Recent news reported that Dell now offers to sell some devices with inoperable Intel Management Engine. During a conversation with the Dell support I was told that there is also the possibility to make ME inopperable after the devicie has alredy been bought.
Can anyone tell me where I can find the tools/instructions in question for download?
I actually contacted Dell support yesterday about this (waiting on a response). I was just getting ready to purchase a Latitude 14 Rugged, but then when I went to add it to my cart, the "ME Inoperable" option wasn't available anymore. It looks like they have already removed this option from all of their online offerings. That didn't last long. Perhaps it was added by mistake?
As for doing it yourself, search for "me_cleaner". Basically, you flash a modified BIOS image (which is where the ME firmware is contained) which "disables" the ME.
The issue is that it's a somewhat risky procedure and can brick your computer unless you have physical access to the BIOS chip so that you can recover from a failed flash. There's a good chance that most modern Dell machines have Boot Guard / Verified Boot enabled, so you might have to use a specific option with me_cleaner to avoid modifying portions of the image which are signed.
Did support provide you with any more information?
The fact that they told you that you can disable it yourself makes me feel like they were probably talking about something completely different. I can't see them advocating for customer to flash custom modified versions of the BIOS...
I hope the "ME Inoperable" option wasn't simply referring to not installing the drivers, because that's definitely not going to do it...
^ That doesn't do it. Intel ME is essentially a co-processor on the motherboard and it runs even when the PC is completely shut off. If the system was ordered with vPro Advanced Features, it's even got a VNC host that can be used to remotely control the system from the POST screen.
The only way I've heard of disabling Intel ME completely is by downloading BIOS releases that have been hacked by third parties in order to disable it, but that is of course very risky for several reasons. I'm not aware of any way to fully disable Intel ME on a system that has it -- which is partly why this is vulnerability is such a huge problem, just like PREVIOUS Intel ME vulnerability discovered a few months ago was.
I know about me_cleaner, but I wanted a ready to go device and not mess with that stuff myself.
If Dell removed that option this iis very bad news and will basically mean that I won't buy a Dell after all
I wonder if someone put pressure on Dell because the option removed their backdoor...
After doing some more searching, it looks like the option was only meant for certain customers and was accidentally made available to the public. The good news is that it seems like they might still offer the option if you call. Extremetech just posted an article about it.
Here's a quote which supposedly came from Dell:
"Dell has offered a configuration option to disable the Intel vPro Management Engine (ME) on select commercial client platforms for a number of years (termed Intel vPro – ME inoperable, custom order on Dell.com). Some of our commercial customers have requested such an option from us, and in response, we have provided the service of disabling the Management Engine in the factory to meet their specific needs. As this SKU can also disable other system functionality it was not previously made available to the general public.
Recently, this option was inadvertently offered online as a configuration option for a couple of systems on Dell.com. Customers interested in purchasing this SKU should contact their sales representative as it is intended to be offered as a custom option for a select number of customers who specifically require this configuration."