Linux laptop-flinger says bye-bye to buggy Intel Management Engine

'Disabling the ME will reduce future vulnerabilities'

Penguin, photo via Shutterstock

In a slap to Intel, custom Linux computer seller System76 has said it will be disabling the Intel Management Engine in its laptops.

Last month, Chipzilla admitted the existence of firmware-level bugs in many of its processors that would allow hackers to spy on and meddle with computers.

One of the most important vulnerabilities is in the black box coprocessor – the Management Engine – which has its own CPU and operating system that has complete machine control. It's meant for letting network admins remotely log into servers and workstations to fix any problems (such as not being able to boot).

The bugs – as security researchers discovered – allow for installing rootkits and spyware on machines that could steal or tamper with information. So, perhaps unsurprisingly, several vendors – including Lenovo – have been quick to patch the bugs.

Denver, Colorado-based System76, meanwhile, has just banned the Management Engine outright.

In a blog post Thursday, the firm wrote: "System76 will automatically deliver updated firmware with a disabled ME on Intel 6th, 7th, and 8th Gen laptops. The ME provides no functionality for System76 laptop customers and is safe to disable."

It will apply to customers running Ubuntu 16.04 LTS, Ubuntu 17.04, Ubuntu 17.10, Pop!_OS17.10, or an Ubuntu derivative with the System76 driver installed.

Desktops are not affected by the ban – they'll just receive ME patches "as they are available".

The firm said the rollout would happen over time and customers will be notified by email prior to delivery.

"Disabling the ME will reduce future vulnerabilities and using our new firmware delivery infrastructure means future updates can rollout extremely fast and with a higher percentage of adoption (over listing affected models with links to firmware that most people don't install)."

System76 did, however, note that Intel has the power to change device function and not allow manufacturers and consumers to disable ME, so this may not last forever.

Intel has not responded to a request for comment. ?


Biting the hand that feeds IT ? 1998–2017

                                    1. 3239961348 2018-02-21
                                    2. 8189611347 2018-02-21
                                    3. 1166571346 2018-02-21
                                    4. 905911345 2018-02-21
                                    5. 238301344 2018-02-21
                                    6. 9856121343 2018-02-21
                                    7. 7107891342 2018-02-21
                                    8. 616201341 2018-02-21
                                    9. 97671340 2018-02-21
                                    10. 7844621339 2018-02-21
                                    11. 9607131338 2018-02-21
                                    12. 3095441337 2018-02-21
                                    13. 9602111336 2018-02-21
                                    14. 5723751335 2018-02-21
                                    15. 1275371334 2018-02-21
                                    16. 8517591333 2018-02-21
                                    17. 230661332 2018-02-21
                                    18. 3311101331 2018-02-21
                                    19. 6181321330 2018-02-20
                                    20. 6139401329 2018-02-20