• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Intel Management Engine Patched

Joined
Mar 10, 2015
Messages
3,984 (1.21/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
Joined
Dec 29, 2010
Messages
3,439 (0.71/day)
Processor AMD 5900x
Motherboard Asus x570 Strix-E
Cooling Hardware Labs
Memory G.Skill 4000c17 2x16gb
Video Card(s) RTX 3090
Storage Sabrent
Display(s) Samsung G9
Case Phanteks 719
Audio Device(s) Fiio K5 Pro
Power Supply EVGA 1000 P2
Mouse Logitech G600
Keyboard Corsair K95
Damn, so many flaws...
 
Joined
Aug 20, 2007
Messages
20,709 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
Not a CPU one this time. Management Engine. Reminds me again why all management subsystems are a horrible idea...
 
Joined
Nov 18, 2010
Messages
7,106 (1.46/day)
Location
Rīga, Latvia
System Name HELLSTAR
Processor AMD RYZEN 9 5950X
Motherboard ASUS Strix X570-E
Cooling 2x 360 + 280 rads. 3x Gentle Typhoons, 3x Phanteks T30, 2x TT T140 . EK-Quantum Momentum Monoblock.
Memory 4x8GB G.SKILL Trident Z RGB F4-4133C19D-16GTZR 14-16-12-30-44
Video Card(s) Sapphire Pulse RX 7900XTX + under waterblock.
Storage Optane 900P[W11] + WD BLACK SN850X 4TB + 750 EVO 500GB + 1TB 980PRO[FEDORA]
Display(s) Philips PHL BDM3270 + Acer XV242Y
Case Lian Li O11 Dynamic EVO
Audio Device(s) Sound Blaster ZxR
Power Supply Fractal Design Newton R3 1000W
Mouse Razer Basilisk
Keyboard Razer BlackWidow V3 - Yellow Switch
Software FEDORA 39 / Windows 11 insider
Not a CPU one this time. Management Engine. Reminds me again why all management subsystems are a horrible idea...

Agree...

Funny... if you peek into those pure china Huanan x79 board bios... they have an option to hard disable ME.

I wonder why :roll:.
 
Joined
Nov 18, 2010
Messages
7,106 (1.46/day)
Location
Rīga, Latvia
System Name HELLSTAR
Processor AMD RYZEN 9 5950X
Motherboard ASUS Strix X570-E
Cooling 2x 360 + 280 rads. 3x Gentle Typhoons, 3x Phanteks T30, 2x TT T140 . EK-Quantum Momentum Monoblock.
Memory 4x8GB G.SKILL Trident Z RGB F4-4133C19D-16GTZR 14-16-12-30-44
Video Card(s) Sapphire Pulse RX 7900XTX + under waterblock.
Storage Optane 900P[W11] + WD BLACK SN850X 4TB + 750 EVO 500GB + 1TB 980PRO[FEDORA]
Display(s) Philips PHL BDM3270 + Acer XV242Y
Case Lian Li O11 Dynamic EVO
Audio Device(s) Sound Blaster ZxR
Power Supply Fractal Design Newton R3 1000W
Mouse Razer Basilisk
Keyboard Razer BlackWidow V3 - Yellow Switch
Software FEDORA 39 / Windows 11 insider
It's best to simply not install the software

You can disable it in device manager or not install it will work still, just like any low level module residing into the bridge, like HPET for example. Software speaks to it in low ring level directly.
 
Joined
May 19, 2009
Messages
1,817 (0.33/day)
Location
Latvia
System Name Personal \\ Work - HP EliteBook 840 G6
Processor 7700X \\ i7-8565U
Motherboard Asrock X670E PG Lightning
Cooling Noctua DH-15
Memory G.SKILL Trident Z5 RGB Black 32GB 6000MHz CL36 \\ 16GB DDR4-2400
Video Card(s) ASUS RoG Strix 1070 Ti \\ Intel UHD Graphics 620
Storage 2x KC3000 2TB, Samsung 970 EVO 512GB \\ OEM 256GB NVMe SSD
Display(s) BenQ XL2411Z \\ FullHD + 2x HP Z24i external screens via docking station
Case Fractal Design Define Arc Midi R2 with window
Audio Device(s) Realtek ALC1150 with Logitech Z533
Power Supply Corsair AX860i
Mouse Logitech G502
Keyboard Corsair K55 RGB PRO
Software Windows 11 \\ Windows 10
Not a CPU one this time. Management Engine. Reminds me again why all management subsystems are a horrible idea...

