Douglas Crawford

Douglas Crawford

January 4, 2017

Every modern processor made by Intel contains a backdoor known as the Intel Management Engine (IME). This is an isolated and protected coprocessor that is embedded in all Intel chipsets that are newer than June 2006.

This includes all desktops, servers, ultrabooks, tablets, and laptops with the Intel Core vPro processor family. It includes the Intel Core i3, i5, i7, and Intel Xeon processor E3-1200 product family.

The Intel Management Engine is Really Rather Scary

This closed source non-auditable subsystem can:

  • Access all areas of your computer’s memory, without the CPU’s knowledge.
  • Access every peripheral attached to your computer.
  • Set up a TCP/IP server on your network interface that can send and receive traffic, regardless of whether the OS is running a firewall or not.
  • Run remotely even when your computer is turned off.
  • Enable a remote user to power on, power off, view information about, and otherwise manage your PC.
  • ME firmware versions 4.0 and later (Intel 4 Series and later chipsets) include a DRM application called “Protected Audio Video Path” (PAVP). This allows a remote user to access everything that is shown on your screen.

If your PC uses an Intel chip, then it does not matter which operating system you run. As Brian Benchoff notes in a Hackady blog post,

Own the ME and you own the computer.”

Terrifying as this all is, it gets worse. The AMT application (see below) has known vulnerabilities, which have already been exploited to develop rootkits and keyloggers, and to covertly gain encrypted access to the management features of a PC. As Libreboot notes in its FAQ,

“In summary, the Intel Management Engine and its applications are a backdoor with total access to and control over the rest of the PC. The ME is a threat to freedom, security, and privacy, and the libreboot project strongly recommends avoiding it entirely.

Until now, the only way to do this has been to avoid all generations of Intel hardware newer than ten years old! Unfortunately, opting to use a non-Intel processor does not get you very far…

Non-Intel Chips are Not Safe Either!

All post-2013 AMD chips contain a Platform Security Processor (PSP). Implementation of this is very different from that of Intel’s IME, but it does a very similar thing. It also comes with all of the same basic security and freedom issues as the IM.

Android and iOS devices, on the other hand, all ship with an integrated proprietary chip known as a baseband processor. It is well known in security circles that this can effectively act as a backdoor

So What Exactly is the Intel Management Engine?

The IME is the hardware component of Intel’s Active Management Technology (AMT). It is designed to allow system administrators to remote-access PCs in order to monitor, maintain, update, upgrade, and repair them.

Intel Management Engine (IME)

Other than its capabilities, very little is known about the IME. This is thanks to the fact that it is closed source and secured with an RSA-2048 key. As previously noted, the AMT application has known vulnerabilities, although the IME hardware component remains secure… for now. As Benchoff notes,

There are no known vulnerabilities in the ME to exploit right now: we’re all locked out of the ME. But that is security through obscurity. Once the ME falls, everything with an Intel chip will fall. It is, by far, the scariest security threat today, and it’s one that’s made even worse by our own ignorance of how the ME works.”

With regard to criminal hackers, it is very much a case of when, not if the hardware is cracked. Furthermore, criminal hackers are only one threat to be concerned about.

System administrators gain access to AMT features using cryptographic keys. These could be stolen or handed over to the authorities on receipt of a subpoena, court order, national security letter, or suchlike.

Indeed, given what we know about its close connections with the US technology industry, it would be fair to assume that Intel has simply provided the NSA with the certificates and cryptographic keys necessary to access any and every chip it produces. Again, this is very scary!

How Do I Disable the IM?

Until very recently, it has been impossible to disable the IM on most systems that the use Intel Core 2 series of Intel chips or newer (2006 and onwards). Any attempt to disable the ME firmware on a chip that includes the IME would result in the system refusing to boot or shutting down shortly after booting.

A technique was developed for removing the ME from GM45 chipsets (Core 2 Duo, Core 2 Extreme, Celeron M). It worked, however, because the ME was located on a chip separate from the northbridge.

This technique does not work for Core i3/i5/i7 processors, as the ME is integrated to the northbridge. It is possible to disable key parts of the ME on these chips, but this has always resulted in the PC shutting down after 30 minutes, when the ME’s boot ROM (stored in an SPI Flash) failed to find a valid Intel signature.

Just recently, however, researcher Trammell Hudson found that if he erased the first page of the ME region (i.e. ‘the first 4KB of its region (0x3000, starts with “$FPT”‘) of his ThinkPad x230, it did not shut down after 30 minutes.

