System76 is one a handful of companies that sells computers that run Linux software out of the box. But like most PCs that have shipped with Intel’s Core processors in the past few years, System76 laptops include Intel’s Management Engine firmware.
Intel recently confirmed a major security vulnerability affecting those chips and it’s working with PC makers to patch that vulnerability.
But System76 is taking another approach: it’s going to roll out a firmware update for its recent laptops that disables the Intel Management Engine altogether.
Technically, that’s not something Intel wants you to do. Not only does the chip maker not tell you what’s in the code, but it doesn’t provide an off switch.
But independent researchers have recently discovered a way to disable the Intel Management Engine and companies including Google and Purism have already announced plans to do so.
What’s noteworthy in the System76 announcement is that the PC maker isn’t just planning to disable Intel ME in computers that ship from now on. The company will send out an update that disables it on existing computers with 6th, 7th, or 8th-gen Intel Core processors. System76 also notes that Intel ME “provides no functionality for System76 laptop customers and is safe to disable.”
Right now the firmware update will only be available for computers running Ubuntu 16.04 or later or a related operating system with the System76 driver. But the company says it’s working on developing a command line tool that should work on laptops running other GNU/Linux-based operating systems.
System76 says it will also release an update for its desktop computers… but on those machines the update will patch the security vulnerability rather than disabling Intel ME altogether.
via Hacker News