[coreboot] coreboot Digest, Vol 147, Issue 17
Igor Skochinsky
skochinsky at mail.ru
Thu May 11 21:54:58 CEST 2017
Hi Allen,
Thursday, May 11, 2017, 2:01:47 PM, you wrote:
AK> One thing I am still confused about is the relationship between
AK> Intel Boot Guard and the regions of flash. My understanding is
AK> that Boot Guard only applies to the legacy BIOS region of flash,
AK> not the ME/AMT region. Is that correct? So, if that is true,
AK> then is it possible to flash the ME/AMT region of flash with any
AK> ME code module that has been signed with the Intel signature?
Well, in theory BootGuard indeed only protects the BIOS boot block (ME has its
own protection via Intel-signed manifest), so changing ME region should not
affect it but apparently in practice it does lead to problems at least
on *some* platforms using BootGuard:
https://github.com/corna/me_cleaner/issues/6
--
WBR,
Igor mailto:roxfan at skynet.be
More information about the coreboot
mailing list