Results 1 to 8 of 8
  1. #1
    New ROGer Array
    Join Date
    Apr 2019
    Reputation
    10
    Posts
    4

    support request for disabling intel management engine

    Hello, i don't know if this is the right place to ask this but seeing that the bios is software i will ask here. It has come to my attention that the intel management
    engine is in fact not as secure as it could be and i was wandering if it would be possible to disable it with a patch of some sort. Perhaps an added uefi feature
    that would allow a user to disable it and toggle the "high assurance platform" bit to 1 would do the trick as it seems wrong to have this sort of active
    management technology enabled for users that only bought a system for gaming and are not system administrators of a large network. Don't get me wrong
    i can see how it would come in useful but as i mentioned earlier i am a gamer and not a sysadmin and this sort of thing comes across as beta and unprofessional
    Gaming and security and not just gaming are important.

  2. #2
    TeamROG Moderator Array xeromist PC Specs
    xeromist PC Specs
    Laptop (Model)Dell Inspiron 15 7567
    MotherboardMSI x470 Gaming Plus
    ProcessorAMD 2600X
    Memory (part number)16GB Crucial Ballistix Elite 3600
    Graphics Card #1ASUS GTX 1080 Strix
    MonitorBenQ BL3200PT
    Storage #1Intel 600p NVMe
    CPU CoolerWraith
    Casecustom Antec 900
    Power SupplyCorsair HX1000
    Keyboard Logitech Orion Spark
    Mouse Logitech MX500
    Headset Plantronics 777 with Oregon Aero upgrade
    xeromist's Avatar
    Join Date
    Jul 2010
    Reputation
    294
    Posts
    7,412

    The sysadmin features you are referring to are AMT, not IME. So you may want to clarify what you're asking.

    IME is an integral part of the chipset and cannot be disabled or removed. It's required for the CPU to boot. Apparently even Google hasn't been able to remove it from its server farms. There is the HAP switch you refer to but that only mostly disables features, not the whole thing. And HAP is only offered to government customers, not individuals.

    Unofficially some people have managed to gut the code in a way that lets the system post then causes IME to freeze but I wouldn't recommend flashing hacked firmware unless you don't mind bricking your system.

    The best we can do is continue to express our displeasure to Intel and/or switch to an AMD board since some of them allow AMD's AST to be disabled.

    Further reading: https://en.wikipedia.org/wiki/Intel_Management_Engine
    * Support disease research with Folding@Home *

    < < < Click the drop-down above my avatar for my PC specs!

  3. #3
    New ROGer Array
    Join Date
    Apr 2019
    Reputation
    10
    Posts
    4

    Cool support request for disabling intel management engine

    Quote Originally Posted by xeromist View Post
    The sysadmin features you are referring to are AMT, not IME. So you may want to clarify what you're asking.

    IME is an integral part of the chipset and cannot be disabled or removed. It's required for the CPU to boot. Apparently even Google hasn't been able to remove it from its server farms. There is the HAP switch you refer to but that only mostly disables features, not the whole thing. And HAP is only offered to government customers, not individuals.

    Unofficially some people have managed to gut the code in a way that lets the system post then causes IME to freeze but I wouldn't recommend flashing hacked firmware unless you don't mind bricking your system.

    The best we can do is continue to express our displeasure to Intel and/or switch to an AMD board since some of them allow AMD's AMT to be disabled.

    Further reading: https://en.wikipedia.org/wiki/Intel_Management_Engine
    As far as i know I.M.E. is A.M.T. still it's nice to get a reply, but i would have appreciated more help as this is an (Peg)Asus product were are talking about here.
    Fine this is pretty much what i expected. If i can't disable this myself with me_cleaner i guess i will just have to find a more secure platform.

