It's well known fact that the Intel Management Engine can not be completely disabled. Its functionality can be greatly reduced using me_cleaner which utilizes various techniques including switching the ME "kill switch".
However, the Supermicro X9DRi-F BIOS contains ENABLE/DISABLE option for ME subsystem:
Motherboard manual says the following:
ME Subsystem
Select Enabled to support Intel Management Engine (ME) Subsystem, a small power
computer subsystem that performs various tasks in the background. The options
are Enabled and Disabled.
When ME Subsystem is enabled, the following items will display.
• ME BIOS Interface
• ME Version
When I compare the output of intelmetool -m
when the ME Subsystem
option in UEFI is Disabled
and when the same option is Enabled
, then the difference can be seen below:
$ diff -y --suppress-common-lines ~/ME_in_UEFI_disabled ~/ME_in_UEFI_enabled
ME Status 2 : 0x39006301 | ME Status 2 : 0xb9000301
ME: Progress Phase : Policy Module | ME: Progress Phase : Global reset after an error
ME: Progress Phase State : Entery into Policy Module | ME: Progress Phase State : Unknown 0x00
$
Firmware Init Complete
is YES
and Current Working State
is Normal
even when the ME Subsystem
option is set to Disabled
so based on this it looks that the ME
is not disabled.
What does the enable/disable ME subsystem option in Supermicro X9DRi-F motherboard BIOS do?
"It's well known fact that the Intel Management Engine can not be completely disabled" - as far as I know, it can be disabled by manufacturers at least. See this link about Dell's purchase option: systems with ME disabled could be bought from them: https://www.extremetech.com/computing/260219-dell-sells-pcs-without-intel-management-engine-tradeoffs
So what does this bios option do? It disables ME. There are obviously systems on the market that allow it. Try it out, disable it and see if ME vanishes from device manager.