Intel AMT

8 respostas [Última entrada]
Davide0
Desconectado
Joined: 12/01/2015

Hello everyone, I'm trying to learn more informations about "Intel Active Management Technology". On Libreboot.org I found that this AMT is present on every computer from 2006 and no one can shut it off. On web I found different informations. In fact there is a method that can check if a computer has AMT and if it's activated. For exemple on lenovo x220 you can disable AMT through the BIOS (but I don't know if it's really disabled), and some other laptops don't even have AMT. Who can I trust?

vita_cell
Desconectado
Joined: 07/19/2015

It is easy, look. Coreboot or Libreboot, removes Intel's crap, ME/AMT. So, you get something blobless. On computers with intel's "i" series, AMT/ME can not to be removed (at least at this moment), but it can be neutralized. So yes you can run Coreboot on x220, but still the small non-free blob it is still on your computer running code, but neutralized (you need neutralized ME for not trigger the autoreboot after 30 minutes). No, you can not disable AMT/ME from proprietary BIOS. So sinse Intel's "i" series CPUs, you can not remove AMT/ME while having fully working computer (at this moment). You can not know what really does proprietary firmware.

Legimet
Desconectado
Joined: 12/10/2013

Unfortunately, ME can't be completely removed starting with Nehalem (2008/2009) unless you're OK with the computer shutting off after 30 minutes. But you can use a script called me_cleaner to remove as much of the ME as possible. I'm not brave enough to try it.

richardEU
Desconectado
Joined: 05/11/2017

With these more modern processors, is there a difference between the i3/5/7 in terms of bringing Libreboot to the X220? Will all the processors likely be suitable? Apologies if that is a daft question - I'm not particularly knowledgeable about processors.

vita_cell
Desconectado
Joined: 07/19/2015

i5-i7 CPUs are much powerful, cooler than Core2duo-Core2quad PCUs. So, yes i5-i7 worth the upgrade. Also these CPUs comes with decent integrated graphic chip, not shitty 4500mhd or 950gma.

If you use heavy software that uses much cores, more than 4, so yes i7 worth it, if you won't use more than 4 cores, go with i5, i7 it is not for you. maybe i3 it is not worth, 2 cores are a bit limited today.

richardEU
Desconectado
Joined: 05/11/2017

That is not what I asked. I am aware of performance difference.

I am asking, with specific regard to Libreboot, if there is likely to be variation in compatibility between the processor designs. For example, i3 being supported but not i5 or i7.

Legimet
Desconectado
Joined: 12/10/2013

It is impossible for all of the modern Intel processors. The ME is cryptographically signed, so there is no way to remove or replace it.

Davide0
Desconectado
Joined: 12/01/2015

Anyway not every computer has it, because some models don't have AMT/ME at all. In this case Libreboot shouldn't share inaccurate information, and also what does it mean that you can't turn it off? Because on Lenovo x220 you can disable AMT, but is it totally or partially disabled and how can you affirm that (anyone knows how hardware really works?)? Libreboot and also other sites should specify these issues, otherwise is not an objective information, is an useless alarm that seems useful only to sell Libreboot computers (on the other hand is true that not every BIOS is free, but this is another point).

Soon.to.be.Free
Desconectado
Joined: 07/03/2016

>Anyway not every computer has it, because some models don't >have AMT/ME at all. In this case Libreboot shouldn't share >inaccurate information,

What you say is correct, but Libreboot never seems to have claimed otherwise. Their FAQ, which I presume is what you are referencing, states in bold that the ME is "present on all Intel desktop, mobile (laptop), and server systems since mid 2006." This assertion does seem accurate.

>and also what does it mean that you can't turn it off?
>Because on Lenovo x220 you can disable AMT,

These are separate issues. The AMT can be turned off or not present at all (presuming Intel/OEMs are honest- see below), as is exemplified in a number of devices if I remember correctly. The ME, however, is a different kettle of colored horses. Their *are* no BIOS switches for this little beast, and only in the earliest models (pre-X220 for sure) can it be switched off or removed. Later models have a hard-coded check, which will switch off the device after 30 minutes if the ME is not found. It also performs some hardware-init stuff, I think, although that's only required at boot.

>but is it totally or partially disabled and how can you
>affirm that (anyone knows how hardware really works?)?

For the ME, I'm pretty sure the standard way to check is by removing all traces of the code from the flash chip- if the ME is still required, then it wouldn't work. For the AMT, I'm not quite so certain about the method- I'd imagine the best you can do is check if the AMT stops offering the services one would expect to (remote shutdown etc.). That said, this is just a total guess- the only one I can tell you about is the ME.

As regards how the hardware works, the basic idea is that the ME is a little chip embedded inside the main processor, which then has full control over the main processor. It reads from a flash chip, which is writable (the ME can update its OS). That's awfully vague, and probably about the extent of my knowledge, but it's the basic concept nonetheless.

>Libreboot and also other sites should specify these issues,
>otherwise is not an objective information, is an useless
>alarm that seems useful only to sell Libreboot computers

"Libreboot" doesn't make *any* profit from Libreboot computers to the best of my knowledge; Leah, the lead developer, does, but that is a secondary issue nonetheless. The primary concern is whether the description is accurate. In that regard, it is an excellent and comprehensive description of how the ME has developed as an obstruction to free computing over time. Your facts cited above are equally correct, certainly, but they're about the AMT. This is *not* the same as the ME, in that it can be avoided, often disabled (albeit through a proprietary BIOS) and perhaps might be considered a piece of software in its own right rather than just complex firmware.