  4. #4
    ROG Guru: White Belt Array jpmboy PC Specs
    jpmboy PC Specs
    MotherboardRampage VI Apex
    Processor7980XE
    Memory (part number)G.SKill 3600c15 (2x)2x8GB
    Graphics Card #1Titan V
    Graphics Card #2Titan V
    MonitorROG PG278Q
    Storage #1Intel 900P
    Storage #24TB Raid 10
    CPU CoolerCustom Water
    Power SupplyAX1500i
    Keyboard Ducky
    Mouse ROG Spatha
    Headset Ultimate Ears Custom IEMs
    OS Win 10/Win7 Pro
    jpmboy's Avatar
    Join Date
    Jun 2013
    Reputation
    10
    Posts
    118

    Quote Originally Posted by djck321 View Post
    As far as i know I.M.E. is A.M.T. still it's nice to get a reply, but i would have appreciated more help as this is an (Peg)Asus product were are talking about here.
    Fine this is pretty much what i expected. If i can't disable this myself with me_cleaner i guess i will just have to find a more secure platform.
    your concerns are likely misplaced, or worse misguided. If, as you say, you are running a gaming rig, then what security concern do you have? That said, disabling any "security" feature "with "holes" with the idea that doing so will increase security is quixotic. IME (and the microcode) run your machine. You can't uninstall it and expect it to "game" right.
    Besides, patches do address many "security" holes in these low-level codes, like specter and meltdown. Just search for the patches and install them if you must... but no one is really interested in breaking into a gaming rig. Too little (or nothing) to gain. ;p
    Last edited by jpmboy; 05-07-2019 at 01:24 AM.

  5. #5
    ROG 師傅 Array Arne Saknussemm PC Specs
    Arne Saknussemm PC Specs
    Laptop (Model)Laptop?...No way! (Model?...Jun Amaki...yes way!)
    MotherboardROG ZENITH EXTREME
    ProcessorTHREADRIPPER 1920X
    Memory (part number)F4-3200C14Q-32GVK
    Graphics Card #1GTX Titan X
    Graphics Card #2SLI is dead to me
    Graphics Card #3Tri SLI is even dead to Nvidia
    Graphics Card #4Quad SLI is dead to everybody especially my credit card
    Sound CardXonar Essence STX
    MonitorASUS ROG Swift PG279Q
    Storage #1Samsung 950 PRO
    Storage #22x OCZ VERTEX 3/2x WD Caviar Black 500GB / 2x WD RED 2TB
    CPU CoolerCustom Loop: Dual D5s, Dual Alphacool Monsta 480s, XSPC Raystorm Neo TR4, EK TitanX WaterBlock
    CaseNope!...Phobya Bench...let it all hang out man!
    Power SupplySeasonic SS-1200XP3
    Keyboard Logitech G810 or Fender Rhodes Electric Piano (MKI 73)
    Mouse G502 or Speedy Gonzalez...not Mickey...don't do Disney!
    Headset ...firmly on neck
    Mouse Pad Mouse don't got his own pad man...lives with me
    Headset/Speakers Edifier Spinnaker...or you mean the speakers in my head...man too many voices to name them all
    OS Win XP, 7, 8, 8.1 and Windows 10 Spyware Edition
    Network Router56k modem
    Accessory #1 Umm...nice tie?
    Accessory #2 Err...belt?
    Accessory #3 3 accessories?! I'm not a girl!!
    Arne Saknussemm's Avatar
    Join Date
    Apr 2012
    Reputation
    481
    Posts
    13,400


  6. #6
    TeamROG Moderator Array xeromist PC Specs
    xeromist PC Specs
    Laptop (Model)Dell Inspiron 15 7567
    MotherboardMSI x470 Gaming Plus
    ProcessorAMD 2600X
    Memory (part number)16GB Crucial Ballistix Elite 3600
    Graphics Card #1ASUS GTX 1080 Strix
    MonitorBenQ BL3200PT
    Storage #1Intel 600p NVMe
    CPU CoolerWraith
    Casecustom Antec 900
    Power SupplyCorsair HX1000
    Keyboard Logitech Orion Spark
    Mouse Logitech MX500
    Headset Plantronics 777 with Oregon Aero upgrade
    xeromist's Avatar
    Join Date
    Jul 2010
    Reputation
    294
    Posts
    7,412

    Quote Originally Posted by djck321 View Post
    As far as i know I.M.E. is A.M.T. still it's nice to get a reply, but i would have appreciated more help as this is an (Peg)Asus product were are talking about here.
    Fine this is pretty much what i expected. If i can't disable this myself with me_cleaner i guess i will just have to find a more secure platform.
    AMT is a set of features layered on top of IME. IME is integrated into the CPU and chipset. Not all systems have full AMT enabled but every recent Intel CPU and chipset has IME.

