[coreboot] Is Goryachy's JTAG hack a chance for free firmware ?
Zoran Stojsavljevic
zoran.stojsavljevic at gmail.com
Fri Dec 1 04:15:01 CET 2017
> Can we completely replace UEFI w/o any signatures ?
You addressed the right crowd. Coreboot.
> And what about ME ? I've read that the cpu itself verifies the
> signature of ME firmware, so we cant completely replace it.
As I said/wrote, previously. And Igor confirms my thoughts:
IgorS>> Yes, unless your PC uses Boot Guard (so far it's been only enabled
in
IgorS>> a small percentage of enterprise laptops because it ties together
CPU and PCH -
IgorS>> you can't replace one without having to replace the other). Without
IgorS>> Boot Guard active, the CPU will execute whatever you place in the
flash, and it's
IgorS>> up to you whether to implement signing checks or not.
Thank you, Igor, for chime-in/participating! :-)
Zoran
_______
On Thu, Nov 30, 2017 at 6:54 PM, Enrico Weigelt, metux IT consult <
info at metux.net> wrote:
> On 30.11.2017 07:40, Zoran Stojsavljevic wrote:
>
> You can fully use UEFI BIOS without any signatures. With so-called slim
>> TXE engine.
>>
>
> Can we completely replace UEFI w/o any signatures ?
>
> And what about ME ? I've read that the cpu itself verifies the
> signature of ME firmware, so we cant completely replace it.
> If it would be possible to read out the privkey or burn in another
> one, that blockade would be fallen.
>
>
>
> --mtx
>
> --
> Enrico Weigelt, metux IT consult
> Free software and Linux embedded engineering
> info at metux.net -- +49-151-27565287
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20171201/fd884fe7/attachment.html>
More information about the coreboot
mailing list