Hi, I helped write me_cleaner specifically to remove the remaining huffman encoded modules such as its kernel and network stack. The truth is, nobody currently knows the consequences of writing 0xff over these specific regions, i.e., perhaps NSA still has a way to upload firmware updates through the ME bootloader when it is stuck in this mode. We simply don't know. But it is an important step forward in the process of removing the ME. I think Purism is inflating the news on this out of proportion to market their product. If Purism was truly interested in freedom they would have chosen a chipset such as Sandy/Ivy bridge which we have already working without any RAM initialization blobs. I did suggest this to them in the early days, but it seems Todd took my email and plagiarised it for their early marketing campaign. Overall I have not been impressed by Purism. My 2c, Damien On 16/06/17 15:45, Ben Finney wrote:
Howdy all,
(This is a few months old, but I haven't seen it discussed here.)
The Librem notebook computers from Purism are reportedly running with an *entirely quarantined* Intel Management Engine:
Bring out the Champagne! The ME is not only quarantined, it is now officially neutralized and the Librem remains working beyond the 30 minutes time limit that Intel had put in place!
[…] And so we removed plenty of stuff, but most importantly, we completely removed the ME kernel as well as the network stack.
<URL:https://puri.sm/posts/neutralizing-intel-management-engine-on-librem-laptops/>
They did this with the work that went into the ‘me_cleaner’ tool <URL:https://github.com/corna/me_cleaner>.
This is part of Purism's work to port Coreboot to their computers <URL:https://puri.sm/posts/librem-13-coreboot-report-february-25th-2017/>.
The Intel Management Engine is hostile to user freedom:
[…] there is a growing cryptographic bond between proprietary non-free signed binaries and the hardware that they run on. This bond renders it mathematically impossible to give each user control. Cryptography is superb when in the hands and control of each user, but it is nasty when it strips the users’ control.
[…] While finishing our first coreboot port, we have successfully neutralized the Intel ME thanks to the great work of the “me_cleaner” project, removing its kernel, network stack, and about 92% of the Intel ME binary. There remains a little over 7% before complete removal.