This site may earn affiliate commissions from the links on this page. Terms of apply.

433643-dell-latitude-13-3000-series-2-in-1

Last calendar week, nosotros reported that Dell had become the first major OEM to sell laptops that didn't use the Intel Management Engine. The move was meaning, both because of Dell's size and considering the other 2 PC OEMs that had fabricated similar statements both focus on the Linux marketplace. We've now had a chance to follow upwards with the Round Rock company on what information technology'southward offering, and the situation is more complex than it may have initially seemed.

For those but tuning in, the Intel Direction Engine is office of the hardware SoC on mod Intel processors. Information technology can exist used for a variety of remote administration and organization-monitoring tasks, and it runs its own operating organization completely outside the control of Windows 10. Intel has never shared much public information about the IME, but that didn't stop security researchers from disclosing some critical flaws non long ago. In the wake of those disclosures, the IME has come under fire as a fundamentally insecure system. When eagle-eyed customers found the following configuration options nether three Dell systems — the Dell Latitude fourteen Rugged, the Latitude fifteen E5570, and the Latitude 12 Rugged Tablet, it seemed to confirm that the visitor was preparing to offer this feature to a wider customer base.

Latitude14

This is what the menu looked like, these options are no longer displayed on the lodge page.

Here'south what Dell told u.s.a. when nosotros inquired nearly the company's future plans for IME-free systems.

Dell has offered a configuration choice to disable the Intel vPro Management Engine (ME) on select commercial client platforms for a number of years (termed Intel vPro – ME inoperable, custom order on Dell.com). Some of our commercial customers take requested such an option from united states of america, and in response, we have provided the service of disabling the Management Engine in the manufactory to run into their specific needs. As this SKU can also disable other arrangement functionality it was not previously made available to the general public.

Recently, this choice was inadvertently offered online equally a configuration option for a couple of systems on Dell.com. Customers interested in purchasing this SKU should contact their sales representative as it is intended to be offered as a custom choice for a select number of customers who specifically require this configuration.

We followed upwards with Dell with some boosted questions about the Intel Management Engine and what it brings to the table. First, all electric current Intel Core and Intel Atom-derived systems from Dell ship with the IME enabled. As far every bit we know, this has been the case for years, both at Dell and at other OEMs. Dell explained that it enables IME because the functionality is an "integral part of normal organisation operation." This includes configuring system clocks, thermal management, and security features used to ensure lawmaking integrity. It also enables DRM video content playback.

Back in 2022, nosotros covered Windows x's then-upcoming PlayReady three.0 DRM system. Ane of the points Microsoft fabricated upward-forepart is that DRM compliance required a new hardware security processor and a secure media pipeline implemented inside the GPU, and the Intel Management Engine seems to be designed to fit those goals (even if 4K streaming is confined to Kaby Lake and other chips).

HW-DRM1

Hardware DRM implementations in Windows 10

Dell also told united states of america that information technology doesn't use the Intel Management Engine for any custom purpose, though some of its commercial products do use Intel'south Active Direction Technology (AMT). AMT is merely available on PCs that also offer vPro and is used for remote system maintenance.

PlayReady-2

There are means to put a laptop into "High Assurance Mode," which was apparently created by Intel for the NSA and locks down any avenue that might exist exploited to steal data. It's also sometimes possible to disable the IME, though this tin can too brick your system permanently.

One central problem is this: While some individuals might desire to buy laptops that they can lock down, these systems are going to be prevented from working properly with various services that employ DRM. Despite rumors that AMD might start shipping laptops with the ability to turn off their ARM-derived security processor, this seems similarly unlikely. AMD appears to utilise its own security chip for secure boot and DRM authentication the same way Intel does, which means any attempt to send these systems to consumers could create a bang-up deal of confusion. Virtually buyers care more about streaming 4K video than they exercise near buying a system that doesn't have a feature they've never even heard of. We have some questions into AMD nearly this, equally we're enlightened of some claiming this feature can be disabled in UEFI, but our current understanding is that it can't be — not without disabling some meaning Windows capabilities in the offset identify.

This state of affairs is evolving and could change in the future, just for now, no one seems to be making any plans to beginning aircraft Windows laptops publicly advertised equally not using IME or AMD'southward equivalent, the Platform Security Processor (PSP).