me_cleaner icon indicating copy to clipboard operation
me_cleaner copied to clipboard

Published 20 hours ago verified publisher icon corna

my UEFI already has an option to disable ME. Does this make me_cleaner redundant?

Open KSPAtlas opened this issue 3 years ago • 6 comments

KSPAtlas avatar Aug 04 '21 22:08 KSPAtlas

Depends. me_cleaner can completely remove ME from your device, which is safer because it can't be re-enabled by a script or update later without you knowing. But completely removing ME might cause problems for your device.

You could try disabling in UEFI and then check the status of the ME regularly using the information in the wiki, just to make sure it's effective and stays disabled: https://github.com/corna/me_cleaner/wiki/Get-the-status-of-Intel-ME .

KSPAtlas:

ginto37 avatar Aug 20 '21 09:08 ginto37

Does this make me_cleaner redundant

How much do you trust your motherboard manufacturer? UEFI is already proprietary so there is no way to confirm what the disable ME option they provide actually does.

davidhealey avatar Sep 06 '21 13:09 davidhealey

Not even close, uefi is crap in general anyways...

Btw, without coreboot, I don't see the point of me cleaner, if the device is new enough, due to intel's evil ways, they might find a way to make it work again. Aka, the intel me. :(

FrostKnight avatar Feb 06 '22 07:02 FrostKnight

Not even close, uefi is crap in general anyways...

Btw, without coreboot, I don't see the point of me cleaner, if the device is new enough, due to intel's evil ways, they might find a way to make it work again. Aka, the intel me. :(

Its an Intel b75 motherboard with an Intel i7 2600. So not exactly new.

KSPAtlas avatar Feb 06 '22 08:02 KSPAtlas

Intel i7 2600

Hmm... are you talking about this one?

https://www.intel.com/content/www/us/en/products/sku/52213/intel-core-i72600-processor-8m-cache-up-to-3-80-ghz/specifications.html

I thought he must have meant one that was like gen 4 or higher...

Perhaps there is a purpose then...

Hmm...

Yeah, I don't see why it wouldn't be a good idea then.

I thought it must have had some irritating bootguard and proprietary graphics and sound blob requirements.

Yeah, it is worth it then. My bad...

Had no idea...

FrostKnight avatar Feb 06 '22 23:02 FrostKnight

I don't believe it does, but I guess it could vary depending on the implementation.

On the Dell Latitude 5591 I have (Coffee Lake), there's a EFI variable for disabling ME (can set with setup_var), but it doesn't do anything. Using me_cleaner to set the HAP bit does disable ME though.

Espionage724 avatar Jul 13 '23 17:07 Espionage724