I’m hoping @[email protected] or @[email protected] chimes in. I have a couple System76 machines and I checked them both within Coreboot to verify the IME is disabled, and they both say that it is. My question is, I’ve been watching this post https://blog.system76.com/post/major-updates-for-system76-open-firmware-june-2023 where it says there were issues in the past with disabling the IME and that updates should be coming with Coreboot to ‘re-disable’ it. My question is, I’m now not sure if my IME’s are disabled or not since my firmware versions date back to 2022 or so which is apparently the latest for both (based on this: https://github.com/system76/firmware-open/blob/master/FEATURES.md). But, can I trust what Coreboot is saying that IME is actually disabled since there’s apparently a bug preventing the disablement?
deleted by creator
If that’s an indicator, I have no …/mei directory, so apparently IME is still active regardless of what Coreboot is telling me?
mei is the software interface to control ME, if the interface is missing Linux wasn’t able to detect ME, most likely because it’s not running.
Coreboot doesn’t really know if ME is running, it is probably just tell you if the HAP bit is set.
The way you disable ME is by setting a single bit in IFD region of the firmware ROM, this tells ME is disable itself once the boot sequence is completed. You can’t boot an Intel CPU without using ME, because BootGaurd needs ME to read the key fused into the PCH.