Disable Intel’s Backdoor On Modern Hardware

While the Intel Management Engine (and, to a similar extent, the AMD Platform Security Processor) continues to plague modern computer processors with security risks, some small progress continues to be made for users who value security of the hardware and software they own. The latest venture in disabling the ME is an ASRock motherboard for 8th and 9th generation Intel chips. (There is also a link to a related Reddit post about this project).

First, a brief refresher: The ME is completely removable on some computers built before 2008, and can be partially disabled or deactivated on some computers built before around 2013. This doesn’t allow for many options for those of us who want modern hardware, but thanks to a small “exploit” of sorts, some modern chipsets are capable of turning the ME off. This is due to the US Government’s requirement that the ME be disabled for computers in sensitive applications, so Intel allows a certain undocumented bit, called the HAP bit, to be set which disables the ME. Researchers have been able to locate and manipulate this bit on this specific motherboard to disable the ME.

While this doesn’t completely remove the firmware, it does halt all execution of code in a way that is acceptable for a large governmental organization, so if you require both security and modern hardware this is one of the few ways to achieve that goal. There are other very limited options as well, but if you want to completely remove the ME even on old hardware the process itself is not as straightforward as you might imagine.

Header image: Fritzchens Fritz from Berlin / CC0

Hackaday Links: October 11, 2015

[Kratz] just turned into a rock hound and has a bunch of rocks from Montana that need tumbling. This requires a rock tumbler, and why build a rock tumbler when you can just rip apart an old inkjet printer? It’s one of those builds that document themselves, with the only other necessary parts being a Pizza Hut thermos from the 80s and a bunch of grit.

Boot a Raspberry Pi from a USB stick. You can’t actually do that. On every Raspberry Pi, there needs to be a boot partition on the SD card. However, there’s no limitation on where the OS resides,  and [Jonathan] has all the steps to replicate this build spelled out.

Some guys in Norway built a 3D printer controller based on the BeagleBone. The Replicape is now in its second hardware revision, and they’re doing some interesting things this time around. The stepper drivers are the ‘quiet’ Trinamic chips, and there’s support for inductive sensors, more fans, and servo control.

Looking for one of those ‘router chipsets on a single board’? Here you go. It’s the NixCoreX1, and it’s pretty much a small WiFi router on a single board.

[Mowry] designed a synthesizer. This synth has four-voice polyphony, 12 waveforms, ADSR envelopes, a rudimentary sequencer, and fits inside an Altoids tin. The software is based on The Synth, but [Mowry] did come up with a pretty cool project here.

SLI Anytime Anywhere

slin_b

SLI, for those who don’t know, is the process of taking two Nvidia graphics cards and allowing them to work in parallel to render to a single monitor. In theory this doubles the power, getting more FPS for video games. Great right? Except due to encryption, only a limited amount of motherboards can actually support SLI.

That is, until now. Russian hackers at xDevs discovered that the newer encryption is based around string identifiers. This can be modified within the operating system itself, so in theory any motherboard could work. Be wary, this could brick your system; but if successful, you’ll have more power without shelling out for an officially SLI supported motherboard.