Enrico, Do you know what is an HSM and how public-key cryptography works? Sorry for the sarcasm, but I can assure you that no-one without VERY HIGH security clearances from Intel would ever approach at less than 1 yard from an Intel HSM containing ME signing keys.. So for the jtag acess..... Regards, Florentin
----- Mail d'origine ----- De: Enrico Weigelt, metux IT consult <[email protected]> À: Igor Skochinsky <[email protected]> Cc: coreboot <[email protected]>, Zoran Stojsavljevic <[email protected]> Envoyé: Thu, 30 Nov 2017 23:38:45 +0100 (CET) Objet: Re: [coreboot] Is Goryachy's JTAG hack a chance for free firmware ? On 30.11.2017 20:51, Igor Skochinsky wrote: > The private key does not exist anywhere in the firmware or in the chip, only > somewhere > in Intel's HSM (I assume). hmm, could there be an jtag access part to it ? > 1) factor the public key (RSA-1024) > 2) find a pair of keys where the pubkey hash matches one of those > accepted by the ME (the hash is SHA512 in the latest versions, was > SHA-1 before). maybe we should ask our friends @google, whether they could spend enough computing power to crack it ;-) --mtx -- Enrico Weigelt, metux IT consult Free software and Linux embedded engineering [email protected] -- +49-151-27565287 -- coreboot mailing list: [email protected] https://mail.coreboot.org/mailman/listinfo/coreboot -- coreboot mailing list: [email protected] https://mail.coreboot.org/mailman/listinfo/coreboot
