Librem 14's ME disabled but not neutralized

Yeah, the real risk of bricking comes when you are playing around with creating your own version of the firmware, or using firmware from untrusted sources.

1 Like

The other risk is applying the firmware for one model/version to another model/version. I think the firmware upgrade script tries to stop you doing that but …

Actually, the EC is the priority… better to have rgb than neutralization. I’m not happy with that since that’s not my priority nor the reason why i decided to buy a librem instead of other brand… security is my number one priority and rgb is completely accessories.

What about Librem Mini v1 (with Intel Core i7-8565U CPU) - it has disabled and neutralized or just disabled Intel ME?

Also, maybe will be safer to use AMD Ryzen processors instead of Intel processors? Or AMD processors also have backdoors?

AMD systems have a similar thing to the ME, it’s called the PSP. It’s worse than the ME in a way because we know almost nothing about what it does, at least with the ME we have some understanding of it.

Not quite true, in the last couple of years there was quite detailed dissection of psp. The problem with psp is just that it’s fully signed so you cannot tamper with it (eg neutralize) as it would change signature. But you can still read it for offline analysis and tamper with runtime.


just disabled

1 Like

Okey’s who’s gonna bet with me, that I recieve one ping packet, and that management engine from intel is going to rebounce to main loop again?

Network card is from intel? How do you want to disable it?

Abandon intel developement while it’s time, and go workstation AMD processors.
Or ARM based notebook.

Since you can’t disable it and you can’t trust it … you don’t connect it i.e. no network cable connected to the wired network usable via the humunculus CPU (aka the Intel ME), or indeed not even connected internally. Not much is exfiltrated via ethernet when it’s not connected. (Probably different on the L14 c.f. the L13 and L15 but the idea is the same.)

The built-in WiFi in more recent Intel CPUs is more of a worry, albeit not quite a 100% problem yet.

Abandon x86. At the current time, neither of them allows you to build a fully satisfactory computer.


abandon SHIP !!! what ? abandon x86 ? what madness is this ?

I just got a mini desktop ( not a NUC ) with an AMD Ryzen 5 cpu and 16gb ram. What qualifies as a fully satisfactory computer?

Ryzen has the PSP, which functions like the Intel ME, but it can’t be disabled, so it is actually worse than the ME from our perspective.

It can run on 100% free/open source software, like the RaptorCS computers using POWER9 processors. The MNT Reform is pretty close, but it requires a small blob for the DDR timing. Olimex and Pine64 also sell some models that are close to the ideal.

1 Like

What a downer. Just when you think you’re starting to get free. It has Mint 20.1 Cinnamon on it. Does that help?

Forgot to ask but what is the PSP?

Like this one Amos?

So, POWER9 processors don’t have backdoors, like Intel ME and AMD PSP?


POWER9 processors don’t have anything like the ME and PSP, but a lot of software hasn’t been compiled for the POWER ISA architecture. Don’t expect to have an up-to-date web browser. I might consider buying a RaptorCS Talos II system for a server, but I don’t think I’d consider it for a personal computer. Honestly, the MNT Reform, OLIMEX TERES I and PINE64 PineBook Pro all look like better choices for most people, and they all publish their schematics, but they are underpowered compared to a standard x86 laptop.


maybe so but even if that AMD APU of yours has the PSP enabled it still has out-of-the-box support for the linux-kernel-amd-iGPU-driver (NOT libre and GNU yet but still open-source enough to just-work)

imo if you are running a GNU/Linux distribution that has support for that APU (debian+non-free/ubuntu/mint/popOS/arch/gentoo/etc.) it’s still better than any M$0S variant.