On 05/08/2017 12:40 AM, ron minnich wrote:
I thought the whole reflash path of AMT was to ask it to reflash itself. Is that incorrect? If correct, and the AMT has been exploited via this path, can we really trust any reflash operation? Any thoughts on this from anyone who knows?
Yeah its a request, that can be denied or stealth-denied so it can't be trusted. I had a BIOS update on an older intel board go wrong as I had set in the ME OPROM "Firmware Update" to "Deny" it would be very simple to mess with the ME region re-writer programmer to re-add a backdoor to every internal flashed image, and how many corps actually flash externally? (none I assume)
I was involved in some USG issues around the time of Y2K and at least one agency shredded every non-Y2K-compliant system they had. Would that make sense for systems with this AMT vulnerability? Just assume the worst and destroy them?
I guess you can always re-flash externally, I don't think even a nation state has figured out the magic to get a regular flash EEPROM to stealth-deny writes (have they? :0)
I am long past believing one can build secure platforms on any x86 chipset. This mess only strengthens that conviction. But there are some great RISC-V announcements this week!
What about pre-PSP AMD? as 95% of the way there - with POWER as 100% if you get a fully open source, blob free machine like the palmetto or with a little work the firestone.