search

corna / me_cleaner

Tool for partial deblobbing of Intel ME/TXE firmware images
GNU General Public License v3.0
4.42k stars 275 forks source link

any known me_cleaner forks that works on a 8th gen Xeon cpu ? #374

Open candicewithassburgers opened 2 years ago

candicewithassburgers commented 2 years ago

any known me_cleaner forks that will work on intel xeon E-2288G ? i known that dt-zero/me_cleaner has worked on a 9th gen i9 (dont know if its desktop or laptop)

portellam commented 2 years ago

any known me_cleaner forks that will work on intel xeon E-2288G ? i known that dt-zero/me_cleaner has worked on a 9th gen i9 (dont know if its desktop or laptop)

I understand why you want to make a new issue request, understand you are the focus, not others, and the issue should stay on topic. Have you tried running dt-zero/me_cleaner on a Desktop 9th Gen i9, for the first time already? Please don't get ahead of yourself. As for

desktop or laptop

I just don't care to share my personal hardware information, I thought that would be obvious. Yes I run on Desktop. I've had success with earlier gen Intel desktops with corna and dt-zero.

I know E5-2000 v3 (?) series CPUs on Chinese X99 motherboards work with dt-zero. However, certain brands like HP or SuperMicro may NOT support BIOS modding. You can check Miyconst's channel on YouTube for more on BIOS modding that platform. YMMV.

candicewithassburgers commented 2 years ago

i cant use dtzero/me_cleaner on a 9th gen intel i9 because well , i dont have one i am planning to buy a new set up soon that why i am asking anyone if it will work because i dont want to waste the money i have spent for a long time on another bloated backdoor infested hardware

the company 9elements managed to install coreboot on a supermicro x11sch-f with a intel xeon e2276g (just 1 level below 2288g) https://review.coreboot.org/c/coreboot/+/37441 https://9esec.io/blog/next-generation-coreboot-server-platform/

i was just wondering if anyone has managed to disable intel-ME on an intel xeon because from what i can find , the x11sch-f is the newest(and possibly only) motherboard that supports both coreboot and both 9 and 8 th gen intel

the only alternative to this is going 7th gen because disabled me with propiatery firmware is useless since there are may be(and probably are) backdoors in firmware

portellam commented 2 years ago

lol Good luck.

root-hardenedvault commented 2 years ago

There are a few options and one is worth to try is that replace SPS with some CSME extracted by KabyLake/CoffeeLake fw, which can be neutralized by me_cleaner. We've done the similar things during writing the report (What every CISO and security engineer should know about Intel CSME) last year.