Hi folks,
i'm curios whether Goryachy's JTAG hack is a chance for getting rid of all proprietary ME/UEFI firmware.
If i'm correct, the ME firmware (or parts of it) is signed, and the CPU won't run (or switches off) if signatures don't match.
Can the JTAG channel be used to get around that ?
thx.
--mtx
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- From a technical perspective I'm not sure. From a legal perspective this sounds a lot like a "modchip" and may land people in a world of legal trouble if used.
On 11/29/2017 04:39 PM, Enrico Weigelt, metux IT consult wrote:
Hi folks,
i'm curios whether Goryachy's JTAG hack is a chance for getting rid of all proprietary ME/UEFI firmware.
If i'm correct, the ME firmware (or parts of it) is signed, and the CPU won't run (or switches off) if signatures don't match.
Can the JTAG channel be used to get around that ?
thx.
--mtx
- -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 (direct line) +1 (512) 690-0200 (switchboard) https://www.raptorengineering.com
If i'm correct, the ME firmware (or parts of it) is signed, and the CPU won't run (or switches off) if signatures don't match.
I have no idea how it works for non INTEL architectures. I do know how it works for INTEL. You can fully use UEFI BIOS without any signatures. With so-called slim TXE engine.
I used stitched BIOSes, with slim TXEs, and I freely walk Fedoras' distros HDDs around, which were installed on one platform, but used on different ones.
To start using signatures, you should have full blown TXE, which is ~ 3MB of size. Even in such a case, you do not need signatures, unless you really would like to start using TXE extended capabilities.
For ME, you MUST have ME initialized. You must have MEI initialized (which is Virtual PCIe on bridge 0, port 0, as I recall), so ME can allow BIOS to start. Once you pass this phase, ME (as application) is not anymore required.
At least, it was like this till ATOM APL-I (former Broxton) and CORE Coffee Lake.
Zoran
On Wed, Nov 29, 2017 at 11:39 PM, Enrico Weigelt, metux IT consult < info@metux.net> wrote:
Hi folks,
i'm curios whether Goryachy's JTAG hack is a chance for getting rid of all proprietary ME/UEFI firmware.
If i'm correct, the ME firmware (or parts of it) is signed, and the CPU won't run (or switches off) if signatures don't match.
Can the JTAG channel be used to get around that ?
thx.
--mtx
-- Enrico Weigelt, metux IT consult Free software and Linux embedded engineering info@metux.net -- +49-151-27565287
-- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
It doesn't matter - Intel will simply fix this exploit leaving you back where you started and in the end you would still be supporting them monetary to make bigger and better methods of anti-feature technology...there also isn't any way to be sure that the hypothetical ME uber-rootkit isn't simply placating you (ie: a faux shell) and is still spying on you without you noticing.
The future is not x86-64, think 10 years ago when everyone said there would never be any games for linux - now there are many native non-emulated AAA games available.
I believe some day soon we will see a POWER laptop, even 5 years ago people would say that something like TALOS 2 couldn't be done and look where we are now! (Let us hope those with the funds and need for that level of performance will get one instead of an x86-64 system) If enough people have POWER systems the market will emerge for a mobile workstation to support development operations.
I believe some day soon we will see a POWER laptop, even 5 years ago
people would say that something like TALOS 2 couldn't be done and look where we are now!
As my best understanding is, POWER is done by IBM (if I am not mistaken), and as I also know IBM got rid of their fabs long time ago. Because of that, POWER costs 10x more than comparable INTEL, since INTEL has their own, very expensive fabs with advanced technology. And... INTEL has many many customers around.
This is the obstacle which, these days, is gating POWER to get to the real numbers.
This, what you write, Taiidan, could very well happen if INTEL fails to deliver 10nm, in the terms of yield %. If TSMC and Samsung will take over the EUV lithography leading edge, it could happen... So far, it is happening!
I cheer for/look forward to it, to affordable POWER laptop! :-)
Zoran _______
On Thu, Nov 30, 2017 at 10:44 AM, Taiidan@gmx.com Taiidan@gmx.com wrote:
It doesn't matter - Intel will simply fix this exploit leaving you back where you started and in the end you would still be supporting them monetary to make bigger and better methods of anti-feature technology...there also isn't any way to be sure that the hypothetical ME uber-rootkit isn't simply placating you (ie: a faux shell) and is still spying on you without you noticing.
The future is not x86-64, think 10 years ago when everyone said there would never be any games for linux - now there are many native non-emulated AAA games available.
I believe some day soon we will see a POWER laptop, even 5 years ago people would say that something like TALOS 2 couldn't be done and look where we are now! (Let us hope those with the funds and need for that level of performance will get one instead of an x86-64 system) If enough people have POWER systems the market will emerge for a mobile workstation to support development operations.
-- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
On 30.11.2017 10:44, Taiidan@gmx.com wrote:
It doesn't matter - Intel will simply fix this exploit leaving you back where you started and in the end you would still be supporting them monetary to make bigger and better methods of anti-feature technology...there also isn't any way to be sure that the hypothetical ME uber-rootkit isn't simply placating you (ie: a faux shell) and is still spying on you without you noticing.
In the long run, you're correct. We'll have to move to different architectures anyways. I've got good experience w/ ARMs and I'm currently trying to bring people together to build hi performance ARM cluster boards (kind of single board mainframe).
--mtx
On Wed, 29 Nov 2017 23:39:27 +0100 "Enrico Weigelt, metux IT consult" info@metux.net wrote:
Hi folks,
i'm curios whether Goryachy's JTAG hack is a chance for getting rid of all proprietary ME/UEFI firmware.
If i'm correct, the ME firmware (or parts of it) is signed, and the CPU won't run (or switches off) if signatures don't match.
Can the JTAG channel be used to get around that ?
We don't have enough information on that yet to understand if it's possible or not.
More precisely, I don't know: - If it's possible to halt the Management Engine (trough the JTAG) before it starts executing code, load code for it to execute, and make it execute that unsigned free software code that would initialize enough hardware to make the computer start. - Or if it's possible to halt the Management Engine and instead initialize that hardware trough the JTAG. - If it would be possible to use another computer and an USB3 controller that don't depend on non-free software to initialize a recent Intel system without depending on any non-free software. It would be nice to be able to use A Rockchip SBC with USB3, or an SBC with a free software bootloader and with a PCIe interface and a PCIe USB3 card to do that. If this is possible it would enable building a desktop or server computer that can start with free software. The SBC could also be used to run some tasks while the main computer is off, such as an IRC client or server software. However If getting JTAG trough DCI requires a skylake computer, then there is a chicken and egg problem...
Denis.
-
Denis 'GNUtoo' Carikli -
Enrico Weigelt, metux IT consult -
Taiidan@gmx.com -
Timothy Pearson -
Zoran Stojsavljevic