Forked from CHEF-KOCH/Intel Management Engine (ME) - disable it - the better way!.txt
Created
January 31, 2018 22:17
-
-
Save 0rbadvent/b3069d12ec56b6357a0396493770871a to your computer and use it in GitHub Desktop.
Intel Management Engine (ME) - disable it - the better way!
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* me_cleaner is a shitty way to disable it because: | |
- PTE isn't fully disabled | |
- not works for everyone | |
- might result in crashes or only works for half hour till it restarts | |
- https://github.com/corna/me_cleaner | |
Better version: | |
- patches Bios code (me firmware) | |
- works better especially for Core i-6000, Core i-7000 | |
- doc/research: http://blog.ptsecurity.com/2017/08/disabling-intel-me.html | |
- https://io.netgarage.org/me/ | |
- reserve_hap 0/1 switch is 'best' solution so far //High Assurance Platform (HAP) enable | |
Problems: | |
- Boot Guard broken (no one knows exactly what happens here) | |
- Not works for very CPU (not works with e.g Atom Celerons, Xeon,...) | |
- Not every part decrypted (yet) | |
- No easy to use 'tool' avbl. for everyone |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment