ME might affect many x86 installs, so instead of stopping the show just remove the interface, which reduces risks a little

src/freedombone-tests

@@ -1148,7 +1148,7 @@ fi
 
 test_app_functions
 test_unique_onion_ports
-check_for_AMT
+remove_management_engine_interface
 fix_stig
 test_stig
 

src/freedombone-utils-setup

@@ -371,11 +371,33 @@ function disable_nfs_insecure_locks {
     fi
 }
 
-function check_for_AMT {
+function remove_management_engine_interface {
-    pci_hardware=$(lspci)
+    # see https://www.kernel.org/doc/Documentation/misc-devices/mei/mei.txt
-    if [[ "$pci_hardware" == *"MEI"* || "$pci_hardware" == *"HECI"* ]]; then
+    # Disabling this interface doesn't cure the problems of ME, but it
-        echo $'Intel Active Management Technology (Management Engine) was detected. This is an active backdoor.'
+    # might stop an adversary in control of AMT from using the command
-        exit 782352
+    # interface to control the operating system.
+    if [ -f /dev/mei0 ]; then
+        rmmod mei_me
+        rmmod mei0
+    fi
+
+    blacklist_changed=
+    if [ ! -f /etc/modprobe.d/blacklist.conf ]; then
+        touch /etc/modprobe.d/blacklist.conf
+        blacklist_changed=1
+    fi
+    if ! grep -q "blacklist mei" /etc/modprobe.d/blacklist.conf; then
+        echo "blacklist mei" >> /etc/modprobe.d/blacklist.conf
+        blacklist_changed=1
+    fi
+    if ! grep -q "blacklist mei_me" /etc/modprobe.d/blacklist.conf; then
+        echo "blacklist mei_me" >> /etc/modprobe.d/blacklist.conf
+        blacklist_changed=1
+    fi
+
+    if [ $blacklist_changed ]; then
+        depmod -ae -E
+        update-initramfs -u
     fi
 }
 
@@ -609,8 +631,8 @@ function setup_utils {
     read_config_param "PROJECT_REPO"
     write_config_param "PROJECT_REPO" "$PROJECT_REPO"
 
-    function_check check_for_AMT
+    function_check remove_management_engine_interface
-    check_for_AMT
+    remove_management_engine_interface
 
     function_check separate_tmp_filesystem
     separate_tmp_filesystem 150