Path: ...!weretis.net!feeder9.news.weretis.net!panix!.POSTED.panix2.panix.com!panix2.panix.com!not-for-mail
From: kludge@panix.com (Scott Dorsey)
Newsgroups: comp.misc
Subject: Re: Security?  What "Security"?
Date: 12 Oct 2024 23:26:03 -0000
Organization: Former users of Netcom shell (1989-2000)
Lines: 29
Message-ID: <vef0ib$l58$1@panix2.panix.com>
References: <1r19ri6.xu1j411x9lob6N%snipeco.2@gmail.com> <vebe3v$3mu9k$1@dont-email.me> <pan$72f89$db3c5945$13a3a400$eb69ee3f@linux.rocks>
Injection-Info: reader1.panix.com; posting-host="panix2.panix.com:166.84.1.2";
	logging-data="5466"; mail-complaints-to="abuse@panix.com"
Bytes: 1659

Farley Flud  <ff@linux.rocks> wrote:
>On Fri, 11 Oct 2024 14:52:47 -0000 (UTC), John McCue wrote:
>
>> 
>> Well I would say Gordon could be correct.  I say that due to
>> Intel ME and probably AMD SE:
>> 
>
>The Intel ME can be disabled in the motherboard BIOS.  Whenever
>I build a new machine it is one of the first things that I
>disable.

No.  The interface that makes the ME visible to the operating system
can be disabled, but the ME is still down there doing whatever 
undocumented things it does.  If it wasn't, the processor would never
be able to load the microcode in the first place.

>Also, the Linux kernel can be configured and built without
>the MEI driver by disabling CONFIG_INTEL_MEI, which is located
>here:
>
>drivers/misc/mei

Yes, this keeps the operating system from being able to talk to the
ME... but it doesn't stop the ME from doing whatever it does.
--scott

-- 
"C'est un Nagra. C'est suisse, et tres, tres precis."