Difference between revisions of "Intel Management Engine"

From coreboot
Jump to: navigation, search
(Where)
(Where)
Line 49: Line 49:
 
| [[Board:google/butterfly| Google/HP Pavilion Chromebook 14]]
 
| [[Board:google/butterfly| Google/HP Pavilion Chromebook 14]]
 
|  
 
|  
| rowspan="2" | [https://en.wikipedia.org/wiki/Ivy_Bridge_%28microarchitecture%29 Ivy Bridge]
+
| rowspan="3" | [https://en.wikipedia.org/wiki/Ivy_Bridge_%28microarchitecture%29 Ivy Bridge]
| rowspan="2" |
+
| rowspan="3" |
| rowspan="2" | Inside the [https://en.wikipedia.org/wiki/Platform_Controller_Hub PCH]
+
| rowspan="3" | Inside the [https://en.wikipedia.org/wiki/Platform_Controller_Hub PCH]
| rowspan="2" |
+
| rowspan="3" |
 
* Has access to the memory
 
* Has access to the memory
 
* Controls the computer's original networking adapters  
 
* Controls the computer's original networking adapters  
| rowspan="2" |  
+
| rowspan="3" |  
 
* The ME firmware is signed.
 
* The ME firmware is signed.
 
|-
 
|-
| [[Board:google/link| Google Chromebook Pixel]]
+
| [[Board:google/link|Google Chromebook Pixel]]
 
| [http://review.coreboot.org/gitweb?p=blobs.git;a=tree;f=mainboard/google/link;h=ea8c42b0890aee9b2e20bd2c10edab547d4d69c5;hb=HEAD me.bin]
 
| [http://review.coreboot.org/gitweb?p=blobs.git;a=tree;f=mainboard/google/link;h=ea8c42b0890aee9b2e20bd2c10edab547d4d69c5;hb=HEAD me.bin]
 +
|-
 +
| [[Board:google/parrot|Google/Acer C7 Chromebook]
 +
| [http://review.coreboot.org/gitweb?p=blobs.git;a=tree;f=mainboard/google/parrot;h=880f5e52eadb1af9ab3cce568e70770682780383;hb=HEAD me.bin]
 
|}
 
|}
  

Revision as of 18:08, 13 August 2014

Uses of the Management Engine

The management engine(Often abreviated ME) is a CPU which permits Out of band management of the computer.

Freedom and security issues

  • The code that is running inside the management engine is proprietary and signed
  • The management engine CPU has access to a lot of things, see "ME physical capabilities" for more details.

Where

Board Firmware Microarchitecture Chipset ME location ME physical capabilities ME restrictions
Lenovo x201 AMT Nehalem Ibex Peak Inside the PCH
  • Has access to the memory
  • Controls the computer's original networking adapters
  • The ME firmware is signed.
Packard Bell EasyNote LM85 (MS2290)
Samsung Series 5 550 Chromebook me.bin Sandy Bridge Inside the PCH
  • Has access to the memory
  • Controls the computer's original networking adapters
  • The ME firmware is signed.
Samsung Series 3 Chromebox me.bin
Lenovo t520 AMT
Google/HP Pavilion Chromebook 14 Ivy Bridge Inside the PCH
  • Has access to the memory
  • Controls the computer's original networking adapters
  • The ME firmware is signed.
Google Chromebook Pixel me.bin
[[Board:google/parrot|Google/Acer C7 Chromebook] me.bin

Why there is no replacement for it yet

Firmware signature

RAM reagion is locked

See also