Posted by righttoprivacy in Privacy (edited by a moderator )
righttoprivacy OP wrote (edited )
Reply to comment by Saint_Cuthbert in Hardware Backdoors: Intel Management Engine by righttoprivacy
Personally, I've been using older models allowing at least majority neutering of Intel management engine.
coreboot Thinkpads come to mind.
My personal machines are not the "full ME removal", but vast majority partitions, leaving just what is needed to bring up hardware.
Outside this, there are more "modern" options out there from companies, albeit not removed in same way (disabled under HAP bit and others). Some prefer Arm.
But everyone has a different use cases. I want to be able to use Qubes as an option at times, and some older models are not capable of this. T430 (i5-3320M and greater CPU) and later mostly have the right virtualization options for it.
I see UEFI / BIOS being #1 concern along with some network cards that work along with it. Some for AMT.
It is a shame there aren't more options out there.
blueraspberryesketimine wrote
The management engine cannot be completely disabled in intel chips that ship with it because some of the things it handles are required for the chip to actually work. Really, you are better served by getting a chip without a management engine. Most AMD chips have their own version of the intel management engine, so they aren't safe. ARM boards are usually a little safer but not all. All of the Apple chips have a technology very similar to management engine built in. I don't know about the RISC-V boards but they are borderline trash so far anyway so they aren't a great escape route either.
Viewing a single comment thread. View all comments