Disabling IME

Has anybody tried this?

wiki.gentoo.org/wiki/Sakaki's_EFI_Install_Guide/Disabling_the_Intel_Management_Engine

I would be interested in curing myself of IME disease.

Other urls found in this thread:

libreboot.org/faq.html#amd-platform-security-processor-psp
8ch.net/pol/res/10649602.html#10650868
twitter.com/SFWRedditVideos

...

More like it's running inside (you)r CPU. My shit is spanking fine, AMD FX, nigga. You all laughed at me when I told you it would pay off. You all bitched and moaned about IPC not being on par with Sandy Vagina, but here I am and there (you) are. I'm going to go and enjoy all of my wonderful cores now, faggots.

how does 8ch look on templeOS user?

Cry more, bitch nigga. TempleOS running Crysis in text only mode.

ignoring the brand loyalty cuckoldry in this post, Id reccomend anyone else who cant afford a TALOS do the same as me(not that poster), and get the newest pre-PSP amd they can.

I'm actually fucking with you all, I just got the FX. I was on a 955 earlier this month. I also had a 4770k, but apparently women don't like it when you have PTSD symptoms and I got kicked out of my house. The dog got to leave with me, though.

You do realize that AMD has this problem too, right? It's called the Platform Security Processor (PSP) on there.
libreboot.org/faq.html#amd-platform-security-processor-psp

You do realize this doesn't affect the CPUs I mentioned here, right?

Wait so FX isn't affected?

Only those released Pre-2013 or so. You linked the libreboot page. Says so right there. But your 8350/70 and so on are sage. The phenom line is also fine. As I said, I just replaced a 955 with an fx chip. The 955 will be going to a home server.

What the fuck did you think I was talking about when I said "pre-PSP" amd?
Chips from before the playstation portable was released?

Yeah, and the chips I mentioned fit that bill. I thought you were confused about their status.

If you want to buy AMD FX equipment then you need to hurry. The reason is not that the cpus are getting scarce. The problem is that the mainboards are getting harder and harder to order. Some types are out of order already that could be purchased easily half a year ago. Personally I will keep my current machine and buy 1 mainboard and 1 FX cpu as spare parts in case anything breaks down.

Isn't a IME and AMD's equivalent simply a Mobo firmware problem as in mobo code? Could mobo developers not have the Pozz by not coding it to work?

Not unless they don't want their good goy shekels from microscam, associated MUH DICKErs, and jewtel.
Or more specifically all the laptop and phone makers are kike owned and ran. Even if a goyim came into the competition microsoft would deny use of their operating system, all the chink manufactures would refuse to sell to them, intel/amd would sue for selling their parts without a "liscense", and the BIOS makers would not contribute any code what so ever to their efforts. System76 and ilk like them only stay in buisness because they use backdoored shit that the alphabet agencies approve of.

No, it's a physical co-processor embedded in your CPU, and it has privileges above anything you have control over.

It's like that with Intel X58 (and some newer but still old chipsets). The CPUs are mega cheap but overclocking capable motherboards are insane unless you get lucky.

so if i understand what's going on in that wiki... what me cleaner is doing is writing a custom firmware for the motherboards bios, which fucks up the ME inside of the cpu everytime it boots?

so this is a motherboard mod. you can't take that cpu out afterward and stick it in a new motherboard and have ME still disabled?

Or does it flash the actual ME using the bios chip?

...

CPU memory is volatile. That means you have to load ME, AMT, microcode updates on every boot from external source like bios chip or emmc. The me_cleaner script removes all possible ME and AMT partitions from any bios firmware, leaving only basic stuff that initializes processor on boot.

my original thought was why not try to sell these. so you wouldn't be selling the processors with nuked ME, you'd be selling motherboards.

Purism/Librem company sells laptops with nuked ME and preinstalled Qubes OS. Other major motherboard manufacturers are mostly aimed for Windows users and corporate market, therefore they need to keep all proprietary backdoors from vendors intact.

Don't do this people. It is against the law and will brick your system.
Also, IME keeps you safe from Russian hacking.

i wonder how well those sell. if you don't trust the botnet in the bios why would you trust what some random company puts in there. you could verify it yourself if you had all the shit to do this, but then you wouldn't be buying it from some random company in the first place.

Such companies are probably NSA/CIA/FBI joint ventures.

I'll brick your window you mealy-mouthed inbred burgerclap

I am coming a long way from Holla Forums don't expect me to be a tech god. I am reposting an insider's case on these and that every fucking thing is fucked and they knew about this for decades. Guys better cook up some good security because this is very fucked up:
8ch.net/pol/res/10649602.html#10650868
"t.hardwareoldfag here.
Listen up and listen good if you want to know the truth you ignorant hardware niggers
Yes OP, this is old as fuck news to anyone paying attention. I knew about this in 2007 or so when IME was deployed first, even asked this question in the training seminar with some strange looks. Shortly after this they integrated it into the chipsets, it used to be an add in board initially. From that point (and prior) you were fucked either way though.

Also one more thing.
Check the post itself and check the counter-arguments there too because this is NOT a full picture. This could just as well be scaremongering and it's good to question it. That is why I am posting this here so I can take this on a debate.
-Are things really this bad?
-Are there really no way around?
-Small criminal cases are in the "no one cares" bucket for agencies right?
-Are all things on record or are there "triggering datas/words" that raises a flag for the ABC soup?
-Is the quantum fuckery even usable at this current technology?
(I know I replied to myself. Who cares)

Stick to Holla Forums, faggot, and don't come back. You think this guy has insider knowledge because he types like an asshole, tells you to check his claims (which ensures you won't), and claims to have insider knowledge? You're a dumbass.

