System76 is one a handful of companies that sells computers that run Linux software out of the box. But like most PCs that have shipped with Intel’s Core processors in the past few years, System76 laptops include Intel’s Management Engine firmware.

Intel recently confirmed a major security vulnerability affecting those chips and it’s working with PC makers to patch that vulnerability.

But System76 is taking another approach: it’s going to roll out a firmware update for its recent laptops that disables the Intel Management Engine altogether.

Technically, that’s not something Intel wants you to do. Not only does the chip maker not tell you what’s in the code, but it doesn’t provide an off switch.

But independent researchers have recently discovered a way to disable the Intel Management Engine and companies including Google and Purism have already announced plans to do so.

What’s noteworthy in the System76 announcement is that the PC maker isn’t just planning to disable Intel ME in computers that ship from now on. The company will send out an update that disables it on existing computers with 6th, 7th, or 8th-gen Intel Core processors. System76 also notes that Intel ME “provides no functionality for System76 laptop customers and is safe to disable.”

Right now the firmware update will only be available for computers running Ubuntu 16.04 or later or a related operating system with the System76 driver. But the company says it’s working on developing a command line tool that should work on laptops running other GNU/Linux-based operating systems.

System76 says it will also release an update for its desktop computers… but on those machines the update will patch the security vulnerability rather than disabling Intel ME altogether.

via Hacker News



Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker and hate online shopping.

Contribute to our Patreon campaign

or...

Contribute via PayPal

3 replies on “System76 will disable Intel Management engine on its Linux laptops”

  1. Wow, I have to give props to System76. I’ve always built my own computers, but if I had to buy one, choosing someone upstanding like them is the way to go.

    1. I feel the same way. I am not in the market for a new computer but will definitely look at System76 when I am…even if they cost a bit more.

  2. That’s nice. Does System76 also provide AMD based PCs? If so, hopefully they can/will disable AMD’s equivalent Platform Security Processor/Secure Processor.

Comments are closed.