<div dir="ltr"><span style="font-size:12.8px">> If i'm correct, the ME firmware (or parts of it) is signed, and</span><br style="font-size:12.8px"><span style="font-size:12.8px">> the CPU won't run (or switches off) if signatures don't match.</span><br style="font-size:12.8px"><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">I have no idea how it works for non INTEL architectures. I do know how it works for INTEL.</span></div><div>You can fully use UEFI BIOS without any signatures. With so-called slim TXE engine.</div><div><br></div><div>I used stitched BIOSes, with slim TXEs, and I freely walk Fedoras' distros HDDs around,</div><div>which were installed on one platform, but used on different ones.</div><div><br></div><div>To start using signatures, you should have full blown TXE, which is ~ 3MB of size. Even</div><div>in such a case, you do not need signatures, unless you really would like to start using</div><div>TXE extended capabilities.</div><div><br></div><div>For ME, you MUST have ME initialized. You must have MEI initialized (which is Virtual</div><div>PCIe on bridge 0, port 0, as I recall), so ME can allow BIOS to start. Once you pass this</div><div>phase, ME (as application) is not anymore required.</div><div><br></div><div>At least, it was like this till ATOM APL-I (former Broxton) and CORE Coffee Lake.</div><div><br></div><div>Zoran</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Nov 29, 2017 at 11:39 PM, Enrico Weigelt, metux IT consult <span dir="ltr"><<a href="mailto:info@metux.net" target="_blank">info@metux.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi folks,<br>
<br>
i'm curios whether Goryachy's JTAG hack is a chance for<br>
getting rid of all proprietary ME/UEFI firmware.<br>
<br>
If i'm correct, the ME firmware (or parts of it) is signed, and<br>
the CPU won't run (or switches off) if signatures don't match.<br>
<br>
Can the JTAG channel be used to get around that ?<br>
<br>
thx.<br>
<br>
--mtx<span class="HOEnZb"><font color="#888888"><br>
<br>
-- <br>
Enrico Weigelt, metux IT consult<br>
Free software and Linux embedded engineering<br>
<a href="mailto:info@metux.net" target="_blank">info@metux.net</a> -- <a href="tel:%2B49-151-27565287" value="+4915127565287" target="_blank">+49-151-27565287</a><br>
<br>
<br>
-- <br>
coreboot mailing list: <a href="mailto:coreboot@coreboot.org" target="_blank">coreboot@coreboot.org</a><br>
<a href="https://mail.coreboot.org/mailman/listinfo/coreboot" rel="noreferrer" target="_blank">https://mail.coreboot.org/mail<wbr>man/listinfo/coreboot</a><br>
</font></span></blockquote></div><br></div>