Every fucking sysadmin in the world knew what ME was. The thing is, this is how you know he's chatting shit. He did not know the ME was compromised, because at the time, it wasn't. Even if it is/was backdoored, that is not what the OP is implying by compromised, i.e., this poster is trying to mislead you.

Unfortunately, they are. I'm assume in context he's talking about HDD firmware exploits similar to SpriteTM's... the decryption is done after the encrypted data leaves the HDD, i.e. HDD firmware isn't reading decrypted data.

It is not a "distraction", it's a piece of hardware designed for a purpose.

This is just a lie.

This is also a lie. Maybe not a lie, just plain wrong.

Do not decrypt traffic (i.e. between you and a VPN, Tor traffic etc)

Most of it is just word salad.

This pretty much ensures that any information you received is wrong. Holla Forums is technologically illiterate, mostly due to the fact that they are all NEETs, hiki, or simply underage. I know you've said you're not a tech god, and that's fine, but you need to lurk more and pay attention, because some guy coming in and claiming credentials on the internet shouldn't cut it as evidence. Trust me, I work at Nintendo.

Fibre sniffers are not for decryption, they are for traffic confirmation, sybil, or whatever you call it. If some state actor has taps on every single ISP, exchange and datacentre in your country, then you're fucked kiddo. John Doe connects to VPN in Russia, at the same time VPN in Russia connects to 8ch.net/tech/. Coincidence? I think not. Then there are backdoors in network equipment around the world, confirmed or not. The equipment runs proprietary software, so it is equal of malice. Cisco for muricans, Huawei for chinks, etc. This is how they deanonymize Tor, not by running every single node themselves, but by controlling every channel these nodes connect to. Let's say there are 150 nodes in France, CIA taps all 3 France's exchanges and sniffs for Tor packets only, easy as that. When needed, backdoors can be activated with magic packets, the equipment itself also might store logs in secret cold storage for later use, those are not visible on surface and can not be flushed from console by hackers/admins.

Great, but they don't, thanks to Tor and i2p randomised delays.

Magic backdoors don't decrypt packets,

that's what me and psp are for

just for clarifying both tor and i2p use randomized delays

Oh, so the CPU can decrypt packets?
Do you know how ridiculous that would be to implement

it doesn't need to decrypt the packets it just needs the decryption key stored in the ram that it has full access to

Except the post posted from the Holla Forumsfaggot claimed that PSP and IME were a distraction and not the thing that basically makes all hardware insecure, retard. Honestly, do you niggers ever stop and think for a second.

So has anybody tried this or not? Did it work? I need confirmation!

>he doesn't realise all hardware is backdoored or compromised at a hardware level
lurk moar

Yes, just did one a couple weeks ago. Works good.

No, it's just stripping away some of the firmware that's held on the BIOS chip. The way it works is that more than just the BIOS resides on that EEPROM. Some sections are reserved for the tiny operating system that makes the Intel ME work. The ME turns off the 30 minute watchdog which reboots the CPU every 30 minutes. The ME firmware itself is highly modular which allows flexibility for motherboard manufacturers. So what this ME Cleaner program does is take the entire ME firmware after you make a copy of it by dumping the ROM, either with an external clip or with a tool called flashrom. Then it modifies that copy to remove the parts of the firmware that are responsible for networking and DMA and all that nasty stuff. Then you write that modified image to your BIOS ROM and you should be left with a management engine which is completely local, as in isolated from any networks, and it shouldn't be able to access your RAM, hard disks, or CPU cache or any of your other devices.

Yes. You are only modifying your motherboard components.

You can replace the CPU with anything that works with that socket and the ME will always be disabled, since the ME itself will (usually) only change versions between CPU generations.

I've done it on several laptops and under Fedora 26 the ME no longer shows up in my PCI devices, which means that it's been neutralized.

total cianiggerdom detected

No.
Use a processor without ME/PSP/etc etc.

We need an OS that breaks ME as part of the boot process.

First make an OS that escapes virtual machine as a part of boot process.

Reminder all post-2013 AMD is compromised

Guys, no offense, but:

1. I'm an europoor that can't afford a fucking TALOS II.
2. I bet my arse you guys for simply trying to avoid so much botnet end up being the most searched of us by the ISPs/Securiy Agencies. Or even that some of you "paranoids" are actually NSAfags.
3. Yes, it sounds romantic to avoid all that botnet. I get you. I hate a lot of the shit nowadays for being so slow and Windows fucking 95 moving faster than many of them. But you can't live under a fucking rock.

Please prove me wrong.

I'm living under a rock right now and things are going okay. It's easier if you hate people.

Then buy an Atari ST, or Commodore 128. Or maybe even a pre-Lenovo IBM Thinkpad with i386 cpu. Or something else like that. If you really need 64-bit there's always PowerPC and SPARC. If you "need" Web 2.0 you're probably fucked anyway with regards to botnet, so might as well just suck down the ciannigger Intel crap at that point.
Anyway it's not about romantic, it's about being able to trust and have control over the hardware you paid for. If you're not the master of it, then why should you be paying money? They should pay you instead, and by the hour, because they're enforcing their will on you and that has to be compensated or it's not a fair transaction.
And it shouldn't be a surprise that a lot of people in open-source world are upset that the hardware layer is compromised. That pretty much invalidates all the open-source code, since even the OS can't control wtf the machine is doing at any given time.

Why do all the TLA shills use a variant of this line of attack?

It's too late, people are tired of the botnet, and we've seen where your masters want to take us so we're taking steps now.

are you fucking retarded

I bet my arse you use Xorg/systemd with a shitton of botnet inside it on your Linux/FreeBSD machine, and yet complain like a fucking bitch about botnet whilst still having a shitton vulnerabilities on your machine

Yet you have an uncorrupted CPU. Wow, it really takes a certain kind of retard to say something like this. You are truly one special kind of a cuck.