@RedTechEngineer @mischievoustomato @pernia @romin me_cleaner for core i and later is only possible because intel stuffed up their RSA implementation and it is possible to remove some of the modules without the signature check failing.

On Nehalem & Broadwell, it is possible to leave only the ROMP & BUP modules, but those cannot be replaced due to the RSA signature.

Later, the rbe, kernel, syslib and bup modules are required and cannot be replaced.

It seems the NSA requested the addition of the "HAP" bit that requests that the ME hang after boot, which me_cleaner sets, but who knows?


Sometimes eventually an exploit is found in handcuffing schemes, but usually all that allows for is the disabling of one of the malicious features of the proprietary software - but the proprietary software still runs.

For example there was a "boot guard" (guard boot on your computer) exploit found that allowed bypassing it, but the proprietary software still runs.