Disabling Intel backdoors on modern laptops
Although some companies are making progress with ARM, the desktop and laptop space is still dominated by x86 machines. For all their benefits, they have one glaring flaw for anyone concerned about privacy or security in the form of a hardware backdoor that can access virtually any part of the computer, even when powered off. AMD calls its system the Platform Security Processor (PSP) and Intel's is known as the Intel Management Engine (IME).
To completely disable these co-processors, a pre-2008 computer is required, but if you need more modern hardware than that which still respects your privacy and security concerns, you will need to either purchase a ARM device, or disable the IME as NovaCustom managed to do with its NS51 series laptop.
NovaCustom specializes in creating custom laptops with customizations for various components and specifications to suit their needs, including options for CPU, GPU, RAM, storage, keyboard layout and other considerations. They prefer Coreboot as a boot loader which already goes a long way in eliminating closed-source proprietary software at a fundamental level, but not all Coreboot machines have the IME completely disabled. There are two ways to do this, the HECI method which is better than nothing but not entirely reliable, and the HAP bit, which completely disables the IME. NovaCustom uses the HAP bit approach to disable the IME, which means that although it is not completely eliminated from the computer, it is disabled at least sufficiently for computers used by the NSA .
There are plenty of new computer manufacturers building conscientious hardware these days, but (with the notable exception of System76) the IME and PSP seem to be largely ignored by most computer companies, we we would otherwise expect to care about an option like this. This is certainly always a concern given how much power the IME and PSP have on their host computers, and we've seen even major manufacturers sometimes offer systems with the IME disabled. The only other options to fix this are based on specific motherboards for 8th and 9th gen Intel desktops, or you can roll back to 2008 hardware and install libreboot to eliminate, rather than disable, the IME.< /p>
Thanks to [Maik] for the tip!
Although some companies are making progress with ARM, the desktop and laptop space is still dominated by x86 machines. For all their benefits, they have one glaring flaw for anyone concerned about privacy or security in the form of a hardware backdoor that can access virtually any part of the computer, even when powered off. AMD calls its system the Platform Security Processor (PSP) and Intel's is known as the Intel Management Engine (IME).
To completely disable these co-processors, a pre-2008 computer is required, but if you need more modern hardware than that which still respects your privacy and security concerns, you will need to either purchase a ARM device, or disable the IME as NovaCustom managed to do with its NS51 series laptop.
NovaCustom specializes in creating custom laptops with customizations for various components and specifications to suit their needs, including options for CPU, GPU, RAM, storage, keyboard layout and other considerations. They prefer Coreboot as a boot loader which already goes a long way in eliminating closed-source proprietary software at a fundamental level, but not all Coreboot machines have the IME completely disabled. There are two ways to do this, the HECI method which is better than nothing but not entirely reliable, and the HAP bit, which completely disables the IME. NovaCustom uses the HAP bit approach to disable the IME, which means that although it is not completely eliminated from the computer, it is disabled at least sufficiently for computers used by the NSA .
There are plenty of new computer manufacturers building conscientious hardware these days, but (with the notable exception of System76) the IME and PSP seem to be largely ignored by most computer companies, we we would otherwise expect to care about an option like this. This is certainly always a concern given how much power the IME and PSP have on their host computers, and we've seen even major manufacturers sometimes offer systems with the IME disabled. The only other options to fix this are based on specific motherboards for 8th and 9th gen Intel desktops, or you can roll back to 2008 hardware and install libreboot to eliminate, rather than disable, the IME.< /p>
Thanks to [Maik] for the tip!
What's Your Reaction?
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