This discovery led other researchers (Nicola Corna and Frederico Amedeo Izzo) to write a script that takes advantage of this exploit. Note that this script does not completely remove the ME per se, but it does in practical terms disable it. Benchoff observes,

Effectively, ME still thinks it’s running, but it doesn’t actually do anything.”

The script is known to work on Sandy Bridge and Ivy Bridge processors, and should work on Skylake processors. It may work and Haswell and Broadwell processors, but this has not been tested.

Removing the Intel Management Engibe

Unfortunately, using this script requires serious tech chops. It requires the use of a Beaglebone, an SOIC-8 chip clip, and some loose wires. It also requires a lot of nerve, as there is a serious risk of bricking your processor!

Nevertheless, this is an important development that allows those determined enough to (effectively) remove the backdoor that exists in pretty much every modern processor.

Douglas Crawford
January 4th, 2017

I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. You can now follow me on Twitter - @douglasjcrawf.

11 responses to “The Intel Management Engine – a Privacy Nightmare

  1. Intel management, the greatest security threat of the modern age; 99.99999% of intel users do not want nor use the backdoor functions it offers, yet they exist by default and only the NSA has been given the green light to turn it off. I doubt nuclear facility personnel are going sit around waiting for the next AMT patch from Intel while their reactors are on the verge of full meltdown. (No wonder Samsung just surpassed Intel as the #1 chip manufacturer) The only real solution is prevention, releasing firmware that allows the remote function of ME to be disabled completely, and ensuring all future releases of Intel chipsets have the option available to disable it.

    Most of Intel ME’s functionality is deeply integrated into remote desktop, terminal services, and terminal server. I have located and disabled all the software level vectors of control Intel ME has over a live windows session. Disabling these should neuter AMT’s functionality interfacing with a live windows OS, though it doesn’t stop AMT at the hardware level. Hackers were still able to disable my network card from connecting to the internet in linux, including live distros. Never had this problem in 10 years, until I started gutting Intel ME from my system. I’ll need an aftermarket network card to fix that.

    The Intel ME Gigabit Network Connection identifies out-of-band (OOB) network traffic (traffic targeted to Intel AMT) and routes it to the Intel ME instead of to the CPU. Intel AMT traffic is identified by dedicated IANA-registered port numbers.

    Viable Solutions? 1. Unplug your computer from the internet and lan. 2. Disable ME, flip the hap bit. 3. Use an after market network and wifi card; 4. Block incoming/outgoing ports via router associated with Intel Management OOB; 16992, 16993, 16994, 16995, 623, 644

    Are separate Intel gigabit NIC cards a solution to AMT vulnerability?
    https://communities.intel.com/thread/114211 “Please note that depending on configuration Intel AMT when configured may receive messages over other than AMT interfaces when OS is running. So local vulnerability shall be disabled by blocking LMS services” AKA, even if you have an after market network card… if they have access to your OS, hackers might be able to reprogram the ME or plant a rootkit inside the ME or “Intel Firmware hub” that can bridge your NIC.

    Neutering Intel ME at the Software level: Disable Remote Desktop, Terminal Services, Terminal Server, and low level redirectors; This info I’m deriving from Windows 7 SP1 64; though be sure to check if you have the same or similar services. Soon I’ll post automated files to disable all of these services in one felt swoop.

    Create a system restore point before proceeding.
    dword:000000*
    To disable * = 4

    0 Boot
    1 system
    2 Automatic
    3 Demand (starts on demand by given service command or whatever)
    4 Disabled

    You can restore Intel management, the greatest security threat of the modern age; 99.99999% of windows users do not want nor use the backdoor functions it offers, yet they exist by default and only the NSA has been given the green light to turn them off. I doubt nuclear facility workers are going sit around waiting for the next AMT patch from Intel while their reactors are on the verge of full meltdown. The only real solution is prevention, releasing firmware that allows the remote function of ME to be disabled completely.

    Most of Intel ME’s functionality is deeply integrated into remote desktop, terminal services, and terminal server. I have located and disabled all the software level vectors of control Intel ME has over a live windows session. Disabling these should neuter AMT’s functionality interfacing with a live windows OS, though it doesn’t stop AMT at the hardware level. Hackers were still able to disable my network card from connecting to the internet in linux, including live distros. Never had this problem in 10 years, until I started gutting Intel ME from my system. I’ll need an aftermarket network card to fix that.

