Advice on how to disable Intel Management in BIOS

wpshooter

Golden Member
Mar 9, 2004
1,557
1
81
#1
Looking for advice on if it is possible and if so, how to disable the security threat posed by the Intel Management Engine and the included AMT features of the extended BIOS parameters which are included in the A17 version of BIOS of my Dell Optiplex model 980 desktop computer. Yes, I have talked to both Intel and Dell about this until I am blue in the face and neither of them can (or will) give me info on how to disable the potential security threat posed by the IME - see link.

Yes, A17 is the latest version of BIOS available for motherboard.

https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00086&languageid=en-fr

Thanks.
 

RLGL

Golden Member
Jan 8, 2013
1,429
32
106
#2
It will come as a BIOS update. Asus has already released it. Don't get your undies in a bundle about it, like lot of this security stuff it could happen but has not yet happened
 

wpshooter

Golden Member
Mar 9, 2004
1,557
1
81
#3
I understand that it "MAY, but may not" be eventually fixed but in the mean time if a user has any confidential info passing thru their system they are (even though it might be small) taking a risk
of that info being compromised.
 

vailr

Diamond Member
Oct 9, 1999
5,320
1
91
#4
Any security concerns with the Intel Management Engine should be resolved via a bios firmware update. The Spectre/Meltdown security concerns would also require a firmware update. So: check with Dell for a bios firmware update that is dated January 2018 or later, and then both security concerns would be resolved.
AFAIK, it's not really possible to simply "disable" the Intel ME feature.
 

UsandThem

Super Moderator
Super Moderator
May 4, 2000
10,808
553
136
#5
My Inspiron 7559 laptop received both a BIOS update and Intel ME update a few days ago. I was actually surprised how quickly they addressed it. Maybe yours will be coming soon?
 

wpshooter

Golden Member
Mar 9, 2004
1,557
1
81
#6
Any security concerns with the Intel Management Engine should be resolved via a bios firmware update. The Spectre/Meltdown security concerns would also require a firmware update. So: check with Dell for a bios firmware update that is dated January 2018 or later, and then both security concerns would be resolved.
AFAIK, it's not really possible to simply "disable" the Intel ME feature.
Wouldn't changing the default password plus changing (disabling) remote configuration parameter effectively cutoff outside access to the Intel Management Engine ? Thanks.
 
Last edited:

wpshooter

Golden Member
Mar 9, 2004
1,557
1
81
#7
My Inspiron 7559 laptop received both a BIOS update and Intel ME update a few days ago. I was actually surprised how quickly they addressed it. Maybe yours will be coming soon?
That's great for your 7559 Laptop which is on the SA-00086 listing but my Dell Desktop Optiplex model 980 is NOT on that listing, which makes me very dubious as to whether any attempt will be made to mitigate the Intel Management Engine security problem on it, i.e. anyone with a computer that although it is functioning just great otherwise but has a bit of age on it are going to be SOL. Thanks.
 

UsandThem

Super Moderator
Super Moderator
May 4, 2000
10,808
553
136
#8
That's great for your 7559 Laptop which is on the SA-00086 listing but my Dell Desktop Optiplex model 980 is NOT on that listing, which makes me very dubious as to whether any attempt will be made to mitigate the Intel Management Engine security problem on it, i.e. anyone with a computer that although it is functioning just great otherwise but has a bit of age on it are going to be SOL. Thanks.
Yeah, it's hit or miss for older systems, but my personal feeling this Intel security issue is so large and such bad press, Intel will be releasing security updates to older products. Obviously, with the size of the problem, they will be working their way back starting with the newer products and server/corporate customers.

From what I understand, the Microsoft and web browser patches will protect most "average joes" from most issues, so I wouldn't be worried. Heck, Asrock has provided no security updates yet to my Z270 Taichi motherboard.
 

vailr

Diamond Member
Oct 9, 1999
5,320
1
91
#9
Wouldn't changing the default password plus changing (disabling) remote configuration parameter effectively cutoff outside access to the Intel Management Engine ?
Intel's ME has 3 aspects: the ME firmware (a part of the motherboard bios firmware, which can be updated to cope with security concerns), the Windows device driver and the Intel ME interface software. The ME software is not required at all for non-corporate PC usage, so simply do not install the software, but leave only the Windows IME device driver installed.
 

