From 320f18da095118368c5ebfb54bb915f9b81887b7 Mon Sep 17 00:00:00 2001
From: Francis Rowe
- The ME is a separate processor that exists in all Intel chipsets past the year ~2006, running its own embedded (and proprietary) operating system, referred to as the ME firmware in this article. It provides remote access capabilities, + The ME is a separate processor that exists in all Intel systems past the year ~2006, running its own embedded (and proprietary) operating system, referred to as the ME firmware in this article. It provides remote access capabilities, independently from the running operating system on the main CPU, with full access to RAM, and full networking support. With a functioning ME, your system is left wide open for attack. It can also phone home to Intel. It also handles the TPM, AMT (Active Management Technology), Boot Guard and various DRM mechanisms. @@ -127,10 +127,10 @@
The ME firmware is cryptographically signed, which means that you cannot run a modified version of it. You also can't boot without it. - On some older chipsets (ICH8 and ICH9), it's possible to remove the ME firmware and still have a functioning system, where + On some older systems (based on ICH8 and ICH9), it's possible to remove the ME firmware and still have a functioning system, where the ME itself is permanently deactivated. For instance, libreboot supports several ICH9 based laptops (e.g. Libreboot X200 and Libreboot T400); see ../docs/hcl/gm45_remove_me.html. - On later chipsets (basically anything produced since 2010), this is not possible. + On later systems (basically anything produced since 2010), this is not possible.
All modern Intel systems built after around the year 2008/2009 (after ICH9) require this proprietary firmware, and -- cgit v0.9.1