Hi, I just heard about this today and did a bit of research on it, but the things I found were too technically savvy for me, and some were quiet ambiguous in their explanations. Before I ask the question, I would like to say that I do understand technical terms relating to computers and their hardware, but I might not fully get some of the acronyms. That being said, my main questions are:
What the hell is Intel ME and also AMDs PSP? What do they do – what’s the point of having them? Why can’t we just integrate all the management software onto the CPU and must rely on a separate independent processor (is that what it is)? What protection ring would it be classified as (might help to explain how the layers may interact with one another)? Finally, how big of a security risk does it pose?
I know those are a bunch of questions and they will implicit a large and thought-out response, but to anyone who has knowledge about this specific niche and has the time, I would greatly appreciate it.
Thanks again.
In: 58
Intel ME is, in fact, a completely separate processor running its own operating system stored in a firmware chip on your bios. The features are that it makes its own decisions regardless of the opinions of your host OS for the most part, and can run even when the system is sleeping. It can be considered to have *more* control and permissions than even your operating system of the hardware. For protection ring, it’s usually colloquially referred to as ring -3, with -1 being a hypervisor and 0 being the kernel itself.
Now, what does it use these powers to do? DRM. That’s probably the biggest. Letting the OS handle that allows things like pesky users trying to circumvent DRM. It also provides some sort of built-in anti-theft. There are probably other security features it does as well, and it can be used by the processors for other cases like deciding what runs where, but it’s not open source and is pretty much a black box. I’m sure some security people have tried to reverse parts of it.
Intel ME is, in fact, a completely separate processor running its own operating system stored in a firmware chip on your bios. The features are that it makes its own decisions regardless of the opinions of your host OS for the most part, and can run even when the system is sleeping. It can be considered to have *more* control and permissions than even your operating system of the hardware. For protection ring, it’s usually colloquially referred to as ring -3, with -1 being a hypervisor and 0 being the kernel itself.
Now, what does it use these powers to do? DRM. That’s probably the biggest. Letting the OS handle that allows things like pesky users trying to circumvent DRM. It also provides some sort of built-in anti-theft. There are probably other security features it does as well, and it can be used by the processors for other cases like deciding what runs where, but it’s not open source and is pretty much a black box. I’m sure some security people have tried to reverse parts of it.
Intel ME is, in fact, a completely separate processor running its own operating system stored in a firmware chip on your bios. The features are that it makes its own decisions regardless of the opinions of your host OS for the most part, and can run even when the system is sleeping. It can be considered to have *more* control and permissions than even your operating system of the hardware. For protection ring, it’s usually colloquially referred to as ring -3, with -1 being a hypervisor and 0 being the kernel itself.
Now, what does it use these powers to do? DRM. That’s probably the biggest. Letting the OS handle that allows things like pesky users trying to circumvent DRM. It also provides some sort of built-in anti-theft. There are probably other security features it does as well, and it can be used by the processors for other cases like deciding what runs where, but it’s not open source and is pretty much a black box. I’m sure some security people have tried to reverse parts of it.
I’d like to address the point of Management Engine. Yeah, it can be used for DRM, but it’s actually intended to be used for, you know, management.
If you work with a lot of server-grade hardware, they have something called an IPMI (Intelligent Platform Management Interface, goes by different names with different manufacturers). This lets you manage the machine remotely regardless of the state of the machine. For example, you can power the machine on and off through this interface. You can also look at the “screen” (these systems usually don’t have a monitor plugged in). You can also do a lot of hardware diagnostics and other setup.
Intel’s Management Engine brings this to “regular” PCs. If you manage a lot of desktops, this can be a _huge_ plus for your support infrastructure.
I’d like to address the point of Management Engine. Yeah, it can be used for DRM, but it’s actually intended to be used for, you know, management.
If you work with a lot of server-grade hardware, they have something called an IPMI (Intelligent Platform Management Interface, goes by different names with different manufacturers). This lets you manage the machine remotely regardless of the state of the machine. For example, you can power the machine on and off through this interface. You can also look at the “screen” (these systems usually don’t have a monitor plugged in). You can also do a lot of hardware diagnostics and other setup.
Intel’s Management Engine brings this to “regular” PCs. If you manage a lot of desktops, this can be a _huge_ plus for your support infrastructure.
I’d like to address the point of Management Engine. Yeah, it can be used for DRM, but it’s actually intended to be used for, you know, management.
If you work with a lot of server-grade hardware, they have something called an IPMI (Intelligent Platform Management Interface, goes by different names with different manufacturers). This lets you manage the machine remotely regardless of the state of the machine. For example, you can power the machine on and off through this interface. You can also look at the “screen” (these systems usually don’t have a monitor plugged in). You can also do a lot of hardware diagnostics and other setup.
Intel’s Management Engine brings this to “regular” PCs. If you manage a lot of desktops, this can be a _huge_ plus for your support infrastructure.
Its a piece of junk that’s what it is, it broke for me one day and leads to windows booting up very slowly.
Disable MEI from device manager if you’re having a similar issue on an older cpu. It solves the slow boot issue.
Its a piece of junk that’s what it is, it broke for me one day and leads to windows booting up very slowly.
Disable MEI from device manager if you’re having a similar issue on an older cpu. It solves the slow boot issue.
Its a piece of junk that’s what it is, it broke for me one day and leads to windows booting up very slowly.
Disable MEI from device manager if you’re having a similar issue on an older cpu. It solves the slow boot issue.
To quell some concerns people have, this is a business-class feature intended for businesses to manage their fleets of computers. It requires integration with the motherboard firmware.
It’s not a secret back door built into every home computer. Most consumer machines don’t even support it, and most vendors won’t enable it unless you ask for it when ordering.
Given that you have to ask for it, then you have to enable it, then you have to configure it, it isn’t something you really need to worry about being done to you on your personal machine, unless you buy refurbished business class.equipment.
Latest Answers