Corporations love those things, it allows a host of nice features. Sure, they could cut it down on consumer models, though.
 
Joined
Aug 20, 2007
Messages
20,709 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
Corporations love those things, it allows a host of nice features. Sure, they could cut it down on consumer models, though.

It allows a host of nice remote management features that have proven less reliable/secure than ideal, but yes. I'd be really wary of using it longterm.
 
Joined
Jul 5, 2013
Messages
25,559 (6.52/day)
You can disable it in device manager or not install it will work still
Incorrect. If the drivers are not installed and management software is missing, there is no attack vector as the flaw is in the software, thus the reason Intel recommends updating their software.
just like any low level module residing into the bridge, like HPET for example
That's not how it works.
Software speaks to it in low ring level directly.
And if the software is missing, the hardware sits and does nothing.
 
Joined
Aug 20, 2007
Messages
20,709 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
Incorrect. If the drivers are not installed and management software is missing, there is no attack vector as the flaw is in the software, thus the reason Intel recommends updating their software.

The flaw is in the ME firmware, not the driver. They aren't issuing a driver update to correct this.

And if the software is missing, the hardware sits and does nothing.

Not really. That's the whole issue with the management engine and similar systems: They operate as long as they haven't been told not to. To date, that is only possible via Intel ME, and only via undocumented methods.

All the drivers do is give you access to services they provide, they don't stop them from working if you don't load them.
 
Joined
Dec 10, 2014
Messages
1,325 (0.39/day)
Location
Nowy Warsaw
System Name SYBARIS
Processor AMD Ryzen 5 3600
Motherboard MSI Arsenal Gaming B450 Tomahawk
Cooling Cryorig H7 Quad Lumi
Memory Team T-Force Delta RGB 2x8GB 3200CL16
Video Card(s) Colorful GeForce RTX 2060 6GV2
Storage Crucial MX500 500GB | WD Black WD1003FZEX 1TB | Seagate ST1000LM024 1TB | WD My Passport Slim 1TB
Display(s) AOC 24G2 24" 144hz IPS
Case Montech Air ARGB
Audio Device(s) Massdrop + Sennheiser PC37X | QKZ x HBB
Power Supply Corsair CX650-F
Mouse Razer Viper Mini | Cooler Master MM711 | Logitech G102 | Logitech G402
Keyboard Drop + The Lord of the Rings Dwarvish
Software Windows 10 Education 22H2 x64
I blame U.S. govt. We all can comprehend why CPU makers need to push remote management systems on consumer platform.
 
Joined
Jul 5, 2013
Messages
25,559 (6.52/day)
The flaw is in the ME firmware, not the driver. They aren't issuing a driver update to correct this.



Not really. That's the whole issue with the management engine and similar systems: They operate as long as they haven't been told not to. To date, that is only possible via Intel ME, and only via undocumented methods.

All the drivers do is give you access to services they provide, they don't stop them from working if you don't load them.
Please review;
The vectors of attack require local admin access. If no drivers/software are installed, non-admins can not attack the system through this vulnerability, and remote attacks are not possible.
 
Joined
Mar 10, 2015
Messages
3,984 (1.21/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
Please review;
The vectors of attack require local admin access. If no drivers/software are installed, non-admins can not attack the system through this vulnerability, and remote attacks are not possible.

How did you come to that conclusion from your link?
 
Joined
Sep 1, 2010
Messages
7,023 (1.42/day)
I remember back in the day it was possible to deblob ME with me_cleaner but on newer systems it's impossible to remove ME firmware.
 
Joined
Aug 20, 2007
Messages
20,709 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
The vectors of attack require local admin access. If no drivers/software are installed, non-admins can not attack the system through this vulnerability, and remote attacks are not possible.

That has nothing to do with where the vulnerability lies (in firmware), or how the base management engine functions, which is what I was talking about. I was speaking generically and not catering to this one vulnerability.

I remember back in the day it was possible to deblob ME with me_cleaner but on newer systems it's impossible to remove ME firmware.

It's not, you can still remove the partitions with other tools, but it's really really hard to truly deblob it without tripping the 30 minute hang timer. You can turn it off with some hackery pretty easily though.

How did you come to that conclusion from your link?

