[coreboot] coreboot Digest, Vol 147, Issue 17
Allen Krell
allen.krell at gmail.com
Thu May 11 14:01:47 CEST 2017
On Thu, May 11, 2017 at 5:00 AM, <coreboot-request at coreboot.org> wrote:
>
>
> Message: 2
> Date: Tue, 9 May 2017 17:26:18 -0400
> From: "Taiidan at gmx.com" <Taiidan at gmx.com>
> To: ron minnich <rminnich at gmail.com>, coreboot <coreboot at coreboot.org>
> Subject: Re: [coreboot] AMT bug
> Message-ID: <278e53ae-1788-4205-e51b-7f632faa6927 at gmx.com>
> Content-Type: text/plain; charset=windows-1252; format=flowed
>
> On 05/08/2017 12:40 AM, ron minnich wrote:
>
> > I thought the whole reflash path of AMT was to ask it to reflash itself.
> Is
> > that incorrect? If correct, and the AMT has been exploited via this path,
> > can we really trust any reflash operation? Any thoughts on this from
> anyone
> > who knows?
> Yeah its a request, that can be denied or stealth-denied so it can't be
> trusted.
> I had a BIOS update on an older intel board go wrong as I had set in the
> ME OPROM "Firmware Update" to "Deny" it would be very simple to mess
> with the ME region re-writer programmer to re-add a backdoor to every
> internal flashed image, and how many corps actually flash externally?
> (none I assume)
>
One thing I am still confused about is the relationship between Intel Boot
Guard and the regions of flash. My understanding is that Boot Guard only
applies to the legacy BIOS region of flash, not the ME/AMT region. Is that
correct? So, if that is true, then is it possible to flash the ME/AMT
region of flash with any ME code module that has been signed with the Intel
signature?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20170511/d7bb25e5/attachment.html>
More information about the coreboot
mailing list