purposes.
Low-level code executing independently from the system OS is necessary for features such as network boot or wake-from-USB. This type of code is firmware and its existence is a given on modern hardware. The driver gives a regular app a way to use the hardware through the OS, but the driver itself controls the hardware by communicating with its firmware. The firmware is a program, so it needs a processor and RAM to run.
ME is an operating system which runs in Root -3, it’s an OS running in parallel that is capable of accessing the same hardware at the same time as the system OS but it's not aware of the system OS (That we know of) but ME can talk directly to the internet and to me it seems like a consumer PC shouldn't have it running if anyone ever managed to crack the Intel master key it could potentially give them access to millions of PC's all at once and you wouldn't even know if you've been targeted as there's no way to access this little microprocessor which has complete control over your PC without your knowledge.
Even Google is trying to remove it from there systems and a move like this suggests a lot, Google is trying to remove not because of the features I've posted here but because of the sheer complexity of ME, now enough paranoid rambling onto the problem at hand.
I'm trying to remove intel ME by dumping the firmware and using https://github.com/corna/me_cleaner but I'm having difficulty figuring out the <CHIP MODEL>
Here is the output of intelmetool -s
Here is the output of lspci -v
For those of you who don't know.
More info on Ring -3 https://www.blackhat.com/presentations/b...SLIDES.pdf :/ complete remote access to most devices.
Intel’s Management Engine (ME) technology is built into almost all modern Intel CPUs, Intel’s ME technology is a hardware-level system within Intel CPUs that consists of closed-source firmware running on a dedicated microprocessor, ME has access to many, if not all, of the platform’s integrated devices, such as Intel network controllers. It can also access the main system RAM (the DDR RAM) through DMA. Much has changed in Intel’s platform since some of this was reported, however, so the state of ME now isn’t well understood. Intel, of course, keeps many of the details veiled in secrecy for security purposes.
Low-level code executing independently from the system OS is necessary for features such as network boot or wake-from-USB. This type of code is firmware and its existence is a given on modern hardware. The driver gives a regular app a way to use the hardware through the OS, but the driver itself controls the hardware by communicating with its firmware. The firmware is a program, so it needs a processor and RAM to run.
ME is an operating system which runs in Root -3, it’s an OS running in parallel that is capable of accessing the same hardware at the same time as the system OS but it's not aware of the system OS (That we know of) but ME can talk directly to the internet and to me it seems like a consumer PC shouldn't have it running if anyone ever managed to crack the Intel master key it could potentially give them access to millions of PC's all at once and you wouldn't even know if you've been targeted as there's no way to access this little microprocessor which has complete control over your PC without your knowledge.
Even Google is trying to remove it from there systems and a move like this suggests a lot, Google is trying to remove not because of the features I've posted here but because of the sheer complexity of ME, now enough paranoid rambling onto the problem at hand.
I'm trying to remove intel ME by dumping the firmware and using https://github.com/corna/me_cleaner but I'm having difficulty figuring out the <CHIP MODEL>
Here is the output of intelmetool -s
Code:
MEI not hidden on PCI, checking if visible
MEI found: [8086:a13a] Sunrise Point-H CSME HECI #1
ME Status : 0x90000245
ME Status 2 : 0x86110306
ME: FW Partition Table : OK
ME: Bringup Loader Failure : NO
ME: Firmware Init Complete : YES
ME: Manufacturing Mode : NO
ME: Boot Options Present : NO
ME: Update In Progress : NO
ME: Current Working State : Normal
ME: Current Operation State : M0 with UMA
ME: Current Operation Mode : Normal
ME: Error Code : No Error
ME: Progress Phase : Clean Moff->Mx wake
ME: Power Management Event : Pseudo-global reset
ME: Progress Phase State : Unknown 0x11
ME: Extend Register not valid
ME: timeout waiting for data: expected 8, available 0
ME: GET FW VERSION message failed
ME: timeout waiting for data: expected 5, available 0
ME: GET FWCAPS message failedHere is the output of lspci -v
Code:
00:16.0 Communication controller: Intel Corporation Sunrise Point-H CSME HECI #1 (rev 31)
Subsystem: ASUSTeK Computer Inc. Sunrise Point-H CSME HECI
Flags: bus master, fast devsel, latency 0, IRQ 130
Memory at f754d000 (64-bit, non-prefetchable) [size=4K]
Capabilities: [50] Power Management version 3
Capabilities: [8c] MSI: Enable+ Count=1/1 Maskable- 64bit+
Kernel driver in use: mei_me
Kernel modules: mei_meFor those of you who don't know.
More info on Ring -3 https://www.blackhat.com/presentations/b...SLIDES.pdf :/ complete remote access to most devices.
(This post was last modified: 11-09-2017, 10:58 PM by S3xySmurf.
Edit Reason: Adding a little backstory
)
![[Image: YmmIqHV.gif]](https://i.imgur.com/YmmIqHV.gif)
Donations: 1CCR21K2fnu2yAinUTFPsVdY7u4FkjNPs5
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