    It's an ASUS product you purchased, yes. But all of the hardware and code you are concerned about is created by Intel. Intel has to make the changes.

    Also, unfortunately this is not an official support channel. It's a place for customers to gather and discuss. Eventually some ASUS person may read your post but I doubt it will change much. Even if ASUS was willing to invest the resources into subverting IME it could have unintended consequences for the customers and would jeopardize its relationship with Intel.
    Last edited by xeromist; 05-07-2019 at 04:23 PM.
    * Support disease research with Folding@Home *

    < < < Click the drop-down above my avatar for my PC specs!

  7. #7
    New ROGer Array
    Join Date
    Apr 2019
    Reputation
    10
    Posts
    4

    I.m.e

    Quote Originally Posted by xeromist View Post
    AMT is a set of features layered on top of IME. IME is integrated into the CPU and chipset. Not all systems have full AMT enabled but every recent Intel CPU and chipset has IME.

    It's an ASUS product you purchased, yes. But all of the hardware and code you are concerned about is created by Intel. Intel has to make the changes.

    Also, unfortunately this is not an official support channel. It's a place for customers to gather and discuss. Eventually some ASUS person may read your post but I doubt it will change much. Even if ASUS was willing to invest the resources into subverting IME it could have unintended consequences for the customers and would jeopardize its relationship with Intel.
    Ok i get it, not a support channel, Fine. Wouldn't want to jeopardize its relationship with intel, Well what about it's customers and i don't just mean "government
    officials" ?! As for this only being a gaming rig, i don't just game on this system and gaming rigs tend to be more powerful anyway which in of itself is reason to buy
    it this way. And if security is not important why even lock your doors have a fence or a car alarm then, because you don't trust strangers that's why. I.M.E basically
    grants God mode administrative power to whom ever can access it and i don't just mean well meaning intelligence community operatives either. It's unfortunate
    but this sort of thing just makes a system more unstable and insecure i don't need to be a technologist to know and or realize this. Maybe Asus should begin
    to question whether it likes a "relationship" with a company like intel that does this sort of thing to it's business partners, like building backdoors into it's chip sets
    and then Asus ends up having to explain this sort of thing to its clients. There are other chip set makers out there are there not ? Not that Amd does much better
    with its P.S.P. Maybe eventually an arm based (risc) system with a Qualcom chipset might be the way to go, still it will need more muscle and maybe an x86 co-
    processor, but that is another story.

  8. #8
    ROG Guru: White Belt Array raju2529 PC Specs
    raju2529 PC Specs
    Laptop (Model)R542UQ-DM153 ( X542UQ.305 )
    MotherboardAsus motherboard
    ProcessorIntel core i5 7200u @2.5Ghz
    Memory (part number)Adata 2400 Mhz 16GB
    Graphics Card #1intel Hd 620 graphics 1GB DDR3
    Graphics Card #2Nvidia GeForce 940MX 2GB GDDR5
    Graphics Card #3nil
    Graphics Card #4nil
    Sound CardRealtek HD Audio controller with codec 294
    MonitorLcd monitor
    Storage #1Samsung 850 Evo 250GB SSD M.2. 2280
    Storage #2Seagate 2TB 2.5inch. Toshiba 1TB 2.5 inch
    CPU CoolerBuilt-in
    Casefrom factory
    Power Supply65W
    Keyboard Built in keyboard
    Mouse Built in mouse
    Headset Philips HeadSet
    Mouse Pad nil
    Headset/Speakers Realtek with ice sound
    OS Windows 10 Insider Preview 64bit 1903build no 18950.1001
    Network RouterBsnl Wi-Fi modem with router
    Accessory #1 Dell Mouse
    Accessory #2 Laptop Cooling table with fan
    Accessory #3 Secureye Usb finger print scanner

    Join Date
    Feb 2018
    Reputation
    10
    Posts
    122

    Just update the Intel Managemeent engine firmware and related interface driver for your Intel processor model .
    I have recently updated ME firmware 11.8.65.3590 and 1904.12.xxxx driver to intel i5 7200u processor.


    I think Disabling of intel ME is not possible in Bios.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •