Can I please get an explanation of why Intel’s Management Engine is bad? From what I can understand, there are some useful properties to the ME. What am I losing and what am i gaining with a neutralized and disabled ME?
It’s fine if the explanation gets a bit technical, I don’t mind having to look up terms to grasp what you guys say
For a quick summary: Intel ME exists to allow remote management of systems at a low level, useful for large fleet deploys, ensuring secure (to Intel) firmware and boot images, and enforcing DRM. It is considered “bad” because it is a collection of closed-source programs always running on your computer at the lowest level with full access to everything. So any malicious code within it, or exploitable bugs within it can be used to gain access to your data, even if it’s encrypted on disk, even if it’s just sitting in memory, etc. and there is no way you can fix it other than hope Intel blesses you with an update that doesn’t contain more issues you’ll never know about because you can’t see the code.
For more detail: https://www.fsf.org/blogs/licensing/intel-me-and-why-we-should-get-rid-of-me
And detail how Purism is doing it’s best to remove it (disable it for now): https://puri.sm/posts/deep-dive-into-intel-me-disablement/
But it would be best if Intel would ship products with this as an option rather than forced.
In other words it exists so that your computer will do what Intel (or anyone else who controls th management engine) wants, not what you want.