me_cleaner VS thepyphone

Some times Intel version of Lenovo have a problem with Intel ME , check this out. LINK

Yes; there are several ways, depending heavily on the version, and ranging from most trustworthy to least trustworthy:

* By patching the ME firmware itself - see the me_cleaner project, and methods documented here: https://puri.sm/posts/deep-dive-into-intel-me-disablement/ . This is Pretty Reliable; the runtime code has been deleted from flash.

* By setting a bit in the flash configuration, assumed to be added for the US High Assurance program: https://github.com/corna/me_cleaner/wiki/HAP-AltMeDisable-bi... , https://www.ptsecurity.com/ww-en/analytics/disabling-intel-m... . This is Mostly Reliable; the mechanism has been fairly aggressively reverse engineered and was added for a program with strict requirements.

* By sending an HECI command that says "hey ME, turn off your runtime" https://review.coreboot.org/c/coreboot/+/52800 . This is Somewhat Reliable; the method is well understood and seems to work but I'm not sure someone has done a deep dive audit into whether it could be re-enabled somehow.

"...this is interesting is because POWER9 is basically the first time the public got a real view of how sophisticated the backstage cast actually is of a modern server CPU."

Not quite correct; the OpenSPARC T1 and T2 were publicly released and available by 2008.

https://www.oracle.com/servers/technologies/opensparc.html

"Large parts of this process are handled by vendor-supplied mystery firmware blobs, which may as well be boxes with “???” written in them.

The maintainers of the me_cleaner script likely have the clearest view of what is known.

https://github.com/corna/me_cleaner

Your dedicated laptop with disabled Intel ME running OpenBSD might be the gold standard choice for your hardware wallet. Main discussion here.

I consider a dedicated laptop with deactivated Intel ME running OpenBSD (maybe from USB flash) can be a much secure alternative to a proprietary hardware wallet connected to your casual multi-purpose laptop.

On a side note, if Intel has made it this hard to disable Intel ME, is the US government happy with this change? It was them who got the HAP bit part working, and I do not see any news suggesting they have another trick to disable Intel ME. Should I just assume that this still works? Has anybody here tried? And does me_cleaner still work (last updated in 2018: https://github.com/corna/me_cleaner)?

This is incorrect. Intel ME has an internal disablement mechanism: https://github.com/corna/me_cleaner/wiki/HAP-AltMeDisable-bit this is the mechanism that it used by S76 and Purism.

If you are sensitive about the Intel Management Engine, the original Core 2 Duo/Quad systems are the last where it could be fully disabled.

Anything later will forcibly shut down after 30 minutes if (at least a fragment of) Intel's closed & bug-ridden monitoring code is not present.

I ran me_cleaner on a few of these systems, and I do all my finances with them running OpenBSD (usually on q9550s).

Yes, this effort to run old hardware is worth it for me. Below are the bios images that I was able to produce:

https://github.com/corna/me_cleaner/issues/233

>> Modern smartphones however, seem like walled gardens in which I have no control at all.

By design, I think.

>> I am locked into a single OS on my smartphone, which either spies on you or is locked down even more. Every iteration a bit more control is taken away from the user.

I got so fed up with this, I abandoned the whole mobile infrastructure and built my own phone with a Raspberry Pi 3B+. The Raspberry Pi is pretty open hardware (yes, I'm aware it's not perfect). For software I used Python 3, C and GTK. It does voice and SMS/MMS only, but that is enough for me.

I built it for myself. It's stable enough that I use it as my daily driver.

I am in the process of open sourcing the code and putting" rel="nofollow">https://github.com/another2020githubuser/thepyphone">putting it out on github.

I truly hope an open hardware smart phone becomes available soon. Until then, I'll use my home grown PyPhone to get by.

I agree that general purpose

If you are going to take a stand for open computing, you are going to have to make sacrifices. You will have to give up a lot of conveniences. As a technologist you will have to give both time and money. Apple and Google are not going to give up their billion dollar industries voluntarily. You will have to stop giving them money. And you will have to stop using their services.

My solution? I built myself a phone out of a Raspberry Pi 3 with a Touch Screen and a Logitech Headset. It does SMS/MMS and voice only. I've been using it for over a year now as my daily driver.

I'm going to open source the code. Check out https://github.com/another2020githubuser/thepyphone for more details. Right now there is just a README out there, the real code exists in a private git repo. I'm reviewing the code and stripping out private details so I don't end up doxxing myself :)

If you like the idea, please star the github project. I could use the encouragement. Thanks.