@ pccobbler: I think we speak of different things??
Or maybe different aspects of the same thing?
My understanding is that the Intel Management Engine is not an optional download, it is an integral part of modern Intel chipsets. There is an extension -- the Management Engine Bios Extension -- which is open to user configuration. But not the ME itself.
If I understand what I've read, if you run an Intel machine of recent vintage then the ME is running. It runs whether you use Windows, BSD, Minix, Solaris, or anything else -- because it boots first and is necessary to initialize system clocks and hardware. As well as other critical functions.
Igor Skochinsky: "Intel Management Engine ('ME') is a dedicated microcontroller embedded in all recent Intel motherboard chipsets. It works independently from the main CPU, can be active even when the rest of the system is powered off, and has a dedicated connection to the network interface for out-of-band networking which bypasses the main CPU and the installed OS."
From a page in the Libreboot project:
"ME firmware versions 6.0 and later, which are found on all systems with an Intel Core i3/i5/i7 CPU and a PCH, include 'ME Ignition' firmware that performs some hardware initialization and power management. ... Due to the signature verification, developing free replacement firmware for the ME is basically impossible. The only entity capable of replacing the ME firmware is Intel. ... In summary, the Intel Management Engine and its applications are a backdoor with total access to and control over the rest of the PC. The ME is a threat to freedom, security, and privacy, and the libreboot project strongly recommends avoiding it entirely. Since recent versions of it can't be removed, this means avoiding all recent generations of Intel hardware. " (Emphasis in the original.)
I know I'm running on about this, but it's quite interesting to my tiny mind.
It would seem that if NSA / CIA had prevailed upon Intel to put a backdoor in the ME, then many of these leaked hacking tools and techniques are unnecessary. If there were a backdoor, then any Intel machine could be taken over by sending a special instruction to the ME (which has not only its own microcontroller and kernel but its own networking stack, and complete access to the machine's memory and peripherals as well).
So my first guess is that the ME is not thus backdoored. Because I don't think the NSA / CIA are subtle enough to create and then leak 8700 docs with hacking info. Nor are they crazy enough to release info on device hacking and antivirus amelioration, info which may be quite useful to CIA's advarsaries, whether criminal or nation-state actors.
Biting the hand that feeds IT
