Disabling IME

Jordan Gutierrez
Jordan Gutierrez

Has anybody tried this?

https://wiki.gentoo.org/wiki/Sakaki%27s_EFI_Install_Guide/Disabling_the_Intel_Management_Engine

I would be interested in curing myself of IME disease.

All urls found in this thread:
https://wiki.gentoo.org/wiki/Sakaki%27s_EFI_Install_Guide/Disabling_the_Intel_Management_Engine
https://libreboot.org/faq.html#amd-platform-security-processor-psp
https://archive.org/pol/res/10649602.html#10650868
Daniel Wood
Daniel Wood

removes the vast majority of the ME's software modules (including network stack, RTOS and Java VM)
There's a Java™ VM running on a CPU inside your CPU

Aiden Rodriguez
Aiden Rodriguez

More like it's running inside (you)r CPU. My shit is spanking fine, AMD FX, nigga. You all laughed at me when I told you it would pay off. You all bitched and moaned about IPC not being on par with Sandy Vagina, but here I am and there (you) are. I'm going to go and enjoy all of my wonderful cores now, faggots.

Joshua Evans
Joshua Evans

how does 8ch look on templeOS user?

Christian King
Christian King

Cry more, bitch nigga. TempleOS running Crysis in text only mode.

Christian Gomez
Christian Gomez

ignoring the brand loyalty cuckoldry in this post, Id reccomend anyone else who cant afford a TALOS do the same as me(not that poster), and get the newest pre-PSP amd they can.

Jacob Walker
Jacob Walker

I'm actually fucking with you all, I just got the FX. I was on a 955 earlier this month. I also had a 4770k, but apparently women don't like it when you have PTSD symptoms and I got kicked out of my house. The dog got to leave with me, though.

Cameron Cox
Cameron Cox

You do realize that AMD has this problem too, right? It's called the Platform Security Processor (PSP) on there.
https://libreboot.org/faq.html#amd-platform-security-processor-psp

Luis Lee
Luis Lee

You do realize this doesn't affect the CPUs I mentioned here, right?

John Nelson
John Nelson

Wait so FX isn't affected?

Aiden Moore
Aiden Moore

Only those released Pre-2013 or so. You linked the libreboot page. Says so right there. But your 8350/70 and so on are sage. The phenom line is also fine. As I said, I just replaced a 955 with an fx chip. The 955 will be going to a home server.

Logan Gray
Logan Gray

What the fuck did you think I was talking about when I said "pre-PSP" amd?
Chips from before the playstation portable was released?

Elijah Martinez
Elijah Martinez

Yeah, and the chips I mentioned fit that bill. I thought you were confused about their status.

Nicholas Perez
Nicholas Perez

If you want to buy AMD FX equipment then you need to hurry. The reason is not that the cpus are getting scarce. The problem is that the mainboards are getting harder and harder to order. Some types are out of order already that could be purchased easily half a year ago. Personally I will keep my current machine and buy 1 mainboard and 1 FX cpu as spare parts in case anything breaks down.

Christopher Powell
Christopher Powell

Isn't a IME and AMD's equivalent simply a Mobo firmware problem as in mobo code? Could mobo developers not have the Pozz by not coding it to work?

Nolan White
Nolan White

Not unless they don't want their good goy shekels from microscam, associated MUH DICKErs, and jewtel.
Or more specifically all the laptop and phone makers are kike owned and ran. Even if a goyim came into the competition microsoft would deny use of their operating system, all the chink manufactures would refuse to sell to them, intel/amd would sue for selling their parts without a "liscense", and the BIOS makers would not contribute any code what so ever to their efforts. System76 and ilk like them only stay in buisness because they use backdoored shit that the alphabet agencies approve of.

Jayden Cox
Jayden Cox

No, it's a physical co-processor embedded in your CPU, and it has privileges above anything you have control over.

Mason Young
Mason Young

If you want to buy AMD FX equipment then you need to hurry. The reason is not that the cpus are getting scarce. The problem is that the mainboards are getting harder and harder to order.

It's like that with Intel X58 (and some newer but still old chipsets). The CPUs are mega cheap but overclocking capable motherboards are insane unless you get lucky.

Samuel Myers
Samuel Myers

so if i understand what's going on in that wiki... what me cleaner is doing is writing a custom firmware for the motherboards bios, which fucks up the ME inside of the cpu everytime it boots?

so this is a motherboard mod. you can't take that cpu out afterward and stick it in a new motherboard and have ME still disabled?

Or does it flash the actual ME using the bios chip?

Tyler Howard
Tyler Howard

Polluting God's temple with network access to the filthy internet.

Grayson Lee
Grayson Lee

CPU memory is volatile. That means you have to load ME, AMT, microcode updates on every boot from external source like bios chip or emmc. The me_cleaner script removes all possible ME and AMT partitions from any bios firmware, leaving only basic stuff that initializes processor on boot.

Grayson Taylor
Grayson Taylor

my original thought was why not try to sell these. so you wouldn't be selling the processors with nuked ME, you'd be selling motherboards.

