Linux computer vendor System76 announced this week that it will roll out a firmware update to disable Intel Management Engine on laptops sold in the past few years. Purism will also disable Intel Management Engine on computers it sells moving forward.
Those two computer companies are pretty small players in the multi-billion dollar PC industry. But it turns out one of the world’s largest PC companies is also offering customers the option of buying a computer with Intel Management Engine disabled.
At least three Dell computers can be configured with an “Intel vPro™ – ME Inoperable, Custom Order” option, although you’ll have to pay a little extra for those configurations.
Intel’s Management Engine is a hardware and software system designed to provide some remote management features. But it’s come under criticism from privacy advocates, security researchers, and the free and open source software community.
That’s because Intel Management Engine is basically a mystery. It’s software that runs independently of a computer’s operating system, which means that even if you wipe the OS, the Management Engine is still there. And there’s no good way to know what it’s doing.
The risks aren’t just theoretical – Intel recently acknowledged a security vulnerability affecting nearly every PC that shipped with a 6th, 7th, or 8th-gen Intel Core processor. While the company is working with PC makers to roll out updates to patch that vulnerability, it wouldn’t even exist if Intel hadn’t bundled a feature many users don’t need and won’t use with its latest chips.
While Intel doesn’t officially provide an option to disable its Management Engine, independent security researchers have discovered methods for doing that and we’re starting to see PC makers make use of those methods. I doubt this is something all PC vendors will do unless it’s proven that there’s great demand for this. But it’s not surprising that Dell is the first of the major PC makers to offer the option: Dell is also one of the few top PC companies that offers customers the option to configure some computers with Ubuntu Linux rather than Windows.
Dell.com
Here are the three Dell computers I could find that are available with Intel Management disabled. They’re all business-class portable computers with relatively high starting prices, and you’ll have to pay between $17 and $30 for the privilege of having the Intel Management Engine made “inoperable.”
via /r/LinuxHardware and Hacker News
Leave a Reply
9 Comments on "Dell also sells laptops with Intel Management Engine disabled"
That’s somewhat nice. Hopefully, Dell offers it for all their PCs and not make it an extra charge. That is, make the default “No Out-of-Band Systems Management” option be the one that disables ME. If a business actually wants ME, then they can pay for it.
….bad signs for Intel. Kind of makes their “vPro” a liability rather than a feature.
Congratulations, Dell!
TRied to buy Dell 5570 this evening. It is Windows or Windows only. No option of defeating IME offered. Keys are flat things, not a real keyboard. Again I will repair my T500 Thinkpad & continue. Other models with IME are offered with Ubuntu from early last year.
No, it is not. I went on the page and can confirm Ubuntu 14.04 was listed as an option. That is an LTS version, with support until 2019. Click more in the OS section and you will see it. Not to mention that, when you do get the machine, an upgrade to 16.04 is easy as cake.
Forgot this, but I also found the option to disable the IME, and that one wasn’t even hidden under anything. Notice the image in the post? There is a selection that reads “ME inoperable, custom order”. Do you want screenshots?
Very doubtful anyone can completely disable ME without having the full data sheet and external audit. Only solution is to disconnect USB physically like on @Orwlr
ME is done via NIC so just don’t use a wire and you should be fine.
I called Dell business sales and they had no clue what I was talking about.