    Viable Solutions? 1. Unplug your computer from the internet and lan. 2. Disable ME, flip the hap bit. 3. Use an after market network and wifi card; 4. Block incoming/outgoing ports via router associated with Intel Management OOBE; 16992, 16993, 16994, 16995, 623, 644

    Are separate Intel gigabit NIC cards a solution to AMT vulnerability?
    https://communities.intel.com/thread/114211 “Please note that depending on configuration Intel AMT when configured may receive messages over other than AMT interfaces when OS is running. So local vulnerability shall be disabled by blocking LMS services” AKA, even if you have an after market network card… if they have access to your OS, hackers might be able to reprogram the ME or plant a rootkit inside the ME or “Intel Firmware hub” that can bridge your NIC.

    Neutering Intel ME at the Software level: Disable Remote Desktop, Terminal Services, Terminal Server, and low level redirectors; This info I’m deriving from Windows 7 SP1 64; though be sure to check if you have the same or similar services. Soon I’ll post automated files to disable all of these services in one felt swoop.

    Some of these are visible in device manager if you show hidden devices, but many are not. Create a system restore point before proceeding.
    dword:000000*
    To disable * = 4

    0 Boot
    1 system
    2 Automatic
    3 Demand (on demand by given service command or whatever)
    4 Disabled

    Here is a list of drivers and services associated with Intel ME’s remote functionality:

    Remote Desktop Device Redirector Bus Driver. Bus = hardwired, hardware level traffic lane. Remote access. Redirector = remaps/hooks live O/S ports for remote access at the sub system level (ME). These are Intel Management / AMD PSP hardware drivers. Re-read this till it sinks in.
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdpbus]
    “Start”=dword:00000004

    Look out for, “redirectors” What is a Network Redirector?

    A network redirector consists of software components installed on a client computer that is used for accessing files and other resources (printers and plotters, for example) on a remote system. The network redirector software creates the appearance on the client system that remote files and resources are the same as local files and resources and allows them to be used and manipulated in the same ways. The network redirector tries to make access to remote resources as transparent as possible for the local client application. This is AMT’s specialty.

    RAS ASYNC ADAPTER, MS Remote Access serial network driver; AMT Feature: Serial over LAN for Remote Control) Intel Management Serial over lan demonstration by intel: https://www.youtube.com/watch?v=8vmG6rFd_BM
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asyncmac]
    “Start”=dword:00000004

    Remote Desktop Services UserMode Port redirector
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UmRdpService]
    “start”=dword:00000004

    Terminal Server (2006) Device Redirector Driver aka Remote desktop device redirector
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPDR]
    “Start”=dword:00000004

    The Redirected Drive Buffering SubSystem, sounds innocent enough, doesn’t it? RDBSS
    https://docs.microsoft.com/en-us/windows-hardware/drivers/ifs/the-kernel-mode-network-redirector-driver

    AMT Has a Feature since at least 2008 (Intel Management Gen 5): IDE Redirect; allows for performing hardware level remote access) One of the most powerful and core components of intel ME. You can see it in action, this is what the NSA are doing from their mesh central command centers:

    Meshcentral.com – IDE Redirection
    https://www.youtube.com/watch?v=2yL42OnjMcA
    Meshcentral.com – Intel AMT IDE-R recovery
    https://www.youtube.com/watch?v=ZL-WlfJaYCk
    https://software.intel.com/en-us/blogs/2014/06/24/meshcentralcom-intel-amt-ide-redirect-support
    Make sure you watch these videos on AMT/ Intel ME redirectors: https://www.youtube.com/results?search_query=intel+ide+redirection

    IDE-Redirect? Redirected Drive Buffering Subsystem ROOT Kernel Driver (RDBSS) Communicates with Mini-redirector drivers. This should disable much of Intel ME’s transparent functionality with windows
    C:\Windows\System32\drivers\rdbss.sys
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\rdbss]
    “start”=dword:00000004

    MR.X redirectors; Can’t get more conspicuous than that. Updated with the Jan 2018 Windows 7 Rollup security package featuring Spectre and Meltdown patches. Intel ME is far, far more dangerous than spectre and meltown. I wouldn’t be surprised if Mr. X services are tightly integrated into AMT, which lanmanworkstation (SMB) is dependent upon. I believe MR. X Mini Redirector allows is channeled through AMT via Downlevel Sub Redirectors (1 & 2) Load up regedit, check HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\

