The Intel Management Engine (2024-02-17)

Disclaimer

This kind of issue isn't specific to Intel; read about AMD's equivalent here.

Introduction

The Intel Management Engine is a contentious component built into every Intel processor made after the Core2 Duo except for the ones sold to the US government xDDDD. Its capabilities include, but are not limited to:

  1. Running without your computer being on (it will continue to run as long as electricity is flowing through it).
  2. Connecting to the internet with its own network interface (the traffic of which is not visible to anything other than the IME).
  3. Updating itself without any user input.
  4. Accessing literally everything in your computer's RAM.
  5. Accessing literally everything on your drive (completely bypassing disk encryption if you use it, due to point #4).
  6. Being completely proprietary, the only people who know what it does are the people who made it.

Complexity

The IME runs on its own operating system, which is a stripped down version of MINIX. It continues running as long as there is power. Almost everything about this system is proprietary, barely anything is known about it. Despite this, multiple security vulnerabilities have been found in the IME.

Mitigations

Librebooted 2007 Macbook Librebooted Dell Latitude E6400

If you want to completely avoid the IME, there isn't much you can do other than using a computer from the Core2 days. If this is something you're interested in, laptops like the Dell Latitude E6400 and Thinkpad X200 still perform remarkably well by today's standards. What makes them particularly good options is their compatibility with free firmware solutions such as libreboot. I personally daily drive a librebooted Dell Latitude E6400.

If you are interested in making it a little bit less spooky, you can deblob the IME by flashing free firmware such as libreboot on supported hardware. Out of the currently supported hardware, I'd recommend the ThinkPad T440p due to its cheap price on the used market, its upgradability, and its very usable specs for the current year (2024).

to be continued... (probably never will be)

Back to home