|
Top-level
It won't keep AMT from running. It is independent of any OS you control. ME and AMT are stored on the BIOS chip, in 2760p it's 8MiB (~5MB ME+AMT, ~3MB BIOS). In my opinion, whether it's reachable at localhost is irrelevant. I'm more afraid of remote accesses. The ME coprocessor has unrestricted access to all memory and other hardware. NICs too, it can have its own MAC address as well). 8 comments
@riku @i_lost_my_bagel Okay... I get that localhost based services are of little use remotely. So, how would (1) anyone remotely access IME or (2) IME send any data to a remote location on its own? @jmhorner @riku the localhost part is just a small web interface that does nothing but tell you some system status. It can't do anything useful. You can use https://github.com/Ylianst/MeshCommander to connect to it from another computer and access all the fun stuff. @jmhorner @i_lost_my_bagel By sending/receiving packets to an Intel network card on that machine. ME coprocessor has access to those, and can configure them how it wishes. yeah, this has been widely known and criticised ever since intel first introduced it. clearly not widely enough, if users still don't know about it. those version numbers refer to specific chipset generations btw, since the ime is inside the pch. so 6.0 is ibex peak, not exactly bleeding edge. i very much think only code that i approve of should run on my machine. it's the principle. |
Gregory's Server
@jmhorner @i_lost_my_bagel
Luckily there's a solution:
me_cleaner: https://github.com/corna/me_cleaner
It'll remove all AMT code permanently, shrinking your ME firmware to under 100kB (just what's necessary to disable a watchdog timer).
Btw, there's also coreboot available for that elitebook, in case you want to get rid of the HP BIOS entirely :)