On Wed, Nov 30, 2016 at 01:59:26PM -0800, Eric Shelton wrote: > [...] > - Suggested that the same technique works for Skylake (and I assume > Haswell).
It works for Skylake without Bootguard, such as the Chell Chromebook. I haven't tested on other systems. Based on conversations I've had with the various engineers, the ME BUP phase is supposed to communicate the Bootguard profile bits and hash to the CPU microcode prior to starting the ACM. This would indicate that bootguard would still prevent free firmware from being installed, even if the ME ROM is greatly reduced. > [...] > Anyone know if more recent CPU generations, like Haswell or Skylake, have > an in-CPU ME ROM that still allows ME to have significant functionality > even if the BIOS is neutralized? It's not clear how large the on-die ROM image is. My guess is not large at all, since they do not fall-back to using it if the entire ME region of the flash chip is erased. -- Trammell -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20161130222552.GV12784%40chishio.swcp.com. For more options, visit https://groups.google.com/d/optout.
