Basically none. You’ve got the ME (or AMD’s equivalent) on the CPU anyway so you... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		snazz on May 1, 2019 \| parent \| context \| favorite \| on: Remote Code Execution on Most Dell Computers Basically none. You’ve got the ME (or AMD’s equivalent) on the CPU anyway so you really can’t avoid having some kind of root kit. Older Intel hardware that doesn’t have the ME or can be neutered is the best bet, and these machines don’t use UEFI anyway. Otherwise you could go for a non-Intel/AMD architecture, but there aren’t that many of those around anymore.

sneak on May 1, 2019 | [–]

Disabling all of the parts of the ME except the part that lets the computer stay powered on is fortunately now well-documented (NSA-requested HAP support).

Wowfunhappy on May 1, 2019 | [–]

Again, not looking for a perfect solution. So I take it loading a different boot-loader first wouldn't be enough?

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact