Following Bugs Discovered in Intel’s Management Engine, PC Makers Start Selling Machines with ME Disabled
Intel has long been at the center of a controversy surrounding its Management Engine. The company recently issued a security advisory admitting that it has discovered several security vulnerabilities in its in-chip program. While the company also released firmware updates that purportedly fix those issues, some of the hardware vendors have started to offer computers with disabled ME.
Computer vendors start disabling Intel Management Engine (ME)
Management Engine along with Trusted Execution Engine (TXE) and Server Platform Services (SPS) is used by the chipmaker to remotely manage your computer. ME is independent of the primary operating system and is often called a "secret OS" with separate processes, memory manager, and a file system. While it took the company a long time to carry out an extensive security review following months of rumors and concerns surrounding some of its products, some companies are now being more proactive about disabling ME.
"Disabling the Management Engine, long believed to be impossible, is now possible and available in all current Librem laptops, it is also available as a software update for previously shipped recent Librem laptops." Purism
So far, at least three vendors including Dell, System76 and Purism, have promised to offer computers with disabled ME. Purism had interestingly offered this back in October, over a month before Intel's public security advisory. "Disabling the Management Engine is no easy task, and it has taken security researchers years to find a way to properly and verifiably disable it," the company said.
"The Librem 13 and Librem 15 products can be purchased today and will arrive with the Management Engine disabled by default."
According to a change spotted by BleepingComputer, Dell is also now offering its customers the option to buy an Intel powered computer without the Management Engine.
Apart from it, Linux PC maker System76 announced releasing an open-source program to "automatically deliver firmware to System76 laptops similar to the way software is currently delivered through the operating system". The company's statement adds that "System76 will automatically deliver updated firmware with a disabled ME on Intel 6th, 7th, and 8th Gen laptops".
"The ME provides no functionality for System76 laptop customers and is safe to disable."