06-04-2018 06:07 PM - edited 06-04-2018 06:13 PM
In light of Spectre, Meltdown, and just other exploits out there I'd like to know if there's a way to permanently disable Remote Management on the P71, this will be a personal workstation machine anyways, so no need for Intel AMT or ME or Vpro either way.
I saw that someone on reddit had posted this article regarding the concern over the topic and how other vendors are offering solutions to permanetly disable remote management since it seems rather insecure:
Can anyone verify if there is a viable solution from Lenovo or otherwise for this on the Thinkpad P71?
06-16-2018 07:30 AM - edited 06-16-2018 07:36 AM
Are you sure this setting is in the P71 BIOS? I had a friend check his P71 with the latest update and he didn't see an option to disable AMT/ME.
06-16-2018 03:33 PM
Have a look at the P71 FRU listing: https://download.lenovo.com/parts/ThinkPad/p71_frubom_20170830.pdf
The PLANARS section shows several system boards (i7-7700HQ models) that don't appear to be AMT-equipped at all. Could your friend have such a (non-)equipped machine?
06-17-2018 11:31 AM
Hey there, he has an e1505, but I don't have other details regarding his board, so we don't know.
At this point, I'll probably wait for the P72 and hopefully Lenovo will have an option to order one without Intel AMT/ME, though useful in a corporate deployment environment, it's not needed for a personal machine and poses as a security risk for an individual workstation.