Thx. So, there is no kernel support for the Intel MEI, but kernel only knows how to identify it.
Ugh, I wish OpenBSD had a way to audit hardware components, please? Because this Intel MEI is a closed source software (Linux based from what I read) and running inside our CPUs, with full unfettered unchecked access to all hardware components, with zero visibility for us to vet it because it's '''proprietary'''. Can we still talk about security in this context? What's OpenBSD's official position on this? On Sat, Mar 16, 2024 at 6:05 PM Zé Loff <zel...@zeloff.org> wrote: > > On Sat, Mar 16, 2024 at 05:52:22PM +0500, ofthecentury wrote: > > I boot with 'boot -c' and then > > enter 'disable mei' and then > > 'quit'. > > Pcidump still shows Intel MEI, > > just as it does when booting > > with default config. I don't > > think anything changed. > > But UKC doesn't complain > > when I disable mei, so I know > > it knows 'mei' and disables it. > > But how would I know it > > does disable it? > > > > Also, 'boot -c' accumulates what > > changes I do. How does one > > reset changes to go back to > > vanilla kernel? > > > > Just because it is detected it does not mean a driver is attached to it. > > E.g. on my machine: > > # pcidump | grep -i mei > 0:22:0: Intel 200 Series MEI > > # dmesg | grep -i mei > "Intel 200 Series MEI" rev 0x00 at pci0 dev 22 function 0 not configured > > The "not configured" is the relevant part, here. > > Plus, more knowledgeable people will correct me if I'm wrong, but I > don't think a "mei" driver exists. > > If for some reason you want to "disable" it further that this you'll > have to do it in BIOS or find a way to power it off, but good luck with > that. > > Cheers > Zé > -- >