    MR. X Windows NT Web Dav Mini Redirector (WebDAV Extension for IIS 7.0 enables Web authors to publish content easily and more securely to IIS 7.0 Web servers;
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MRxDAV]
    “Start”dword:=00000004

    MR. X Windows NT SMB Mini Redirector
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mrxsmb]
    “Start”dword:=00000004

    MR. X Loghorn SMB 1.0 Downlevel Sub Redirector
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mrxsmb10]
    “Start”dword:=00000004

    MR. X Loghorn SMB 2.0 Redirector
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mrxsmb20]
    “Start”dword:=00000004

    Remote Desktop Server Driver
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermDD]
    “Start”=dword:00000004

    Terminal services was later renamed to “Remote Desktop”

    Terminal service Generic USB Device, Keyboard/Mouse (Keylogging and remote control, both were enabled and running on my pc)
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TsUsbFlt]
    “Start”=dword:00000004

    Terminal service Generic USB Device, Keyboard/Mouse (both were enabled and running on my pc)
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TsUsbGD]
    “Start”=dword:00000004

    RDP Display Driver aka Remote Desktop Protocol Chained Display Driver (for watching you from NSA’s MESH central servers)
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPCDD]
    “Start”=dword:00000004

    Remote Desktop Protocol Display Driver
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPDD]
    “Start”=dword:00000004

    Remote Desktop Protocol Encoder Mirror driver
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPENCDD]
    “Start”=dword:00000004

    Microsoft Remote Desktop Session Host Server Network Provider
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPNP]
    “Start”=dword:00000004

    ME firmware versions 4.0 and later (Intel 4 Series and later chipsets) include a DRM application called “Protected Audio Video Path” (PAVP). Quoting the above “This allows a remote user to access everything that is shown on your screen.” Intel offers two PAVP modes – Paranoid and Lite; when set to Paranoid, the video stream is encrypted and its decoding is accelerated by the integrated graphics core. pavp (protected audio video path) enables hardware accelerated decoding of the encrypted stream by intel integrated graphics core. Pavp abbreviation stands for plasma arginine vasopressin. Protected Audio Video Path is still classified as Intel Restricted Secret. So there is no public documentation available… How independent is this of Remote Desktop? I’m not sure.

    Reflector Display Driver used to gain access to graphics data. It handles the Remote Desktop Protocol Reflector Driver Miniport.
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPREFMP]
    “Start”=dword:00000004

    User Mode Remote Desktop Services Display Driver
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPUDD]
    “Start”=dword:00000004

    Microsoft Remote Desktop Protocol Video Miniport driver
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RdpVideoMiniport]
    “Start”=dword:00000004

    Remote Desktop Protocol Terminal Stack Driver (US/Canada Only, Not for Export)
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPWD]
    “Start”=dword:00000004

    Remote Desktop Services Security Filter Driver
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tssecsrv]
    “start”=dword:00000004

    Remote Desktop Configuration Service
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SessionEnv]
    “start”=dword:00000004

    Terminal Server

    Usually companies which need a terminal server with these advanced functions want to remotely control, monitor, diagnose and troubleshoot equipment over a telecommunications network. Sounds like the fundamental core of Microsoft & Intel ME’s remote functions.

    What the EFF? Notice how the most sensitive and critical entries have an F beside them, making them stick out; this lead me to wonder if these were failsafes to ensure you could renable them with another registry key. Who knows.

    Harden/Disable Terminal Server
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]
    “TSUserEnabled”=dword:00000000
    “TSAdvertise”=dword:00000000
    “StartRCM”=dword:00000000
    “AllowRemoteRPC”=dword:00000000
    “fDenyTSConnections”=dword:00000001
    “fCredentialLessLogonSupportedTSS”=dword:00000000
    “fCredentialLessLogonSupportedKMRDP”=dword:00000000
    “fCredentialLessLogonSupported”=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd]
    “StartupPrograms”=-

    the =- in the key above removes the startup app function for terminal server
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration]
    “fInheritAutoLogon”=dword:00000000
    “fInheritInitialProgram”=dword:00000000
    “fLogonDisabled”=dword:00000001
    “fPromptForPassword”=dword:00000001

