If i'm correct, the ME firmware (or parts of it) is signed, and the CPU won't run (or switches off) if signatures don't match.
I have no idea how it works for non INTEL architectures. I do know how it works for INTEL. You can fully use UEFI BIOS without any signatures. With so-called slim TXE engine.
I used stitched BIOSes, with slim TXEs, and I freely walk Fedoras' distros HDDs around, which were installed on one platform, but used on different ones.
To start using signatures, you should have full blown TXE, which is ~ 3MB of size. Even in such a case, you do not need signatures, unless you really would like to start using TXE extended capabilities.
For ME, you MUST have ME initialized. You must have MEI initialized (which is Virtual PCIe on bridge 0, port 0, as I recall), so ME can allow BIOS to start. Once you pass this phase, ME (as application) is not anymore required.
At least, it was like this till ATOM APL-I (former Broxton) and CORE Coffee Lake.
Zoran
On Wed, Nov 29, 2017 at 11:39 PM, Enrico Weigelt, metux IT consult < info@metux.net> wrote:
Hi folks,
i'm curios whether Goryachy's JTAG hack is a chance for getting rid of all proprietary ME/UEFI firmware.
If i'm correct, the ME firmware (or parts of it) is signed, and the CPU won't run (or switches off) if signatures don't match.
Can the JTAG channel be used to get around that ?
thx.
--mtx
-- Enrico Weigelt, metux IT consult Free software and Linux embedded engineering info@metux.net -- +49-151-27565287
-- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot