Intel Vpro caution

[surferby]

As some processors of Intel provides Vpro which enables remote provisioning, what does that mean for a home user? Can that capability, which is fruitful for corporate networks, make end home user vulnerable? I mean can a person from the ISP or a middle man who compromised the ISP, remote provision home user's pc using Vpro's remote provisioning capabilities without the consent of home users with vpro processors?

The point is, what an end user can do to keep such unauthorized usage of the processors Vpro capabilities?


If it happens, will there be any noticeable sign which will tell the home users about any unauthorized remote provisioning?

Your inputs are very much welcomed.

 

[GhislainG]

To start with, the motherboard has to support Vpro; I own only one motherboard that was bought specifically becasue it supports that feature. Vpro also has to be enabled, configured, etc. The main purpose of Vpro is increased security; not to decrease it. What CPU and motherboard supporting Vpro do you own?

 

[surferby]

Thank you very much for that input. Here are the hardwares -

http://ark.intel.com/products/80815/Intel-Core-i5-4590-Processor-6M-Cache-up-to-3_70-GHz
http://www.msi.com/product/mb/B85M-GAMING.html


What role AMT plays here? Do theses values give any meaningful insight?-

[Bios shows no option to enter Intel Vpro MEBx or ME. Only ME version number is available]

On windows 7 "Intel management and Security Status" gives information like -


Item Value

ME Control Mode Not Provisioned

Provisioning Mode Pre Provisioning
BIOS boot NA
Last ME reset reason Power Up
Local FWUpdate NA
Power Policy Desktop: ON in S0, ME Wake in S3, S4-5
Cryptography Support NA



[FW Capabilities]

Item Value
Intel(R) Small Business Technology Enabled

Intel(R) Anti-Theft Technology PC Protection Enabled
Intel(R) Capability Licensing Service Enabled
Intel(R) Dynamic Application Loader Enabled

Protect Audio Video Path Enabled



[Intel(R) Small Business Technology]

Item Value
Intel(R) SBT State Enabled
Intel(R) SBT Status Not Configured

[Intel(R) Anti-Theft Technology PC Protection]

Item Value
Intel(R) AT State Enabled
Intel(R) AT Status NA

Item Value
MEBx Version NA
FW Version 9.0.30.1482 LMS Version 9.0.0.1323
MEI Driver Version 9.0.0.1287
SOL Driver Version NA
SOL DeviceID NA

 

[GhislainG]

You need a motherboard that supports Vpro; B85 is a budget chipset that doesn't support it. If you want Vpro, then you have to buy a Q87 motherboard, e.g., http://www.msi.com/product/mb/CSMQ87ME43.html#hero-overview Since you seem leary of Vpro, why would you now want it?

 

[surferby]

I do not want Vpro. But I have mistakenly bought a Vpro processor, which had no sign printed on the packaging stating that it includes Vpro. I am curious about how that may affect the system now. It seems that the incompatible motherboard saved the day.

I hope incompatible motherboard helps in such situations too! Researchers hack into Intel's vPro

Anything else enlightening regarding this will be appreciated. I thank you for your input. That helped.

 

[GhislainG]

Believe me that 6 years later Vpro has changed significantly. It won't work unless you enable it and configure it in the BIOS. Same with the equivalent solution provided by AMD.

 

[surferby]

Thank you GhislainG for you replies.