Ajay
Lifer
- Jan 8, 2001
- 15,448
- 7,858
- 136
nopainnogain
Member
- Sep 13, 2016
- 76
- 29
- 61
nopainnogain
Member
- Sep 13, 2016
- 76
- 29
- 61
Never mind, I found the information:
The Intel Management Engine (ME) is a separate computing environment physically located in the MCH chip or PCH chip replacing ICH.
The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).
The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that can't be ignored.
ME firmware versions 6.0 and later, which are found on all systems with an Intel Core i3/i5/i7 CPU and a PCH, include "ME Ignition" firmware that performs some hardware initialization and power management. If the ME's boot ROM does not find in the SPI flash memory an ME firmware manifest with a valid Intel signature, the whole PC will shut down after 30 minutes.
Source: https://it.slashdot.org/comments.pl?sid=10717233&cid=54579757
The Intel Management Engine (ME) is a separate computing environment physically located in the MCH chip or PCH chip replacing ICH.
The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).
The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that can't be ignored.
ME firmware versions 6.0 and later, which are found on all systems with an Intel Core i3/i5/i7 CPU and a PCH, include "ME Ignition" firmware that performs some hardware initialization and power management. If the ME's boot ROM does not find in the SPI flash memory an ME firmware manifest with a valid Intel signature, the whole PC will shut down after 30 minutes.
Source: https://it.slashdot.org/comments.pl?sid=10717233&cid=54579757
Its debatable that this is a "back door". Depends on how tightly your tin foil cap is on
. Here is a tip: An easy way to find the specs on any Intel CPU is to do a google search on "ark" followed by your processor model. in your case that would be "ark i7-4771". This will get you a link directly to the spec sheet.In the case of IME, look in the Advanced Technologies section on the line: Intel vPro technology. If it says "yes" then you have this feature. Interestingly if you had the i7-4770K then it would be "No" . The "K" CPU's don't have it...I'm assuming that's because they are aimed at consumers/DIY'ers rather than businesses where vPro is actually intended.
Interestingly i3's seem to be "NO" though I only checked the i3-7100 and 7300. Likewise with the Pentium G. Also "U" CPU's such as my Lenovo X1 with an i5-7200U. Not even all desktop non-K CPU's have it. I checked the i5-7400 and its a no. But the i5-7500 is a "yes".
Anyway, I'm now board with this so anyone who wants to see the specs on their particular CPU can look for themselves.
nopainnogain
Member
- Sep 13, 2016
- 76
- 29
- 61
As I said, the i7-4771 is a "business model" processor.
I'm not concerned with the NSA (I mean, at an individual level), but with ramsonware and stuff like that.
I'm not concerned with the NSA (I mean, at an individual level), but with ramsonware and stuff like that.
cytg111
Lifer
- Mar 17, 2008
- 23,194
- 12,848
- 136
K may not support vpro but it still has the ME enabled... or it wouldnt boot (iirc).Its debatable that this is a "back door". Depends on how tightly your tin foil cap is on
In the case of IME, look in the Advanced Technologies section on the line: Intel vPro technology. If it says "yes" then you have this feature. Interestingly if you had the i7-4770K then it would be "No" . The "K" CPU's don't have it...I'm assuming that's because they are aimed at consumers/DIY'ers rather than businesses where vPro is actually intended.
Interestingly i3's seem to be "NO" though I only checked the i3-7100 and 7300. Likewise with the Pentium G. Also "U" CPU's such as my Lenovo X1 with an i5-7200U. Not even all desktop non-K CPU's have it. I checked the i5-7400 and its a no. But the i5-7500 is a "yes".
Anyway, I'm now board with this so anyone who wants to see the specs on their particular CPU can look for themselves.
ZGR
Platinum Member
- Oct 26, 2012
- 2,052
- 656
- 136
I have read rumors about Nehalem being able to disable ME and still function. Is this true?
edit: These guys plan on selling Skylake laptops with ME disabled:
https://puri.sm/learn/intel-me/
edit: These guys plan on selling Skylake laptops with ME disabled:
https://puri.sm/learn/intel-me/
Last edited:
coercitiv
Diamond Member
- Jan 24, 2014
- 6,196
- 11,889
- 136
kjboughton
Senior member
- Dec 19, 2007
- 330
- 118
- 116
I disagree, the i3/i5/i7 series are a Consumer line of processors. "Business" (or enterprise) series would be Xeon E3/E5/E7 or the newest Xeon Scalable Processor series.
kjboughton
Senior member
- Dec 19, 2007
- 330
- 118
- 116
I have done this modification to the BIOS for my ASUS Z10PE-D8 WS.... boots, runs, everything functional... see changes in thread linked below
Xref What controls Turbo Core in Xeons?
