Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Easy way to disable Intel ME on Samsung laptops #383

Open
disableme1 opened this issue Jul 15, 2022 · 2 comments
Open

Easy way to disable Intel ME on Samsung laptops #383

disableme1 opened this issue Jul 15, 2022 · 2 comments

Comments

@disableme1
Copy link

disableme1 commented Jul 15, 2022
edited

This method doesn't require any firmware modification or hardware access, disables the management engine on subsequent reboots until a shut down. So there's no risk of bricking the hardware and it's easy to revert. One drawback is, while disabled the ME region will be unlocked for read/write access which could pose a risk in case an advanced malware or adversary gains access to your system.

There is a hidden BIOS menu on (some?) Samsung laptops that gives access to advanced settings. It appears on the Exit section of the BIOS screen after pressing these keys at the same time: Ctrl + Alt + Shift + F4

There, under ME settings is an option to turn off sending the "End of POST" message to the management engine. Switching this off allows you to send certain commands to the ME interface from your OS to temporarily disable it.

This document explains the commands that disable ME under various conditions:

https://github.com/ptresearch/me-disablement/blob/master/How%20to%20become%20the%20sole%20owner%20of%20your%20PC.pdf

I first tried the third method (Soft temporary disable) but it didn't do anything. Then I tried the second one: HMR FPO - Host ME Region Flash Protection Override. On next reboot the management engine was turned off. It is supposed to work for just one reboot but it still stays off on further reboots, so either the document is inaccurate or the disabled "End of POST" message is helping keep the ME turned off.

To send the commands, I use the me_util.py tool from here: https://github.com/skochinsky/me-tools

The script works with 32-bit Python 2.7 on Windows, it can probably be turned into an .exe file for easier use.

I use this command for the second method (HMRFPO) from the document. It will only work if you already disabled the "End of POST" message from the hidden BIOS settings.

python me_util.py 0x05 0x01 0000000000000000

Using this command and rebooting (not shutting down) the laptop will disable ME. After
any shut down, just use the command again and reboot to disable the ME again.

While disabled, it stays stuck in this state until shut down:
meinfo
@disableme1 disableme1 changed the title Easy way to disable ME on Samsung laptops Easy way to disable Intel ME on Samsung laptops Jul 16, 2022
@ghost
Copy link

ghost commented Dec 26, 2022
edited by ghost

Interesting, and thanks for sharing, but maybe important to note that this is for Windows only (me_util.py needs access to ME drivers per the README). If it was a one-off procedure, it wouldn't be such a big deal, but since the command must be rerun after every shutdown, it basically requires that Windows be available at all times.

@doritos4mlady
Copy link

Cool. Which models have the hidden bios screen?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@disableme1 @doritos4mlady