[coreboot] Is Goryachy's JTAG hack a chance for free firmware ?
Zoran Stojsavljevic
zoran.stojsavljevic at gmail.com
Thu Nov 30 07:40:19 CET 2017
> If i'm correct, the ME firmware (or parts of it) is signed, and
> the CPU won't run (or switches off) if signatures don't match.
I have no idea how it works for non INTEL architectures. I do know how it
works for INTEL.
You can fully use UEFI BIOS without any signatures. With so-called slim TXE
engine.
I used stitched BIOSes, with slim TXEs, and I freely walk Fedoras' distros
HDDs around,
which were installed on one platform, but used on different ones.
To start using signatures, you should have full blown TXE, which is ~ 3MB
of size. Even
in such a case, you do not need signatures, unless you really would like to
start using
TXE extended capabilities.
For ME, you MUST have ME initialized. You must have MEI initialized (which
is Virtual
PCIe on bridge 0, port 0, as I recall), so ME can allow BIOS to start. Once
you pass this
phase, ME (as application) is not anymore required.
At least, it was like this till ATOM APL-I (former Broxton) and CORE
Coffee Lake.
Zoran
On Wed, Nov 29, 2017 at 11:39 PM, Enrico Weigelt, metux IT consult <
info at metux.net> wrote:
> Hi folks,
>
> i'm curios whether Goryachy's JTAG hack is a chance for
> getting rid of all proprietary ME/UEFI firmware.
>
> If i'm correct, the ME firmware (or parts of it) is signed, and
> the CPU won't run (or switches off) if signatures don't match.
>
> Can the JTAG channel be used to get around that ?
>
> thx.
>
> --mtx
>
> --
> Enrico Weigelt, metux IT consult
> Free software and Linux embedded engineering
> info at metux.net -- +49-151-27565287
>
>
> --
> coreboot mailing list: coreboot at coreboot.org
> https://mail.coreboot.org/mailman/listinfo/coreboot
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20171130/01866b06/attachment.html>
More information about the coreboot
mailing list