On Wed, 29 Nov 2017 23:39:27 +0100 "Enrico Weigelt, metux IT consult" info@metux.net wrote:
Hi folks,
i'm curios whether Goryachy's JTAG hack is a chance for getting rid of all proprietary ME/UEFI firmware.
If i'm correct, the ME firmware (or parts of it) is signed, and the CPU won't run (or switches off) if signatures don't match.
Can the JTAG channel be used to get around that ?
We don't have enough information on that yet to understand if it's possible or not.
More precisely, I don't know: - If it's possible to halt the Management Engine (trough the JTAG) before it starts executing code, load code for it to execute, and make it execute that unsigned free software code that would initialize enough hardware to make the computer start. - Or if it's possible to halt the Management Engine and instead initialize that hardware trough the JTAG. - If it would be possible to use another computer and an USB3 controller that don't depend on non-free software to initialize a recent Intel system without depending on any non-free software. It would be nice to be able to use A Rockchip SBC with USB3, or an SBC with a free software bootloader and with a PCIe interface and a PCIe USB3 card to do that. If this is possible it would enable building a desktop or server computer that can start with free software. The SBC could also be used to run some tasks while the main computer is off, such as an IRC client or server software. However If getting JTAG trough DCI requires a skylake computer, then there is a chicken and egg problem...
Denis.