It says so deep in the docs. He's right in regards to this one exclusive vulnerability.

Of course again, it comes down to how one defines "locally authenticated."
 
Joined
Mar 10, 2015
Messages
3,984 (1.21/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
It says so deep in the docs. He's right in regards to this one exclusive vulnerability.

Of course again, it comes down to how one defines "locally authenticated."

I was more referring to your comments about me functionality and the rest of your entire post. I am rolling on mobile so navigating some things sucks.

It also says right in the docs it is releasing a firmware patch.

I mean I don't see any embedded links to get further into the docs...are they fudging mobile?
 
Joined
Jul 5, 2013
Messages
25,559 (6.52/day)
That has nothing to do with where the vulnerability lies (in firmware), or how the base management engine functions, which is what I was talking about. I was speaking generically and not catering to this one vulnerability.
I was referring to this vulnerability. RTB, we've been over this before. There are no attacks that can render system control through the IME hardware without a software layer component. Such vulnerabilities reside exclusively within Windows as driver sets for other OS platforms either do not exist or are specifically engineered to prevent unauthorized access through the IME hardware. Additionally, such vulnerabilities can only be access by/through Intel network devices hardwired to the chipset. Network chipsets from other vendors are not vulnerable. Network devices not hardwired to the board are also not vulnerable.

All of the vulnerabilities associated with the IME require that each component of the CSME subsystem platform be both present and functional. If any one component is not present(disabled or not installed), not configured property or is restricted by system policies the vulnerabilities can not be exploited.

If you do not install the hardware drivers in Windows, the vulnerabilities are null.
If you disable the hardware in the Windows device manager, the vulnerabilities are null.
If you do not install the Advanced Management software in Windows, the vulnerabilities are null.
If you do not properly configure or provision the AME, the vulnerabilities are null.
If you do not use the provided(built-on) Intel network connection for network/internet access, the vulnerabilities are null.

The reason Intel lists these vulnerabilities has "High Risk" is because a lot business' and companies do use the IME as intended and properly configured. For us end users, the problem isn't as important because most of us don't use/need the IME. Disabling it in the Device manager, not installing the drivers/software effectively guarantees safely for any attack against the IME.
 
Last edited:
Joined
Aug 20, 2007
Messages
20,709 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
There are no attacks that can render system control through the IME hardware without a software layer component.

I think there are some, but they are so old as to be irrelevant.

I as a security researcher, get my head all worked up over the theoretical rather than the here and now. Comes with the territory.

The thing that bugs me about the Intel Management engine is it can pretty much snoop on anything it wants once compromised, driver or no driver. The compromise vector at that point becomes largely irrelevant.
 
Last edited:

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
40,435 (6.61/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
MEs should only be LAN/Intranet accessible not WAN/Internet.
 
Joined
Jul 5, 2013
Messages
25,559 (6.52/day)
The thing that bugs me about the Intel Management engine is it can pretty much snoop on anything it wants once compromised, driver or no driver. The compromise vector at that point becomes largely irrelevant.
While that is true, the firmware for the IME resides in the BIOS of the host system and can not be re-written without the knowledge and consent of the system user. Additionally, even if exploited, the IME does not have static ram on die, it has dynamic ram and only a small amount of it. Like system ram, once powered off, the contents are gonesville and the exploit is gone with it. Then even if you manage to exploit the IME and install a package in the firmware, outside Windows the IME can only connect to network adapters it is directly wired to, which will always be an Intel LAN chipset. If that network adapter is not in use by the user, the exploit sits doing nothing.
 
Joined
Aug 20, 2007
Messages
20,709 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
MEs should only be LAN/Intranet accessible not WAN/Internet.

They already are. Thing is that rule doesn't matter when it's repurposed via some malware, as an example.
 
