Despite some companies making strides with ARM, for the most part, the desktop and laptop space is still dominated by x86 machines. For all their advantages, they have a glaring flaw for anyone con…
The article really doesn’t call out explicitly: The management engine never stops running, turning it off is nearly impossible, and if you do succeed the computer resets in 30 seconds. So this untrusted entity is constantly looking at everything happening, and the best we can do is load some dummy configuration so it doesn’t do anything, or perhaps it doesn’t do anything, because we don’t know.
Having an architecture without the big brother chip sitting on the bus would be a huge huge bonus.
Most sane people just want to disable ME because it increases the attack surface of your system, and using the HAP disable does exactly that.
You can tell ME is shut down after the boot sequence is completed, which will protect your system from all ME attacks that does target the boot process.
The article really doesn’t call out explicitly: The management engine never stops running, turning it off is nearly impossible, and if you do succeed the computer resets in 30 seconds. So this untrusted entity is constantly looking at everything happening, and the best we can do is load some dummy configuration so it doesn’t do anything, or perhaps it doesn’t do anything, because we don’t know.
Having an architecture without the big brother chip sitting on the bus would be a huge huge bonus.
RISCV
Most sane people just want to disable ME because it increases the attack surface of your system, and using the HAP disable does exactly that.
You can tell ME is shut down after the boot sequence is completed, which will protect your system from all ME attacks that does target the boot process.