Things have wandered a little far afield... :-)
"Theodore Ts'o" <tytso(a)mit.edu> wrote:
Or there's something running on a completely
different x86 core with
unpatched securiy bugs in the Minix and Apache cores that you can't
even disable (unless you are the National Security Agency).... Sadly,
Intel refuses to make it available the magic bits to disable the Intel
ME to anyone else. :-(
I worked for a number of years in the design center where the firmware
and software for the ME were develped. Although it's possible that
the firmware developers were sworn to secrecy, I never heard anything
about back doors for the NSA or anyone else.
Intel took security and code quality in the ME very seriously,
and during my tenure the quality of the ME firmware improved a lot.
ISTR that the BIOS had settings for disabling the ME. Is that
no longer true?
I know there are lots of people who despise the ME, which I never
understood. It was designed to solve the very real problem of remote
PC management, and for that it works. My own feeling is, if you don't
want the ME, buy a processor without it; there are plenty from Intel
and AMD.
Quite seriously, and with no animosity, I'd be happy to learn what
I'm missing here.
Thanks,
Arnold