On Mon, Jan 16, 2017 at 04:40:33PM +0100, Denis 'GNUtoo' Carikli wrote:
[...] As I understand from the slides DCI can be activated trough:
- The flash descriptor
- UEFI
- The P2SB register
Aren't there two different things being discussed here? There is DCI, which requires BIOS or firmware support, and SVT, which works even if if DCI is disabled and the system is powered down. According to Intel's site:
https://designintools.intel.com/product_p/itpxdpsvt.htm
The [SVT] tool enables closed-chassis use-cases where USB3-hosted DCI is limited, intermittent, or unavailable and includes initial cold boot, suspend-state operation and survival, Reset-flows, and USB3 or IOSF path failures.
During the 33c3 talk, the presenters mentioned that SVT provides its own power to the chipset and the protocol is undocumented (but perhaps could be reverse engineered).
[...] It might also be possible to run coreboot on laptops with bootguard: Some programable[1] USB3 device controller exist, if a tiny enough USB key can be made, it might be possible to bypass bootguard this way. Users doing that would then be able to use coreboot on more recent computers.
This is an interesting idea. If you can enable debugging during the BIOS or Startup ACM execution, an external device should be able to change the code execution path. I'm doubtful DCI will make it possible, however, since it seems that enabling DCI is something the firmware sets up after the ACM has run. SVT on the other hand...