Xref What controls Turbo Core in Xeons?
Last edited:
nopainnogain
Member
- Sep 13, 2016
- 76
- 29
- 61
Think again. No "consumer" would need a resource like vPro, and not every business needs a Xeon cluster.
Intel® vPro™ Technology
kjboughton
Senior member
- Dec 19, 2007
- 330
- 118
- 116
Strawman... I never said Xeon cluster. There are plenty of single-CPU Xeon systems intended for professional use.
Looking forward to the talk, and possible BIOS updates to fix this.
BRB, I'll go take a sledgehammer to that G4560 rig I built at the start of the year.
Last edited:
nopainnogain
Member
- Sep 13, 2016
- 76
- 29
- 61
Pointless remark. As a matter of fact, I'm not interested in what you have to say. I already have provided a link that proves my point. Bye.
kjboughton
Senior member
- Dec 19, 2007
- 330
- 118
- 116
Well then; please allow me retort...
https://www.anandtech.com/show/11775/intel-launches-xeon-w-cpus-for-workstations
With this announcement, Intel also gave the image that now consumer and professional platforms were separate: no longer were Xeons welcome in consumer sockets. However as it turns out, this would not quite be the case.
Today Intel is taking the wraps off of their new Xeon-W family of processors, which will be their new brand for workstation-class processors. With the Xeon-W announcement today, Intel is bridging the gap between servers and consumer processors (in name at least) with a direct replacement for the old E5-1600 series, which will see Skylake-SP Xeons come to the LGA2066 socket with additional professional-level features in tow.
.....
With a complete division between consumer and enterprise, there was no way to bring features such as ECC and vPro down into more consumer friendly environments.
TL;DR
"Consumer" means i3/i5/i7
Professional/Business/Enterprise is Xeon
maybe you should take this up with Ian Cutress, current MB Editor for Anandtech
https://www.anandtech.com/show/11775/intel-launches-xeon-w-cpus-for-workstations
With this announcement, Intel also gave the image that now consumer and professional platforms were separate: no longer were Xeons welcome in consumer sockets. However as it turns out, this would not quite be the case.
Today Intel is taking the wraps off of their new Xeon-W family of processors, which will be their new brand for workstation-class processors. With the Xeon-W announcement today, Intel is bridging the gap between servers and consumer processors (in name at least) with a direct replacement for the old E5-1600 series, which will see Skylake-SP Xeons come to the LGA2066 socket with additional professional-level features in tow.
.....
With a complete division between consumer and enterprise, there was no way to bring features such as ECC and vPro down into more consumer friendly environments.
TL;DR
"Consumer" means i3/i5/i7
Professional/Business/Enterprise is Xeon
maybe you should take this up with Ian Cutress, current MB Editor for Anandtech
Last edited:
Just want to point out that ME or basically the ME functionality exists on all CPU's since Sandybridge. The difference is only in Vpro technology may or may not be disabled based on the chip you got. But much like PSP on Ryzen being on even if you didn't get a Ryzen Pro system, you have ME on even if Vpro isn't a feature of your chip.
nopainnogain
Member
- Sep 13, 2016
- 76
- 29
- 61
Science-fiction. A decision taken by Intel a few weeks ago does not modify (and could not modify) the characteristics of a processor (i7-4771) launched in Q3-2013.
Anyway, have you read what you wrote? If Intel is willing to separate "consumer and professional platforms", it's (obviously) because they were not clearly separated in the past (and are still not separated now).
Ask Ian Cutress if you have any doubt.
Anyway, have you read what you wrote? If Intel is willing to separate "consumer and professional platforms", it's (obviously) because they were not clearly separated in the past (and are still not separated now).
Ask Ian Cutress if you have any doubt.
TRENDING THREADS
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 10K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 7K
-
-
Facebook
Twitter