[ef4]

This is a strong contrast with my experience in trying to patch the vulnerability on an Asus desktop motherboard.

The process was so byzantine that I very much doubt more than a small fraction of home users would get through it, or even bother starting.

The correct steps were (1) flash a newer bios, (2) install the Intel ME driver for windows, (3) run the actual vulnerability patching tool. Discovering those steps required a bunch of trial and error and navigating Asus's really terrible website full of badly named downloads.

[flukus]

> This is a strong contrast with my experience in trying to patch the vulnerability on an Asus desktop motherboard.

This is why I don't buy "enterprise users" as a reason for having IME. I've never once worked in a company that patched firmware, even though they have specialists capable of it. They want the option to perform enterprise wide upgrades with ease but they aren't willing to pay the true cost of having this ability.

> Discovering those steps required a bunch of trial and error and navigating Asus's really terrible website full of badly named downloads.

Gets even worse when your international. Half the links will be to a US address that will then try to redirect you to a localized one which will then not have the resource you were looking for. Then you've got some really byzantine export restriction procedures and you have to create an account but it still probably won't work. I've had these issues with ordinary drivers too, it's the biggest reason I support the linux in kernel tree and no stable ABI model, it's better for users.

[mykull]

Removing ME [almost] entirely by editing the official bios image with me_cleaner.py and then updating the bios the normal way sounds like it is simpler, if you don't need the extra network-connected ME features there.

I'll admit I was a little afraid of bricking the PC, as with any kind of BIOS modification, but it worked like a charm.