Lucas Walker
Lucas Walker

Purism/Librem company sells laptops with nuked ME and preinstalled Qubes OS. Other major motherboard manufacturers are mostly aimed for Windows users and corporate market, therefore they need to keep all proprietary backdoors from vendors intact.

Jayden Walker
Jayden Walker

Don't do this people. It is against the law and will brick your system.
Also, IME keeps you safe from Russian hacking.

Kevin Rogers
Kevin Rogers

i wonder how well those sell. if you don't trust the botnet in the bios why would you trust what some random company puts in there. you could verify it yourself if you had all the shit to do this, but then you wouldn't be buying it from some random company in the first place.

Connor Reyes
Connor Reyes

Such companies are probably NSA/CIA/FBI joint ventures.

Lincoln Ortiz
Lincoln Ortiz

I'll brick your window you mealy-mouthed inbred burgerclap

Samuel Foster
Samuel Foster

I am coming a long way from /pol/ don't expect me to be a tech god. I am reposting an insider's case on these and that every fucking thing is fucked and they knew about this for decades. Guys better cook up some good security because this is very fucked up:
https://archive.org/pol/res/10649602.html#10650868
"t.hardwareoldfag here.
Listen up and listen good if you want to know the truth you ignorant hardware niggers
Yes OP, this is old as fuck news to anyone paying attention. I knew about this in 2007 or so when IME was deployed first, even asked this question in the training seminar with some strange looks. Shortly after this they integrated it into the chipsets, it used to be an add in board initially. From that point (and prior) you were fucked either way though.
10649623
thinking firmware and other controller level exploits are stopped by some OS layer faggotry
<don't be this guy
The real truth is IME is just a distraction - it's not just IME or AMDs' own version, it's hardware controllers, incl HDD controllers, LAN controllers etc, hard drive firmware, router firmware etc etc.
CIAniggers, Huweiniggers, Koreaniggers, etc have infected every fucking local industry in every country that shit is made in - it's all in the name of national security. Until the last decade or so, it used to be a requirement in USA for any encrypted tech to have a back door. This is why PGP had to be exported in a book. This is still the case effectively however the official law has changed..
Okay sure, maybe you hypothetically make your own PC with some shit-tier hardware and think it's not pozzed (probably still is as you don't have access to all firmware kek), you load your templetails OS bullshit, run through a gorillion VPN and 10 proxies. Safe eh?
No.
Ancient laptop, that'll be safe right? No, even worse probably.
Because even if you do somehow have a secure hardware platform, they have fibre sniffers e.g. Naurus (go look it up, check out the AT&T secret room leaks before Snowfag came on the scene for the normalfags to believe) (p.s. It was called Echelon before Prism and we knew about it since the 80s in the five eyes).
Naurus sniffers will trawl your packets at any major exchange, they are situated throughout the world and can time your exit and entry points, so they know where/when your data is going by simply timing it and the amount and this can be stored for later analysis. If you think they don't have viable quantum computers and cannot crack almost all encryption if they absolutely need to on case by case basis, I would suggest you re-think that. Sure, joe bloggs doesn't have anything to bother about but if you are e.g. leaking national security secrets on /pol/, be fucking aware of this post and take appropriate measures as outlined below. So even though you put it through all those proxies, if they really want to, they can fuck you good. I'm talking CIAniggers/NSAperves/FBIfaggots level so you'd be up to no fucking good or a kike enemy to have this level of scrutiny.
Basically if you regularly connect to the internet, with the same machine and not on a burner on public wifi, then decide to leak the juicy shit, no matter what you do you are able to be fucked. Period.
At police/taxkike level I wouldn't worry, they finally have extremely restricted access to Echelon/Prism, certainly they are not going to be have access to black project/quantum high level encryption cracking.
How to avoid this?
Public wifi, cashie burner PC, one time use, no CCTV cameras, no plates, no faces, no GPS tracking, no traces, no cellphones, no nothing, that applies to both sourcing burner and using it - only takes one mistake and you're fucked.
Be fucking careful anons, leak, but please leak responsibly and stay safe. Anyone who tells you contrary to the above has not done their homework or is a CIAnigger/shill. Do not trust anyone including me, do your own research to prove it to yourself - the resources are out there. Cheers"

Xavier Collins
Xavier Collins

Also one more thing.
Check the post itself and check the counter-arguments there too because this is NOT a full picture. This could just as well be scaremongering and it's good to question it. That is why I am posting this here so I can take this on a debate.
-Are things really this bad?
-Are there really no way around?
-Small criminal cases are in the "no one cares" bucket for agencies right?
-Are all things on record or are there "triggering datas/words" that raises a flag for the ABC soup?
-Is the quantum fuckery even usable at this current technology?
(I know I replied to myself. Who cares)

Aaron Long
Aaron Long

Stick to /pol/, faggot, and don't come back. You think this guy has insider knowledge because he types like an asshole, tells you to check his claims (which ensures you won't), and claims to have insider knowledge? You're a dumbass.

