Has anyone tried using the TGL package from edk2-platforms?
edk2-platforms/Platform/Intel/TigerlakeOpenBoardPkg · GitHub
This does only apply to vPro CPUs, doesn’t it? The ones without vPro do not come with ME, right?
Every modern Intel CPU comes with ME. Period. Only older platforms lack Intel ME.
2 Likes
On the processor, yes, still come with ME.
On the system, up to the manufacturer to provide something like this:
https://www.dell.com/community/Latitude/What-is-quot-ME-Lockout-MOD-quot/td-p/7699939
For example, you can see it here:
2 Likes
@Second_Coming It can be disabled by flipping the HAP bit but not removed from what I understand. Good to know that other more mainstream manufacturers are offering that option, I wasn’t aware of that. I knew of a few niche manufacturers offering that but Dell is new to me.
1 Like
It’s mostly around using devices in government contracts and defense contracts. But now, you know, as a consumer, you can have that option to disable Intel ME.
Related:
…and with or without news like this, Lenovo could be ruled out. So that leaves Dell and HP really for most of the North America.
@Second_Coming I see no hard reason ruling out said chinese companies in this news. It seems like “we found nothing but it is from china so it is dangerous”, very common US hate to china.
It is unfortunate as Huawei has been making the best to-bussiness x86 ultrabooks as of 2022. And I think people in North America should worry more about the three-letter agencies rather than China trying to spy on them?
1 Like
No hard reason to rule out…but to some, it’s about taking the route with minimal risk…instead of waiting for an incident to occur. (Or take risks that can be managed)
Dell has actually had the ability to disable the ME for years.
Whenever I replace a motherboard, the first thing that comes up is a one-shot screen to set the service tag (serial number) to match the actual machine’s, several options for the ME, and sometimes a few other settings. There’s a sticker on (usually inside) the computer that indicates which ME option is appropriate.
(And yes, federal and some medical sites have it disabled.)
It’s not resettable once I’ve finished the replacement - if I get it wrong, the only option is to replace the motherboard again.
1 Like
Why restrict myself? The things that make it harder for the three letter agencies would undoubtedly make it more difficult for the Chinese or frankly anyone else from listening in on me. Although frankly the most common attack vector isn’t low-level firmware, it’s the web browser or other applications or even the OS. Those have much more surface area and are more universal than the ME.
Having said that, I’m under no illusions that if any nation-state wants my data, they’ll get it one way or another.
Speaking for myself here, I don’t hate the Chinese as a people. I am however exceedingly distrustful of any nation that manages to be more hostile to civil rights than my own. Don’t try and portray this as xenophobic because it simply isn’t. China has given plenty of cause for concern, just as much as the US has.
DoublePulsar
2 Likes
I wouldn’t trust any nation, Western or otherwise. They are all going full on authoritarian.
They’ve run the numbers. They know they have to get us all under control before we kick off.
1 Like
Yeah, comes down to which nation would you like to backup your data. 
1 Like
Let’s keep this on topic please.
7 Likes
Yea getting back to topic.
It is very good news that FW now runs on open source firmware. But IMO, as it is still on the proprietary BIOS, the benefit of an open ec has kinda been pulled back.
I read previously that FW has been working with coreboot for furture development, but no news since then and I am still eagerly expecting responses from the team.
It would only be a pure game-changer if FW finally implemented the coreboot together with openec as well as an option to neutralize/disable the intel me. With all these one can build a specifically strong and private hardware system, which has been one of the top concerns from many Linux users.
I cannot speak for others, but that combination has been the killing feature which I am waiting for before I can finally introduce and recommend FW to the other enthusiasts.
4 Likes
Would that require hardware changes? Or can this be simply done by flashing the BIOS with a new firmware?
You can check [RESPONDED] Coreboot on the Framework Laptop - #85 by junaruga to know the current situation about coreboot.
i thought a fuse gets blown means its no longer connected so wouldn’t it be refused?
1 Like
Think that depends on the implementation of the fuse. Some are resettable.