I know Intel didn’t want to open source the FSP, something about how it was by the IMM in servers. You are probably never going to be able to boot Intel CPUs without using IME, but I’m personally okay with the HAP disable.
There are just not a lot of options if you want to use Coreboot on modern hardware, I’m current using Dasharo, and I don’t know of any other option for current gen hardware.
I wouldn’t mind switching to AMD, but it would require that a company is willing to port Coreboot to the hardware.
I know Intel didn’t want to open source the FSP, something about how it was by the IMM in servers. You are probably never going to be able to boot Intel CPUs without using IME, but I’m personally okay with the HAP disable.
There are just not a lot of options if you want to use Coreboot on modern hardware, I’m current using Dasharo, and I don’t know of any other option for current gen hardware.
I wouldn’t mind switching to AMD, but it would require that a company is willing to port Coreboot to the hardware.
so … intel is preventing you from disabling IME …
They are preventing you from removing IME, they are not preventing you from disabling IME.
You can use HAP to disable IME, but you can’t use something like me_cleaner to clean or neuter IME.