• KindredAffiliate@lemmy.world
      link
      fedilink
      English
      arrow-up
      14
      ·
      2 years ago

      If you want to disable Intel Management Engine, the always-on backdoor built into every Intel CPU and/or want as much software as possible on your machine to be FOSS

      Also it boots much faster than most stock bios.

        • mimichuu_@lemm.ee
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          1
          ·
          2 years ago

          Not that I know of, AMD is also soon going to make their own FOSS bios with OpenSIL so they’re generally the better option if you’re a privacy/libre software junkie.

          • pitajellybug@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            2 years ago

            As far as I know, OpenSIL stands for Open Silicon Initialization Library, and handles only the hardware initialisation part of the boot process. It may still require loading binary blobs like the Platform Security Processor (PSP), which is AMD’s version of Intel Management Engine

            • mimichuu_@lemm.ee
              link
              fedilink
              English
              arrow-up
              5
              ·
              2 years ago

              PSP is not the same thing as IME. Not even close. PSP doesn’t even have network access, much less remote computer control like the IME. Still proprietary, but if OpenSIL allows you to turn it off then we might actually be able to run a fully 100% libre modern desktop computer which is honestly pretty awesome.

              • spez@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                2
                ·
                2 years ago

                Things like these and the overall general improvements to linux on a daily basis get me excited for a time when I could buy a Framework laptop with coreboot running linux without issues. Also no backdoors for big brother.

                • mimichuu_@lemm.ee
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  2 years ago

                  Coreboot doesn’t disable the IME by the way. It just gets rid of some of it’s functionality blobs and sends a signal to it telling it to please disable itself. No one knows if that signal actually works. Only Intel themselves can actually fully remove it from a processor, like they did with the processors they sold to the NSA.

                  • spez@sh.itjust.works
                    link
                    fedilink
                    English
                    arrow-up
                    2
                    ·
                    2 years ago

                    Only Intel themselves can actually fully remove it from a processor, like they did with the processors they sold to the NSA.

                    Looks interesting, source please.