Joined
Jul 16, 2014
Messages
8,115 (2.29/day)
Location
SE Michigan
System Name Dumbass
Processor AMD Ryzen 7800X3D
Motherboard ASUS TUF gaming B650
Cooling Artic Liquid Freezer 2 - 420mm
Memory G.Skill Sniper 32gb DDR5 6000
Video Card(s) GreenTeam 4070 ti super 16gb
Storage Samsung EVO 500gb & 1Tb, 2tb HDD, 500gb WD Black
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) - SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Steeseries Esports Wireless
Keyboard Corsair K100
Software windows 10 H
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
The discussion over IME and its vulnerabilities have been going on for over a decade, it was called something like the NSA spyware chip due to the rumored remote back door. If a patch for it makes big news, its likely there was more patched than was noted, like that back door is working again?. :rolleyes:
 
Joined
Nov 18, 2010
Messages
7,106 (1.46/day)
Location
Rīga, Latvia
System Name HELLSTAR
Processor AMD RYZEN 9 5950X
Motherboard ASUS Strix X570-E
Cooling 2x 360 + 280 rads. 3x Gentle Typhoons, 3x Phanteks T30, 2x TT T140 . EK-Quantum Momentum Monoblock.
Memory 4x8GB G.SKILL Trident Z RGB F4-4133C19D-16GTZR 14-16-12-30-44
Video Card(s) Sapphire Pulse RX 7900XTX + under waterblock.
Storage Optane 900P[W11] + WD BLACK SN850X 4TB + 750 EVO 500GB + 1TB 980PRO[FEDORA]
Display(s) Philips PHL BDM3270 + Acer XV242Y
Case Lian Li O11 Dynamic EVO
Audio Device(s) Sound Blaster ZxR
Power Supply Fractal Design Newton R3 1000W
Mouse Razer Basilisk
Keyboard Razer BlackWidow V3 - Yellow Switch
Software FEDORA 39 / Windows 11 insider
If the backdoor really is, then communicating with HW with direct commands altering the needed memory registers to make a magic pattern and when bridge MCU fetches the key it will wake up. It ain't no rocket science. Driver is not needed for sure.

Sad part.

Why a regulator has not steped in here? It is an optional component, system works without it. It has to be opt in. Alaska AMI allows to set up a proper disable/enable option for it.
 
Joined
Mar 23, 2016
Messages
4,839 (1.65/day)
Processor Ryzen 9 5900X
Motherboard MSI B450 Tomahawk ATX
Cooling Cooler Master Hyper 212 Black Edition
Memory VENGEANCE LPX 2 x 16GB DDR4-3600 C18 OCed 3800
Video Card(s) XFX Speedster SWFT309 AMD Radeon RX 6700 XT CORE Gaming
Storage 970 EVO NVMe M.2 500 GB, 870 QVO 1 TB
Display(s) Samsung 28” 4K monitor
Case Phantek Eclipse P400S (PH-EC416PS)
Audio Device(s) EVGA NU Audio
Power Supply EVGA 850 BQ
Mouse SteelSeries Rival 310
Keyboard Logitech G G413 Silver
Software Windows 10 Professional 64-bit v22H2
It is an optional component, system works without it.
Intel's ME is required for initialization of the CPU cores before any booting can take place.
 
Joined
Nov 18, 2010
Messages
7,106 (1.46/day)
Location
Rīga, Latvia
System Name HELLSTAR
Processor AMD RYZEN 9 5950X
Motherboard ASUS Strix X570-E
Cooling 2x 360 + 280 rads. 3x Gentle Typhoons, 3x Phanteks T30, 2x TT T140 . EK-Quantum Momentum Monoblock.
Memory 4x8GB G.SKILL Trident Z RGB F4-4133C19D-16GTZR 14-16-12-30-44
Video Card(s) Sapphire Pulse RX 7900XTX + under waterblock.
Storage Optane 900P[W11] + WD BLACK SN850X 4TB + 750 EVO 500GB + 1TB 980PRO[FEDORA]
Display(s) Philips PHL BDM3270 + Acer XV242Y
Case Lian Li O11 Dynamic EVO
Audio Device(s) Sound Blaster ZxR
Power Supply Fractal Design Newton R3 1000W
Mouse Razer Basilisk
Keyboard Razer BlackWidow V3 - Yellow Switch
Software FEDORA 39 / Windows 11 insider
Intel's ME is required for initialization of the CPU cores before any booting can take place.

Could you show some documentation? It is kinda the info pushed to us to believe. Why cutting out(HEXEDIT) that region in certain board bios allows them to boot anyways? ME is one thing CPU microcode is different. Also how CPU init is done. The ME in the PCH part is marked often as a core, while it is not, it is a module, the part handling the boot process is a different module.

For example boot process on certain ASUS boards is handled by their proprietary EPU/ROG engine IC, that interferes with the LPC controller(that's the one waking all system up not ME). It is done because of different HW boot training process, especially when doing OC.
 
Top