The official HECI method for disabling Intel ME

The HAP disabling method: a more secure option

Published: 02 Jun 2022

Leaked data reveals Conti ransomware operators were exploring attacks on Intel Management Engine -- or Intel ME -- and CSME, according to new research from Eclypsium.

me_cleaner supports two ways to disable Intel ME:

by removing the non-fundamental partitions and modules from the Intel ME firmware
by setting the HAP (Intel ME >= 11) or the AltMeDisable (Intel ME < 11) bit in the flash descriptor

Nice diagram with ring [ME = (-4) & (-3) ring] p.5

Heavily patent document with drawings, charts and tech Info about ME (referred as CSME)

The purpose of this white paper is to describe the security design and implementation of Intel ® CSME 14.0 (Comet Lake), Intel ® CSME 15.0 (Tiger Lake) and Intel ® CSME 16.0 (Alder Lake) and its role in the platform.

Bookmars/Chapter

Chapter 2: Basics

• definition
• diagram
• 3 main fuctions of ME
  • Silicon Initialization
  • Manageability
  • Security

Chapter 4: ME firmware

• nice diagram of ME rings (ME CPU rings and not the Main CPU rings)
• Description of Firmware Components

The white paper content is based on: “BlackHat 2019 - Behind the Scenes of Intel Security and Manageability Engine”

Presentation Black Hat 2019

Covers ME 12 on Intel 8th and 9th Gen

CSME=ME

• ME system diagram p.5

• ME boot flow + diagram p.9

• isolation from the rest

• Roles (what ME is for)

• ME hardware parts

• OEM decides if boot guard on/off

• ME firmware update

  • Downgrade allowed by Intel only for certain versions
  • Upgrade over the internet

Presentation Material
Video

This document contains information on how to get started with Intel® Active Management Technology (Intel® AMT). It provides an overview of the features, as well as information on minimum system requirements, configuration of an Intel AMT client, tools to use Intel AMT features on a PC, and the developer tools available to help create applications for Intel AMT.

Has Intel AMT Definition

Some of the claims we plan to cover:

• It's a backdoor made for NSA and serves no useful purpose
• It is always on even if the PC is turned off
• It can read all data on PC/spy on the user
• It can't be disabled
• It can lock the PC with a command sent over the air
• It a black box which can't be audited because it's closed source
• End users can't do anything about it.

You can audit it even without source code (and maybe even without reverse engineering).

The firmware size is greatly reduced:
Original Modified
Generation 2 1.5 MiB / 5 MiB 84 KiB
Generation 3 2 MiB / 6.6 MiB 330 KiB

What stuff of ME things are working and what not

People often think that if they’re managing data responsibly, then they’re also respecting privacy requirements. However, while often thought of as interchangeable, data security and user privacy are in fact not the same thing. They have a common goal to protect sensitive data, but vary greatly in their approach.

Two huge security issues found in almost all modern processors. How do they work and what can we do about it? Let's find out!

Make sure that you install all the latest patches for your operating system & software!

🌍 Social
Twitter: https://twitter.com/Savjee
Facebook: https://facebook.com/Savjee
Blog: https://savjee.be

❤️ Become a Simply Explained member: https://www.youtube.com/channel/UCnxrdFPXJMeHru_b4Q_vTPQ/join

📚 Sources can be found on my website:
https://www.savjee.be/videos/simply-explained/meltdown-spectre/

• Install trisquel

  • using netinstall expert
  • don't install anything in taskel

• Install packages
  apt install kde-plasma-desktop kwin-wayland plasma-workspace-wayland konsole plasma-nm systemsettings dolphin kate powerdevil abrowser breeze-gtk-theme kde-config-gtk-style gsettings-desktop-schemas gtk2-engines-oxygen oxygen-cursor-theme oxygen-icon-theme gnupg qtpass pass pinentry-qt htop kscreen qml-module-qt-labs-platform --no-install-recommends

Upon logging in on Lubuntu 19.04 it is using sddm, but when the computer is idle too long and it goes into idle, when I go to log back in it is using xscreensaver(which I can't stand the look of). I