Purism Is Offering Laptops with Intel’s Management Engine Disabled

[Megalith]

Purism is offering its Librem 13 (US$1,399+, Core i7-6500U) and Librem 15 (US $1,599+, Core i7-6500U) laptops with Intel’s Management Engine turned off, which they accomplish by running open-source coreboot firmware and utilizing recent findings published by Positive Technologies. The Librem laptops also feature physical switches that electrically disconnect the microphone and webcam, and Wi-Fi and Bluetooth hardware, from the rest of the computer as a privacy defense.

Intel’s Management Engine is widely despised by security professionals and privacy advocates because it relies on signed and secret Intel code, isn't easily alterable, isn't fully documented, and has been found to be vulnerable to exploitation, though the Active Management (AMT) module in recent Management Engines. In short, it's a tiny potentially hackable computer in your computer that you cannot totally control, nor opt-out of, but it can totally control your system.

 

[Emission]

IIRC you can "disable" it in the BIOS but that doesn't mean anything. We can hope that this "undocumented killswitch hack" will have some kind of effect, but the pessimist in me doubts it.

 

[Vaulter98c]

I like the physical switches ideas, good to see at least one option out there trying to do best by the customer

 

[Deleted member 93354]

IME is disturbing. But to take advantage of it, you have to compromise the machine in other ways first.

 

[Frobozz]

IME is disturbing. But to take advantage of it, you have to compromise the machine in other ways first.

I thought it was flapping in the wind due to CVE-2017-5689. Also, because of what and where it is in the computing stack, I don't think most user with the feature would know they should go apply an update. It's in the same bucket as doing BIOS updates.

And that's only if your vendor was nice enough to issue an update.

 

[nutzo]

Why don't laptop builders put a simple slide cover over the camera?
It usually costs me more to special order a laptop WITHOUT a webcam, than to accept the standard build with the webcam.
Most my users end up putting a sticker over the webcam, but it would look a lot better if there was a built in cover.

 

[martinmsj]

I never heard of this. Looking at their website, I'm intrigued by their 13 in. I like that you can download their PureOS. I would certainly need to do that for evaluating the OS for development. I'm just not sure about the keyboard.

I would need to sit down and type on one before I consider it.

 

[swatbat]

IIRC you can "disable" it in the BIOS but that doesn't mean anything. We can hope that this "undocumented killswitch hack" will have some kind of effect, but the pessimist in me doubts it.

My understanding it was added by request of the US government(nsa), or at least that is what people think happened. They didn't want it enabled on their machines, just everyone else. So yea it does seem like it will actually disable it. This kill switch has been talked about a few times.

I guess the question is if intel cares or if they will change the way to disable it so that only governments known about it again.