Re: [coreboot] Intel ME The Way of the Static Analysis

List overview All Threads
Download

newer

older

Re: [coreboot] Will we maintain...

Re: [coreboot] How can improve...

Denis 'GNUtoo' Carikli

2 May 2017 2 May '17

2:13 a.m.

On Tue, 25 Apr 2017 22:38:15 +0800 Shawn citypw@gmail.com wrote:

...

slide: https://www.troopers.de/downloads/troopers17/TR17_ME11_Static.pdf

video: https://www.youtube.com/watch?v=2_aokrfcoUk

Thanks a lot! This is very interesting.

I probably missed something about the ROM bypass: Since you have flash images with ROM Bypass in use, what would prevent someone from: - Finding and buying hardware with ROM bypass enabled. Are there any business or consumers laptops/desktops/workstation with such feature? - Writing your own code in the ROM ME partition and executing it.

Denis.

Attachments:

attachment.sig (application/pgp-signature — 833 bytes)

Show replies by date

Timothy Pearson

4 May 4 May

11:03 p.m.

New subject: Intel ME The Way of the Static Analysis

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On 05/01/2017 07:13 PM, Denis 'GNUtoo' Carikli wrote:

...

On Tue, 25 Apr 2017 22:38:15 +0800 Shawn citypw@gmail.com wrote:

...
slide: https://www.troopers.de/downloads/troopers17/TR17_ME11_Static.pdf

video: https://www.youtube.com/watch?v=2_aokrfcoUk

Thanks a lot! This is very interesting.

I probably missed something about the ROM bypass: Since you have flash images with ROM Bypass in use, what would prevent someone from:

Finding and buying hardware with ROM bypass enabled. Are there any business or consumers laptops/desktops/workstation with such feature?

Writing your own code in the ROM ME partition and executing it.

Denis.

I would expect the signature checks by the hardware would stop execution of unsigned ROM ME code.

- -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 (direct line) +1 (512) 690-0200 (switchboard) https://www.raptorengineering.com

...PGP SIGNATURE...

Igor Skochinsky

6 May 6 May

12:56 p.m.

New subject: Intel ME The Way of the Static Analysis

Hello Denis,

Tuesday, May 2, 2017, 2:13:13 AM, you wrote:

DGC> On Tue, 25 Apr 2017 22:38:15 +0800 DGC> Shawn citypw@gmail.com wrote:

...

...
slide: https://www.troopers.de/downloads/troopers17/TR17_ME11_Static.pdf

video: https://www.youtube.com/watch?v=2_aokrfcoUk

DGC> Thanks a lot! This is very interesting.

DGC> I probably missed something about the ROM bypass: Since you have flash DGC> images with ROM Bypass in use, what would prevent someone from: DGC> - Finding and buying hardware with ROM bypass enabled. Are there any DGC> business or consumers laptops/desktops/workstation with such feature? DGC> - Writing your own code in the ROM ME partition and executing it.

ROM Bypass only works on pre-production hardware (e.g. reference boards used for initial development). On production hw it's ignored and mask ROM is always used.

-- WBR, Igor mailto:roxfan@skynet.be

Taiidan＠gmx.com

9 May 9 May

11:16 p.m.

New subject: Intel ME The Way of the Static Analysis

...

ROM Bypass only works on pre-production hardware (e.g. reference boards used for initial development). On production hw it's ignored and mask ROM is always used.

Is it possible to buy a reference board if you aren't an OEM?

2754

days inactive

2761

days old

coreboot@coreboot.org

3 comments

4 participants

tags (0)

participants (4)

Denis 'GNUtoo' Carikli
Igor Skochinsky
Taiidan＠gmx.com
Timothy Pearson