35 private links
Tool for partial deblobbing of Intel ME/TXE firmware images - How does it work?
The official HECI method for disabling Intel ME
The HAP disabling method: a more secure option
Published: 02 Jun 2022
Leaked data reveals Conti ransomware operators were exploring attacks on Intel Management Engine -- or Intel ME -- and CSME, according to new research from Eclypsium.
me_cleaner supports two ways to disable Intel ME:
by removing the non-fundamental partitions and modules from the Intel ME firmware
by setting the HAP (Intel ME >= 11) or the AltMeDisable (Intel ME < 11) bit in the flash descriptor
Nice diagram with ring [ME = (-4) & (-3) ring] p.5
Heavily patent document with drawings, charts and tech Info about ME (referred as CSME)
The purpose of this white paper is to describe the security design and implementation of Intel ® CSME 14.0 (Comet Lake), Intel ® CSME 15.0 (Tiger Lake) and Intel ® CSME 16.0 (Alder Lake) and its role in the platform.
Bookmars/Chapter
Chapter 2: Basics
- definition
- diagram
- 3 main fuctions of ME
- Silicon Initialization
- Manageability
- Security
Chapter 4: ME firmware
- nice diagram of ME rings (ME CPU rings and not the Main CPU rings)
- Description of Firmware Components
The white paper content is based on: “BlackHat 2019 - Behind the Scenes of Intel Security and Manageability Engine”
Presentation Black Hat 2019
Covers ME 12 on Intel 8th and 9th Gen
CSME=ME
-
ME system diagram p.5
-
ME boot flow + diagram p.9
-
isolation from the rest
-
Roles (what ME is for)
-
ME hardware parts
-
OEM decides if boot guard on/off
-
ME firmware update
- Downgrade allowed by Intel only for certain versions
- Upgrade over the internet
This document contains information on how to get started with Intel® Active Management Technology (Intel® AMT). It provides an overview of the features, as well as information on minimum system requirements, configuration of an Intel AMT client, tools to use Intel AMT features on a PC, and the developer tools available to help create applications for Intel AMT.
Has Intel AMT Definition
Some of the claims we plan to cover:
• It's a backdoor made for NSA and serves no useful purpose
• It is always on even if the PC is turned off
• It can read all data on PC/spy on the user
• It can't be disabled
• It can lock the PC with a command sent over the air
• It a black box which can't be audited because it's closed source
• End users can't do anything about it.
You can audit it even without source code (and maybe even without reverse engineering).
The firmware size is greatly reduced:
Original Modified
Generation 2 1.5 MiB / 5 MiB 84 KiB
Generation 3 2 MiB / 6.6 MiB 330 KiB
What stuff of ME things are working and what not