LINUX PC FLOGGER System76 has announced that it’ll be disabling Intel’s flawed Management Engine on all its laptops.
Earlier this month, Intel posted a security advisory warning manufacturers and users of its Management Engine of a number of firmware-level vulnerabilities and bugs found, which were also present in its Server Platform Services and the Trusted Execution Engine.
Security researchers warned that cybercriminals can cause instability with complete system crashes by exploiting the management engine, noting that they’ve also found a way to “impersonate” the engine and, in the process, kill existing PC security mechanisms.
Rather than patching the bugs, System76 has announced that it’ll be ridding of the firmware altogether.
“System76 will automatically deliver updated firmware with a disabled ME on Intel 6th, 7th, and 8th Gen laptops. The ME provides no functionality for System76 laptop customers and is safe to disable,” the firm said in a blog post this week.
The firmware will hit laptops running Ubuntu 16.04 LTS, Ubuntu 17.04, Ubuntu 17.10, Pop!_OS 17.10, but System76 warns that the rollout will take time as “there is a significant amount of testing and validation necessary before delivering the updated firmware and disabled ME
“Disabling the ME will reduce future vulnerabilities and using our new firmware delivery infrastructure means future updates can rollout extremely fast and with a higher percentage of adoption (over listing affected models with links to firmware that most people don’t install),” it added.
System76 desktop PCs won’t be affected, and the firm says that they will instead receive patches “as they are available”.
System76’s Intel ME ban comes just months after Purism, another Linux hardware flogger, also announced plans to disable the flawed firmware.
The company’s line of Librem laptops, which run flexible open-source firmware Coreboot, are now running with Intel’s management service completely disabled.
Zlatan Todoric, chief technology officer of Purism, said at the time: “Purism Librem laptops were already the most secure current Intel-based computers available on the market today, but disabling the management engine solidifies that statement clearly.” µ
Source : Inquirer