Linux laptop-flinger says bye-bye to buggy Intel Management Engine
Says 'disabling' the ME will reduce future vulnerabilities
In a slap to Intel, custom Linux computer seller System76 has said it will be "disabling" the Intel Management Engine in its laptops.
Last month, Chipzilla admitted the existence of firmware-level bugs in many of its processors that would allow hackers to spy on and meddle with computers.
One of the most important vulnerabilities is in the black box coprocessor – the Management Engine – which has its own CPU and operating system that has complete machine control. It's meant for letting network admins remotely log into servers and workstations to fix any problems (such as not being able to boot).
The bugs – as security researchers discovered – allow for installing rootkits and spyware on machines that could steal or tamper with information. So, perhaps unsurprisingly, several vendors – including Lenovo – have been quick to patch the bugs.
Denver, Colorado-based System76, meanwhile, appears to have limited the Management Engine.
In a blog post Thursday, the firm wrote: "System76 will automatically deliver updated firmware with a disabled ME on Intel 6th, 7th, and 8th Gen laptops. The ME provides no functionality for System76 laptop customers and is safe to disable."
It will apply to customers running Ubuntu 16.04 LTS, Ubuntu 17.04, Ubuntu 17.10, Pop!_OS17.10, or an Ubuntu derivative with the System76 driver installed.
Desktops are not affected by the ban – they'll just receive ME patches "as they are available".
The firm said the rollout would happen over time and customers will be notified by email prior to delivery.
"Disabling the ME will reduce future vulnerabilities and using our new firmware delivery infrastructure means future updates can rollout extremely fast and with a higher percentage of adoption (over listing affected models with links to firmware that most people don't install)."
System76 did, however, note that Intel has the power to change device function and not allow manufacturers and consumers to disable ME, so this may not last forever.
Intel has not responded to a request for comment. ®
Sponsored: Becoming a Pragmatic Security Leader