Delete   Set public   Set private
Daily Weekly Monthly

Monthly Shaarli

Previous month
All links of one month in a single page.
Next month

November, 2023

How does it work? /me_cleaner Wiki
thumbnail

Tool for partial deblobbing of Intel ME/TXE firmware images - How does it work?

IntelME me_cleaner
Conti ransomware group targeted Intel firmware tools
thumbnail

Published: 02 Jun 2022

Leaked data reveals Conti ransomware operators were exploring attacks on Intel Management Engine -- or Intel ME -- and CSME, according to new research from Eclypsium.

IntelME attack_on_IntelME
Getting Started with Intel® Active Management Technology

This document contains information on how to get started with Intel® Active Management Technology (Intel® AMT). It provides an overview of the features, as well as information on minimum system requirements, configuration of an Intel AMT client, tools to use Intel AMT features on a PC, and the developer tools available to help create applications for Intel AMT.

Has Intel AMT Definition

IntelME IntelAMT
media.ccc.de -Intel ME: Myths and reality
thumbnail

Some of the claims we plan to cover:

• It's a backdoor made for NSA and serves no useful purpose
• It is always on even if the PC is turned off
• It can read all data on PC/spy on the user
• It can't be disabled
• It can lock the PC with a command sent over the air
• It a black box which can't be audited because it's closed source
• End users can't do anything about it.

You can audit it even without source code (and maybe even without reverse engineering).

The firmware size is greatly reduced:
Original Modified
Generation 2 1.5 MiB / 5 MiB 84 KiB
Generation 3 2 MiB / 6.6 MiB 330 KiB

What stuff of ME things are working and what not

IntelME me_cleaner privacy coreboot
The Intel Management Engine: an attack on computer users' freedom — Free Software Foundation
IntelME FSF
Intel & ME, and why we should get rid of ME — Free Software Foundation
IntelME FSF
HAP AltMeDisable bit
thumbnail

me_cleaner supports two ways to disable Intel ME:

by removing the non-fundamental partitions and modules from the Intel ME firmware
by setting the HAP (Intel ME >= 11) or the AltMeDisable (Intel ME < 11) bit in the flash descriptor
me_cleaner HAP AltMeDisable IntelME
Behind the Scenes of Intel Security and Manageability Engine
thumbnail

Presentation Black Hat 2019

Covers ME 12 on Intel 8th and 9th Gen

CSME=ME

  • ME system diagram p.5

  • ME boot flow + diagram p.9

  • isolation from the rest

  • Roles (what ME is for)

  • ME hardware parts

  • OEM decides if boot guard on/off

  • ME firmware update

    • Downgrade allowed by Intel only for certain versions
    • Upgrade over the internet

Presentation Material
Video

IntelME
"Active Management Technology": The obscure remote control in some Intel hardware — Free Software Foundation
IntelAMT FSF
What is Intel ME disabling and why is it important?
thumbnail

The official HECI method for disabling Intel ME

The HAP disabling method: a more secure option

IntelME HECI HAP NovaCustom Laptop me_cleaner
coreboot for RISC-V

Nice diagram with ring [ME = (-4) & (-3) ring] p.5

coreboot RISC-V IntelME
Intel ® Converged Security and Management Engine (Intel® CSME) Security

Heavily patent document with drawings, charts and tech Info about ME (referred as CSME)

The purpose of this white paper is to describe the security design and implementation of Intel ® CSME 14.0 (Comet Lake), Intel ® CSME 15.0 (Tiger Lake) and Intel ® CSME 16.0 (Alder Lake) and its role in the platform.

Bookmars/Chapter

Chapter 2: Basics

  • definition
  • diagram
  • 3 main fuctions of ME
    • Silicon Initialization
    • Manageability
    • Security

Chapter 4: ME firmware

  • nice diagram of ME rings (ME CPU rings and not the Main CPU rings)
  • Description of Firmware Components

The white paper content is based on: “BlackHat 2019 - Behind the Scenes of Intel Security and Manageability Engine”

IntelME