[coreboot] AMT bug
Taiidan at gmx.com
Taiidan at gmx.com
Tue May 9 23:26:18 CEST 2017
On 05/08/2017 12:40 AM, ron minnich wrote:
> I thought the whole reflash path of AMT was to ask it to reflash itself. Is
> that incorrect? If correct, and the AMT has been exploited via this path,
> can we really trust any reflash operation? Any thoughts on this from anyone
> who knows?
Yeah its a request, that can be denied or stealth-denied so it can't be
trusted.
I had a BIOS update on an older intel board go wrong as I had set in the
ME OPROM "Firmware Update" to "Deny" it would be very simple to mess
with the ME region re-writer programmer to re-add a backdoor to every
internal flashed image, and how many corps actually flash externally?
(none I assume)
>
> I was involved in some USG issues around the time of Y2K and at least one
> agency shredded every non-Y2K-compliant system they had. Would that make
> sense for systems with this AMT vulnerability? Just assume the worst and
> destroy them?
I guess you can always re-flash externally, I don't think even a nation
state has figured out the magic to get a regular flash EEPROM to
stealth-deny writes (have they? :0)
>
> I am long past believing one can build secure platforms on any x86 chipset.
> This mess only strengthens that conviction. But there are some great RISC-V
> announcements this week!
What about pre-PSP AMD? as 95% of the way there - with POWER as 100% if
you get a fully open source, blob free machine like the palmetto or with
a little work the firestone.
More information about the coreboot
mailing list