me_cleaner is a Python script able to modify an Intel ME firmware image with the final purpose of reducing its ability to interact with the system. In

Search code, repositories, users, issues, pull requests...

submited by
Style Pass
2024-12-14 06:00:05

me_cleaner is a Python script able to modify an Intel ME firmware image with the final purpose of reducing its ability to interact with the system.

Intel ME is a co-processor integrated in all post-2006 Intel boards, which is the base hardware for many Intel features like Intel AMT, Intel Boot Guard, Intel PAVP and many others. To provide such features, it requires full access to the system, including memory (through DMA) and network access (transparent to the user).

Unlike many other firmware components, the Intel ME firmware can't be neither disabled nor reimplemented, as it is tightly integrated in the boot process and it is signed.

This poses an issue both to the free firmware implementations like coreboot, which are forced to rely on a proprietary, obscure and always-on blob, and to the privacy-aware users, who are reasonably worried about such firmware, running on the lowest privilege ring on x86.

Before Nehalem (ME version 6, 2008/2009) the ME firmware could be removed completely from the flash chip by setting a couple of bits inside the flash descriptor, effectively disabling it.

Leave a Comment