# modprobe mei_me
# modprobe mei_txe
# modprobe mei
# lsmod | grep mei
mei_me 36864 0
mei_txe 20480 0
mei 86016 2 mei_me,mei_txe
# python2 ./intel_sa00086.py
INTEL-SA-00086 Detection Tool
Copyright(C) 2017, Intel Corporation, All rights reserved
Application Version: 188.8.131.52
Scan date: 2017-11-23 20:37:48 GMT
*** Host Computer Information ***
Manufacturer: Apple Inc.
Processor Name: Intel(R) Core(TM) i5-3427U CPU @ 1.80GHz
*** Intel(R) ME Information ***
Engine: Intel(R) Management Engine
*** Risk Assessment ***
Based on the analysis performed by this tool: This system is not vulnerable.
When the HW dies, I'll most probably go for a Chromebook with Coreboot - and install Debian on it.
I've had it - enough with this idiocy from Intel and AMD ; if they can't see how these "signed black boxes" are harming them, they deserve what's coming (open, and powerful enough architectures - i.MX8, RISC-V, etc).
It's unclear to me whether or not Apple uses Intel firmware for the non AMT portions of ME. I will report back to you when I find out. However, the evidence I've seen so far isn't looking too good, and it definitely looks like the vast majority of macs made in the last 5 years are all vulnerable, many appearing to run outdated Intel firmware to boot -- not good for Apple.
The evidence can be seen here,
where some people run a python program to check the version of their ME firmware (which works and returns numbers completely consistent with Intel firmware numbering). I wonder if Apple just isn't aware of the hack yet?
I'd rather have a more thorough ME test than just AMT I could run though, coupled with a statement from Apple that ME is or will be entirely neutered on Macs in the future.