This seems like something that MIGHT be helped, or at least encouraged, by the folks in the "Digital Right to Repair" movement. They are trying to produce a legal REQUIREMENT that companies release the information needed for outside entities to service their products to the same extent that an in-house entity would. I don't know that this would drill down far enough to require releasing signing keys, but one might be able to make a case for it.... If nothing else it would make it harder to block efforts to crack the signature...
ART Message: 6 Date: Sat, 6 Feb 2016 18:50:37 +1300 From: Koz Ross <[email protected]> To: Esteban Enrique <[email protected]> Cc: [email protected] Subject: Re: [libreplanet-discuss] Reverse Engineering Message-ID: <20160206185037.004919e6@Emi> Content-Type: text/plain; charset=US-ASCII -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 With respect to Libreboot, no amount of reverse engineering will help - the Intel ME is cryptographically signed, and no replacement we make will ever run, full stop, unless Intel gives us the signing keys. While I admire your desire to help, it's important to understand what *can* and *can't* be helped - and this particular thing *can't* be helped. ------------------ Arthur Torrey - <[email protected]> -------------------