UsandThem

Super Moderator
Super Moderator
May 4, 2000
10,808
553
136
#10
Nov 4, 2004
24,454
1,500
126
#11
I run two z170 boards from Asus, they released an unexplained patch in november
 

bbhaag

Diamond Member
Jul 2, 2011
4,194
84
126
#12
Correction: While checking where Intel was at on ME updates, I went here:

https://www.intel.com/content/www/us/en/support/articles/000025619/software.html

While the update didn't appear on the Z270 support/download page, it was available on a separate page on Asrock's site address this issue, so I went ahead and updated it.
Thanks for the link. I have an Asrock Z170 board and was watching the support page but like you nothing had appeared yet. I see that one is available through the link you provided though.
Since you have alreay updated your Z270 board have you noticed anything different? Any performance issues, slower boot times, or any other irregularities since the update?
 

UsandThem

Super Moderator
Super Moderator
May 4, 2000
10,808
553
136
#13
Thanks for the link. I have an Asrock Z170 board and was watching the support page but like you nothing had appeared yet. I see that one is available through the link you provided though.
Since you have alreay updated your Z270 board have you noticed anything different? Any performance issues, slower boot times, or any other irregularities since the update?
No, I haven't noticed any issues, and my system seems as fast as it was before, but I haven't run any synthetic benchmarks on it to see if there was a drop in performance. But "real life" performance seems the same.
 

bbhaag

Diamond Member
Jul 2, 2011
4,194
84
126
#14
Cool thanks for the feedback I appreciate it. One more question if ya don't mind. I see that there are two options for the update. One that does it through Windows and the other that uses a DOS bootable thumb drive. Which way did you do it?
 

UsandThem

Super Moderator
Super Moderator
May 4, 2000
10,808
553
136
#15
Cool thanks for the feedback I appreciate it. One more question if ya don't mind. I see that there are two options for the update. One that does it through Windows and the other that uses a DOS bootable thumb drive. Which way did you do it?
I did it through Windows.

Just be smarter than I was, and follow the directions unlike I did (double click the Windows batch file instead of the application). It didn't hurt anything, but I was like "why isn't this working?" ;)

 

bbhaag

Diamond Member
Jul 2, 2011
4,194
84
126
#16
I did it through Windows.

Just be smarter than I was, and follow the directions unlike I did (double click the Windows batch file instead of the application). It didn't hurt anything, but I was like "why isn't this working?" ;)

It's done and so far no performance issues just like you said. Thanks again I really do appreciate your advice and insight. Not just pertaining to this but with other questions I've had that you have helped answer.
 

UsandThem

Super Moderator
Super Moderator
May 4, 2000
10,808
553
136
#17
It's done and so far no performance issues just like you said. Thanks again I really do appreciate your advice and insight. Not just pertaining to this but with other questions I've had that you have helped answer.
Thank you and you are welcome.

It's always nice to get the extremely rare online thank you. :blush:
 

Nimbusnz

Junior Member
Jan 24, 2018
2
0
36
#18
I did the Asus ME update for Z170-P, and the result is 120 seconds wait for UEFI post.
Can't find a way to fix this. Asus suggested reflashing Bios to an older version... which I thought was pointless, but I tried it anyway. It was pointless lol.

Did anyone else have a similar issue?
 
Nov 4, 2004
24,454
1,500
126
#19
I haven't had that issue, two different z170 Asus boards. What BIOS level you at?
 

Nimbusnz

Junior Member
Jan 24, 2018
2
0
36
#20
Well, the ME update is a chipset update, the bios is unchanged, isnt it?
 

Similar threads



ASK THE COMMUNITY

TRENDING THREADS