Although many popular PC and laptop manufacturers, including Acer, Panasonic, Lenovo, Fujitsu, HP and others are selling equipment with Intel ME enabled, so far, three hardware vendors have opted to disable the firmware.
These three vendors are Dell, System76 and a company called Purism. Of particular interest is the fact that Purism opted to disable the Management Engine almost a full month before Intel released any information about the security flaws in their technology. Apparently, someone else found a way to disable Intel ME, and the company decided to use it as a means of improving the privacy protections of its customers.
According to a recent blog post published by Purism:
“Disabling the Management Engine is no easy task, and it has taken security researchers years to find a way to properly and verifiably disable it. The Librem 13 and Librem 15 products can be purchased today and will arrive with the Management Engine disabled by default.”
The equipment manufacturers who are selling their wares with the Intel Management Engine enabled have all promised to patch the security flaws in a future update, but as of right now, none of those manufacturers have provided an ETA for when that might be.
In the meantime, if you’re looking to upgrade your equipment and you don’t want to expose yourself or your organization to unnecessary risk, buying from any of the three vendors mentioned above, Dell, System76 or Purism, is a smart choice. It gives your network security team one less thing to worry about, and that’s always a good thing.