The management engine is the little computer that is used to get the big computer running.
Back when I was a kid, after hiking to school in 4 feet of snow uphill with no shoes, if I were building a PC or adding a new card, I would spend a bunch of time flipping little DIP switches to set things like addresses and assign IRQs. I'd reboot and my Gravis Gamepad controller would work, but the SoundBlaster wouldn't. So I'd power down, flip some switches and try again until I could get everything working.
Those switches went away, but the underlying issues remained. The new method was some firmware that did a bunch of pre-boot configuration. That was refined over the years and now today there's an entire computer running it's own OS that manages all this stuff. It works amazingly well.
However, once the machine is up and running, most people (especially consumers) have no need for it after that. It would be nice if it just powered down and waited for the next reboot. However, a little hidden computer was too useful to be ignored and it's used for a bunch of things including DRM (it can have secure-enclave-like functionality) and remote management. I'm not sure we have an exhaustive list of what it can do.
> Those switches went away, but the underlying issues remained. The new method was some firmware that did a bunch of pre-boot configuration. That was refined over the years and now today there's an entire computer running it's own OS that manages all this stuff.
I'm really impressed about how people manage to self-convince themselves so much about something they don't know about to the point they can explain their imaginary tech stack with such aplomb.
The ME is not needed to do PnP conf (or whatever it has been renamed too those days), and to the best of my knowledge is not used to do that and has never been.
ACPI/EFI & their friend are sufficiently hosted on the CPU, and can run platform code at so called negative privilege level at runtime. I expect those computers with ME disabled to run as well as if ME would not have been disabled, including if you add or remove an extension card.
However you are right about remote management (that's the main advertised application of ME) and probably DRM stuff.
So, as I understand it, the first the ME does on boot is run a module that configures everything. It's called the bring-up (or BUP) engine. I thought that it was doing IRQ and other conflict resolution.
With due respect, I think the parent conflates the Management Engine with something else. It does not replace the BIOS, to which UEFI adds many features, or dip switches. See this post for a description:
If you really want to learn about it, save your time and go to the source:
Platform Embedded Security Technology Revealed: Safeguarding the Future of Computing with Intel Embedded Security and Management Engine by Xiaoyu Ruan, a security researcher with the Platform Engineering Group at Intel
Back when I was a kid, after hiking to school in 4 feet of snow uphill with no shoes, if I were building a PC or adding a new card, I would spend a bunch of time flipping little DIP switches to set things like addresses and assign IRQs. I'd reboot and my Gravis Gamepad controller would work, but the SoundBlaster wouldn't. So I'd power down, flip some switches and try again until I could get everything working.
Those switches went away, but the underlying issues remained. The new method was some firmware that did a bunch of pre-boot configuration. That was refined over the years and now today there's an entire computer running it's own OS that manages all this stuff. It works amazingly well.
However, once the machine is up and running, most people (especially consumers) have no need for it after that. It would be nice if it just powered down and waited for the next reboot. However, a little hidden computer was too useful to be ignored and it's used for a bunch of things including DRM (it can have secure-enclave-like functionality) and remote management. I'm not sure we have an exhaustive list of what it can do.