I knew about this in 2007 or so when IME was deployed first,
Every fucking sysadmin in the world knew what ME was. The thing is, this is how you know he's chatting shit. He did not know the ME was compromised, because at the time, it wasn't. Even if it is/was backdoored, that is not what the OP is implying by compromised, i.e., this poster is trying to mislead you.

thinking firmware and other controller level exploits are stopped by some OS layer faggotry
Unfortunately, they are. I'm assume in context he's talking about HDD firmware exploits similar to SpriteTM's... the decryption is done after the encrypted data leaves the HDD, i.e. HDD firmware isn't reading decrypted data.

The real truth is IME is just a distraction
It is not a "distraction", it's a piece of hardware designed for a purpose.

Until the last decade or so, it used to be a requirement in USA for any encrypted tech to have a back door.
This is just a lie.

Ancient laptop, that'll be safe right? No, even worse probably.
This is also a lie. Maybe not a lie, just plain wrong.

fibre sniffers, traffic analysis etc
Do not decrypt traffic (i.e. between you and a VPN, Tor traffic etc)

Most of it is just word salad.

Liam Rodriguez
Liam Rodriguez

from /pol/
This pretty much ensures that any information you received is wrong. /pol/ is technologically illiterate, mostly due to the fact that they are all NEETs, hiki, or simply underage. I know you've said you're not a tech god, and that's fine, but you need to lurk more and pay attention, because some guy coming in and claiming credentials on the internet shouldn't cut it as evidence. Trust me, I work at Nintendo.

Julian Jackson
Julian Jackson

Fibre sniffers are not for decryption, they are for traffic confirmation, sybil, or whatever you call it. If some state actor has taps on every single ISP, exchange and datacentre in your country, then you're fucked kiddo. John Doe connects to VPN in Russia, at the same time VPN in Russia connects to 8ch.net/tech/. Coincidence? I think not. Then there are backdoors in network equipment around the world, confirmed or not. The equipment runs proprietary software, so it is equal of malice. Cisco for muricans, Huawei for chinks, etc. This is how they deanonymize Tor, not by running every single node themselves, but by controlling every channel these nodes connect to. Let's say there are 150 nodes in France, CIA taps all 3 France's exchanges and sniffs for Tor packets only, easy as that. When needed, backdoors can be activated with magic packets, the equipment itself also might store logs in secret cold storage for later use, those are not visible on surface and can not be flushed from console by hackers/admins.

Levi Phillips
Levi Phillips

Great, but they don't, thanks to Tor and i2p randomised delays.

Magic backdoors don't decrypt packets,

Joseph Rogers
Joseph Rogers

that's what me and psp are for

Elijah Fisher
Elijah Fisher

just for clarifying both tor and i2p use randomized delays

Jeremiah Jones
Jeremiah Jones

Oh, so the CPU can decrypt packets?
Do you know how ridiculous that would be to implement

Adrian Anderson
Adrian Anderson

it doesn't need to decrypt the packets it just needs the decryption key stored in the ram that it has full access to

Brody Lee
Brody Lee

Except the post posted from the /pol/faggot claimed that PSP and IME were a distraction and not the thing that basically makes all hardware insecure, retard. Honestly, do you niggers ever stop and think for a second.

Dylan Cook
Dylan Cook

So has anybody tried this or not? Did it work? I need confirmation!

Brandon Harris
Brandon Harris

he doesn't realise all hardware is backdoored or compromised at a hardware level
lurk moar

Brayden Parker
Brayden Parker

Yes, just did one a couple weeks ago. Works good.

Bentley Miller
Bentley Miller

what me cleaner is doing is writing a custom firmware for the motherboards bios
No, it's just stripping away some of the firmware that's held on the BIOS chip. The way it works is that more than just the BIOS resides on that EEPROM. Some sections are reserved for the tiny operating system that makes the Intel ME work. The ME turns off the 30 minute watchdog which reboots the CPU every 30 minutes. The ME firmware itself is highly modular which allows flexibility for motherboard manufacturers. So what this ME Cleaner program does is take the entire ME firmware after you make a copy of it by dumping the ROM, either with an external clip or with a tool called flashrom. Then it modifies that copy to remove the parts of the firmware that are responsible for networking and DMA and all that nasty stuff. Then you write that modified image to your BIOS ROM and you should be left with a management engine which is completely local, as in isolated from any networks, and it shouldn't be able to access your RAM, hard disks, or CPU cache or any of your other devices.

so this is a motherboard mod.
Yes. You are only modifying your motherboard components.

you can't take that cpu out afterward and stick it in a new motherboard and have ME still disabled?
You can replace the CPU with anything that works with that socket and the ME will always be disabled, since the ME itself will (usually) only change versions between CPU generations.

I've done it on several laptops and under Fedora 26 the ME no longer shows up in my PCI devices, which means that it's been neutralized.

Disable AdBlock to view this page

Disable AdBlock to view this page