Hacker News new | past | comments | ask | show | jobs | submit login

What if I like using the integrated NIC?



Just reboot after neutralization.

"With ME neutralized, the MEI interface disappears from the PCI bus, and the integrated NIC ceases to work, but will resume to work after a reboot."


The phrasing there is confusing. Does the NIC break because the ME is neutralized? Then rebooting again with the ME neutralized will break the NIC again.

Why would the NIC only break once after the ME is neutralized? The system is started from a fully powered-off state after the ME firmware is updated. Maybe the NIC has some sort of non-volatile state that gets updated when the ME fails to initialize, and then the NIC starts working again. That's the most complex explanation so I thought it unlikely, but I'm happy to hear more from someone who has actually neutralized their ME.


Check Federico's reply here https://www.coreboot.org/pipermail/coreboot/2016-November/08... tl;dr: power cycle (power off and then turn on, not just reboot) your PC after the ME neutralization.


It seems to be that the ME takes exclusive control of the NIC, and controls it.

After a reboot, the NIC starts without the ME ever taking control of it, so it works.


Apologies this is interpretation not actual experience, so grains of salt.

It's not strictly clear to me, but reading through what they're doing, the ME isn't re-engaged or its unclear how it recovers itself.

Unless the ME is operating with a recovery binary somewhere that isn't covered by Nicola's neutralizer and the subsequent flashing, I don't think it comes back in to normal operation.


This was confusing to me as well. I'm parsing this as the NIC doesn't work after a cold boot, but does after a warm boot.


Your interpretation is correct. I am going to fix this ambiguity.


Now the ambiguity get fixed, with YOUR words. English is not my mother tongue.


The NIC permits remote access to the Intel rootkit, you probably don't want to use the NIC.


If the solution to ME stealing my secrets is simply "don't plug in a network cable" then that's a lot simpler and I'm not going to bother with the potential brick making. Why go through all this and still not have a working computer?


Can you elaborate?


It is supposed to be used for corporate environments using Intel AMT for remote management.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: