Intel Management Engine

From coreboot
Revision as of 18:23, 13 August 2014 by GNUtoo (talk | contribs) (→‎Where)
Jump to navigation Jump to search

The wiki is being retired!

Documentation is now handled by the same processes we use for code: Add something to the Documentation/ directory in the coreboot repo, and it will be rendered to https://doc.coreboot.org/. Contributions welcome!

Uses of the Management Engine

The management engine(Often abreviated ME) is a CPU which permits Out of band management of the computer.

Freedom and security issues

  • The code that is running inside the management engine is proprietary and signed
  • The management engine CPU has access to a lot of things, see "ME physical capabilities" for more details.

Where

Board Firmware Microarchitecture ME location ME physical capabilities ME restrictions
Lenovo x201 AMT Nehalem Inside the PCH
  • Has access to the memory
  • Controls the computer's original networking adapters
  • The ME firmware is signed.
Packard Bell EasyNote LM85 (MS2290) AMT?
Samsung Series 5 550 Chromebook me.bin Sandy Bridge Inside the PCH
  • Has access to the memory
  • Controls the computer's original networking adapters
  • The ME firmware is signed.
Samsung Series 3 Chromebox me.bin
Lenovo t520 AMT
Google/HP Pavilion Chromebook 14 me.bin Ivy Bridge Inside the PCH
  • Has access to the memory
  • Controls the computer's original networking adapters
  • The ME firmware is signed.
Google Chromebook Pixel me.bin
Google/Acer C7 Chromebook me.bin
Google/Lenovo Thinkpad X131e Chromebook me.bin
Lenovo t530 AMT
Lenovo x230 AMT
Kotron KTQM77/mITX AMT?
Google/Acer C720 Chromebook ? Haswell Inside the PCH
  • Has access to the memory
  • Controls the computer's original networking adapters
  • The ME firmware is signed.
Google/HP Chromebook 14 ?

Why there is no replacement for it yet

Replacing the ME firmware is not that easy because:

  • Its firmware is signed
  • On recent chipset its RAM reagion is locked while it is allocated

Firmware signature

RAM reagion is locked

See also