    Inner core of Remote Desktop; WDS=Winstation Driver, rdpwd Remote Desktop Protocol Terminal Stack
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd]
    “fFlowSoftwareRx”=dword:00000000
    “fFlowSoftwareTx”=dword:00000000
    “fEnableDTR”=dword:00000000
    “fEnableRTS”=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\EH-Tcp]
    “fEnableWinstation”=dword:00000000
    “fInheritAutoClient”=dword:00000000
    “fInheritAutoLogon”=dword:00000000
    “fLogonDisabled”=dword:00000001
    “fDisableCcm”=dword:00000001
    “fDisableCdm”=dword:00000001
    “fDisableClip”=dword:00000001
    “fDisableLPT”=dword:00000001
    “fDisableCpm”=dword:00000001
    “fDisableExe”=dword:00000001
    “CdDLL”=””
    “CfgDll”=””
    “PdDLL”=””
    “PdDLL1″=””
    “WsxDLL”=””
    “WdDLL”=””

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
    “UserAuthentication”=dword:00000001
    “fInheritAutoClient”=dword:00000000
    “fInheritAutoLogon”=dword:00000000
    “fLogonDisabled”=dword:00000001
    “fDisableCcm”=dword:00000001
    “fDisableCdm”=dword:00000001
    “fDisableClip”=dword:00000001
    “fDisableLPT”=dword:00000001
    “fDisableCpm”=dword:00000001
    “fDisableExe”=dword:00000001
    “CdDLL”=””
    “CfgDll”=””
    “PdDLL”=””
    “PdDLL1″=””
    “WsxDLL”=””
    “WdDLL”=””

    (the – in front of hkey deletes the key and its contents; then following up; recreates an empty key)
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SysProcs]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SysProcs]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\TSMMRemotingAllowedApps]
    “ehshell.exe”=dword:00000000

    USE PCHunter to modify the following registry keys: fAcceptConnection under; set to 0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\ConnectionHandler]

    Connecting multi-hop mesh networks using MAC bridge
    AMT Mesh Central: https://meshcentral.com/
    see image: https://patentimages.storage.googleapis.com/76/a0/06/3d6938ad658e24/US08340106-20121225-D00000.png

    A multi-hop mesh network may be connected to a Local Area Network (LAN) using a MAC Bridge. One or more nodes on the mesh network may be configured as a bridge node that employs a MAC bridge. Packets that travel between stations on the LAN to nodes on the mesh network flow through one of the bridge nodes on the mesh network. The bridge nodes do not receive all the packets on mesh network, but they receive the packets that are to be transmitted across the MAC bridge. As the bridge nodes learn of new stations on the LAN they advertise routes to the other nodes within the mesh network specifying how to reach those stations. This enables MAC Bridge functionality between wireless mesh networks and 802 LANs.
    “https://patents.google.com/patent/US8340106

    Bridge MP (MAC Bridge driver)
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BridgeMP]
    “Start”dword:=00000004

    There you have it; AMT’s Windows control vectors and mechanisms have been neutered. You can copy and paste everything here into a reg file, it will not harm your computer; the text will not e injected into your registry, only the keys. Be sure to create a system restore point before doing this.

  2. Intel Management & Remote Desktop are inseparable, until you delete the files or disable them.

    You must either disable ME, its windows components, or both. Some of their components I will list here. These will vary depending on motherboard vendor, drivers, and version of Intel ME/AMT. I’ve got an old LGA775 P5Q-Pro, South Bridge: Intel 82801JR ICH10R, for example. On my PC computer, I’ve got a nifty little driver called “RDPBUS,” otherwise known as “Remote Desktop Device Redirector Bus Driver.” A driver is typically for hardware. Bus means hardwired. Wire to wire hardware communication on a hardware lane. So “Remote Desktop BUS DRIVER” basically means Intel ME remote assistance or backdoor driver. Plain as day. ME was massively designed for remote repairs and assistance; so tell me, who else would embed this function on your Intel chipset? and provide you with bus drivers for remote functionality? Intel, of course.

    Remote Desktop used to be called Terminal Services, and Terminal Server is the central brain of all of this. Intel Management is specialized to work with Remote Desktop functionality. Therefore, if you have not disabled ME, you should disable everything “Remote Desktop” “Terminal Service” and “Terminal Server” until you have nothing left to disable.

    Given recent security breaches in ME issued by Intel, running anything “Intel Management” enabled is highly risky and dangerous; For your life, for your finances, for the dams, nuclear facilities, god only knows. I I and 99% of Intel users want to disable what only 1% actually WANT to keep for convenience sake. Time for an off switch on this baby, and not just for the NSA. I highly recommend you disable it, even if you must flash your chip with hardware!

    You can bypass some of Intel ME’s functionality by using an aftermarket NIC.

Leave a Reply

Your email address will not be published. Required fields are marked *