How to invalidate Intel ME 11 will be released

All of the microcontroller "Intel Management Engine (Intel ME)" that has been incorporated into the Intel chipset successful security companies to disable thePositive TechnologiesHowever, I publish the method on my blog.

Positive Technologies - learn and secure: Disabling Intel ME 11 via undocumented mode

The Intel Management Engine (Intel ME) is a microcontroller built into the motherboard chipset that controls peripheral devices and is responsible for almost all communication between the CPU and external devices. For this reason, Intel ME has the feature that it can access almost all data on the computer.

The latest "Intel ME 11" is being compressed with Huffman code including an unknown table, so analysis is difficult. Therefore, the research team of Positive Technologies has developed utility software for restoring the table and developing the image and publishing it on the GitHub page.

GitHub - ptresearch / unME 11: Intel ME 11.x Firmware Images Unpacker

Since Intel ME is concerned with power management, CPU activation, etc., it is impossible to completely disable the function. Furthermore, it seems that it is difficult to completely disable it because some data is hard coded inside the PCH chip in the south bridge on the recent mother board. So, effective as a method to invalidate Intel ME is to actually delete the extra part from the image while maintaining the function of the computer, and the research team of Positive Technologies has been in the main system for several years I have created a special utility to keep only essential components. In the previous Intel ME, the image size of the minimum configuration was reduced to 90 KB, whereas the image size of Intel ME 11 was reduced to only 650 KB.

According to Positive Technologies, the report on the invalidation of Intel ME 11 is the first volume of Intel ME related data that has accumulated in large quantities, and it is said that future information on Intel ME will be provided in the future.

in Software, Posted by darkhorse_log