AMT/ vpro is pre boot, pre-OS. The ports are documented, but when running a system in a non safe environment one would possibly want to unblock the needed ports and instead og blocking selectively non used ports? But that’s stuff I don’t know too much of.
AMT documentation:
https://software.intel.com/sites/managea…bilityports.htm
Otherwise it’s not just Intel ME with a lot of not known vulnerabilities, it’s about processor µcode and possibly some bios vulnerabilities, too.
Good luck!
If ME FW runs pre-boot, but it’s doing TCP-IP, then it needs a MAC address and an IP address.
Does the ME FW have its own unique MAC address (distinct from Win/Linux host)?
Does the ME FW have its own IP address (distinct from Win/Linux host)?
And if the mac address is shared, maybe the Win/Linux host can claim the same IP address and snatch the ports away from ME FW:
664
623
5900
16995
16994
16993
16992
Then the Win/Linux host might be able to obstruct communication to the ME FW by claiming those port with a dummy service. But that is post boot. Hmmm pre- boot needs to be blocked otherwise.
So does the ME FW share its MAC address with the host?
(Alt solution, only run WiFi.)