pngdeity/Intel Management Engine (ME) - disable it - the better way!.txt

## Intel Management Engine (ME) - disable it - the better way!.txt
* me_cleaner is a shitty way to disable it because:
- PTE isn't fully disabled
- not works for everyone
- might result in crashes or only works for half hour till it restarts
- https://github.com/corna/me_cleaner

Better version:
- patches Bios code (me firmware)
- works better especially for Core i-6000, Core i-7000
- doc/research: http://blog.ptsecurity.com/2017/08/disabling-intel-me.html
  Archive: https://archive.ph/20170828145552/http://blog.ptsecurity.com/2017/08/disabling-intel-me.html
- https://io.netgarage.org/me/
- reserve_hap 0/1 switch is 'best' solution so far //High Assurance Platform (HAP) enable

Problems:
- Boot Guard broken (no one knows exactly what happens here)
- Not works for very CPU (not works with e.g Atom Celerons, Xeon,...)
- Not every part decrypted (yet)
- No easy to use 'tool' avbl. for everyone
	* me_cleaner is a shitty way to disable it because:
	- PTE isn't fully disabled
	- not works for everyone
	- might result in crashes or only works for half hour till it restarts
	- https://github.com/corna/me_cleaner

	Better version:
	- patches Bios code (me firmware)
	- works better especially for Core i-6000, Core i-7000
	- doc/research: http://blog.ptsecurity.com/2017/08/disabling-intel-me.html
	Archive: https://archive.ph/20170828145552/http://blog.ptsecurity.com/2017/08/disabling-intel-me.html
	- https://io.netgarage.org/me/
	- reserve_hap 0/1 switch is 'best' solution so far //High Assurance Platform (HAP) enable

	Problems:
	- Boot Guard broken (no one knows exactly what happens here)
	- Not works for very CPU (not works with e.g Atom Celerons, Xeon,...)
	- Not every part decrypted (yet)
	- No easy to use 'tool' avbl. for everyone