Intel Management Engine
The wiki is being retired!
Documentation is now handled by the same processes we use for code: Add something to the Documentation/ directory in the coreboot repo, and it will be rendered to https://doc.coreboot.org/. Contributions welcome!
Uses of the Management Engine
The management engine(Often abreviated ME) is a CPU which permits Out of band management of the computer. See the Wikipedia AMT article for example use cases.
Freedom and security issues
- The code that is running inside the management engine is proprietary and signed
- The management engine CPU has access to a lot of things, see "ME physical capabilities" for more details.
Where
Board | Firmware | Microarchitecture | ME location and physical capabilities | ME restrictions |
---|---|---|---|---|
Lenovo X60 | None. <ref name="nic-amt">The Ethernet controller is capable of running some fimrwares( like AMT 1.0), but the hardware is not configured to do it on that machine. So no firmwares are loaded. See Intel_82573_Ethernet_controller for more details.</ref> | I945 + ICH7 |
|
|
Lenovo x201 | AMT | Nehalem |
The ME is inside the PCH, it:
|
|
Packard Bell EasyNote LM85 (MS2290) | AMT? | |||
Samsung Series 5 550 Chromebook | me.bin | Sandy Bridge |
The ME is inside the PCH, it:
|
|
Samsung Series 3 Chromebox | me.bin | |||
Lenovo t520 | AMT | |||
Google/HP Pavilion Chromebook 14 | me.bin | Ivy Bridge |
The ME is inside the PCH, it:
|
|
Google Chromebook Pixel | me.bin | |||
Google/Acer C7 Chromebook | me.bin | |||
Google/Lenovo Thinkpad X131e Chromebook | me.bin | |||
Lenovo t530 | AMT | |||
Lenovo x230 | AMT | |||
Kotron KTQM77/mITX | AMT? | |||
Google/Acer C720 Chromebook | ? | Haswell |
The ME is inside the PCH, it:
|
|
Google/HP Chromebook 14 | ? |
Why there is no replacement for it yet
Replacing the ME firmware is not that easy because:
- The ME bootrom checks the firmware signature.
- On recent chipset its RAM reagion is locked while it is allocated.
- Power glitches(by the ec) while the ME is checking its firmware is probably not practically doable.
So even if some people partially documented some ME firmware format, there is very few probability of having a free software replacement for it one day.
Coreboot also support other systems than the ones with recent intel CPU/chipsets. The List of supported mainboard list some of them.
See also
References
<references/>