[kuschku]

I have no BIOS option at all for this, yet it’s enabled and provisioned. What do I do?

[lclarkmichalek]

Well, firstly, don't connect your machine to networks you don't trust the members of :)

If your machine's manufacturer still supports the device, check if they have any firmware updates available. Hopefully they will have recent updates that include a fix for the AMT authn issue.

If you want to disable it, Intel has provided a mitigation guide which has instructions on disabling LMS (which AMT is part of): https://downloadmirror.intel.com/26754/eng/Intel-SA-00075%20.... I've not had to follow it myself, good luck if you do :)

I'm just repeating stuff I've read from MJG, take a look at his FAQ around this issue: https://mjg59.dreamwidth.org/48429.html

[kuschku]

The machine is self-assembled, and the motherboard manufacturer doesn’t provide updates.

I don’t run windows, though.

> Well, firstly, don't connect your machine to networks you don't trust the members of :)

I’ve already had issues with the intel card, so I’m running on a RealTek ethernet card for now anyway. But that’s no long term solution.

[hsivonen]

Now I’m curious how a self-assembled computer got into the provisioned state.

[kuschku]

That’s an interesting question, isn’t it? Even more, how AMT was enabled in the first place, if the UEFI has no option for it.

And I’ve had massive issues with AMT before – for some reason, on Linux, the ME would force a reset of the network connection every 90 seconds (which is why I use an ancient realtek network card currently).

Possible explanations include bad defaults in the UEFI, a store sending me a used part instead of a new part, etc. If we go into conspiracy territory, NSA TAO interception would also be on the table. Very unlikely, though.