How to buy a Dell laptop with the Intel ME disabled from the factory (reddit.com)
134 points by imwally on Dec 2, 2017 | hide | past | web | favorite | 22 comments

Not sure if it still is, but it used to be possible to order OptiPlex machines (and others too, I assume) with the ME/AMT in various states, including completely disabled.

If you have an older OptiPlex, pull the side off and there will/might be a white sticker with a single digit number on it. The number refers to the state of the ME/AMT.

For example, I have an older OptiPlex 780 that has a "3" which means the ME/AMT is completely disabled. I've checked every way I know how and it isn't "visible" at all. Apparently the end user does have some limited ability to change the status, though.

I'll see if I can dig up the info on this.

Edit: Not really what I was looking for but here [0] is a thread on Dell's support forum that discusses this and how to change the state, etc., by accessing the MEBx on system start (by hitting CTRL-P).

[0]: http://en.community.dell.com/support-forums/desktop/f/3514/t...

It appears to be available on a few other models as well (searching 'site:dell.com "ME inoperable"' brings up service tags for a few non-rugged Latitudes and a couple of Optiplexes), despite it not being an option on their configurators.

I wonder if this means that it's also possible to disable ME on those machines after purchase (without triggering Boot Guard)?

Dell only offers a single download per firmware version per model (or group of models) to cover all configurations, so presumably it contains multiple images (i.e. AMT-enabled, AMT-disabled, ME-disabled), and the updater just uses ME status or DMI data to determine the correct one.

If that's the case, then surely it should be as simple as manually extracting and flashing the ME-disabled image, right? That's assuming it's actually included in the publicly available updaters, and that all of the images are signed with the same key, of course.

Nice. Now I'd love to see Lenovo offer Thinkpads with a factory disabled Intel ME.

While we're at it... maybe provide Linux (Ubuntu?) as the default operating system? If we're feeling really lucky we might do with asking them for the original Thinkpad keyboards back.

That would be a dream computer.

A short time before Lenovo wrote the first Retro blog posts, so in the beginning of 2015 I posted my dream laptop to Quora. https://www.quora.com/What-is-your-ThinkPad-dream-machine-sp...

The 25th Anniversary laptop got close but because it's T470 based so there's only a single, crippled Thunderbolt in there and it's slightly heavier.

It is that hard to install Ubuntu and dual boot? It's really handy to have that extra windows license from the factory

It’s about as easy to dual boot as it is to just run a popular distro. Wifi cards etc can still be a problem, regardless.

I’d rather not have anything to do with Windows, and would appreciate the gesture of a discount for the Windows license (and the money not going to MS).

I second not wanting any money going to microsoft. I'll take it a step further and say I don't want any microsoft code, branding, stickers, or keys at all no matter how "free" they are.

just kick $10 off my price tag and I'll be happy. If you just sell me an empty shell (no disk or ram) which I'll be over charged for I'll be even happier.

Interestingly lack of feature becoming the reason for the choice in this time.

It has been for quite a while: Try finding a phone without camera that you can take with you into a security sensitive area...

Anyone tested whether TurboBoost works with ME disabled?

So we know that there's a simple enough way to disable it.. for some..

as far as i know these are specific cpu orders from intel

This is pretty neat. Anyone know how well these run Arch Linux? I tried out a new Dell XPS, but it didn't handle Arch very well..

I have an XPS15 (9560) and it runs really well. The arch wiki has lots of information: https://wiki.archlinux.org/index.php/Dell_XPS_15_9560 You do have to tweak it a bit to make everything to work perfectly and get the power consumption down. Overall I'm quite impressed with the machine and the experience. I switched to Dell after having used a MacBook Pro for many years. The 4K screen is gorgeous, it's fast, it has 32gb of RAM and the build quality is good. The TouchPad is a tad bellow Apple level in terms of feel & precision though. One big benefit of Dell is that you can get proper, next day Support if something breaks (while with apple, you are supposed to drive your work machines to the Apple Store and then wait for a replacement).

I have the same machine, how much battery life do you get? 97wh batter.

The newest XPS13 handles Arch really well

I have a precision 5520, running arch, everything works flawlessly. Including the dock on the latest 1.5.0 UEFI firmware.

Does AMD have anything like this? Is the solution just buying AMD?

AMD's Platform Security Processor (PSP) is the equivalent. It's also present on all of its recent processors.


AMD's version is PSP (Platform Security Processor or something like that) -- an ARM core with TrustZone, running code they won't show you. That code has no publicly disclosed vulnerabilities, which means that it's at least as secure as the Intel ME was a few months ago...

