On Wed, 29 Nov 2017 23:39:27 +0100
"Enrico Weigelt, metux IT consult" wrote:
> Hi folks,
>
> i'm curios whether Goryachy's JTAG hack is a chance for
> getting rid of all proprietary ME/UEFI firmware.
>
> If i'm correct, the ME firmware (or parts of it) is signed, and
> the CPU
> Can we completely replace UEFI w/o any signatures ?
You addressed the right crowd. Coreboot.
> And what about ME ? I've read that the cpu itself verifies the
> signature of ME firmware, so we cant completely replace it.
As I said/wrote, previously. And Igor confirms my thoughts:
IgorS>> Yes,
On 30.11.2017 20:51, Igor Skochinsky wrote:
The private key does not exist anywhere in the firmware or in the chip, only
somewhere
in Intel's HSM (I assume).
hmm, could there be an jtag access part to it ?
1) factor the public key (RSA-1024)
2) find a pair of keys where the pubkey hash
Hello Enrico,
Thursday, November 30, 2017, 6:54:50 PM, you wrote:
EWmIc> Can we completely replace UEFI w/o any signatures ?
Yes, unless your PC uses Boot Guard (so far it's been only enabled in
a small percentage of enterprise laptops because it ties together CPU and PCH -
you can't replace
On 30.11.2017 10:44, taii...@gmx.com wrote:
It doesn't matter - Intel will simply fix this exploit leaving you back
where you started and in the end you would still be supporting them
monetary to make bigger and better methods of anti-feature
technology...there also isn't any way to be sure
On 30.11.2017 07:40, Zoran Stojsavljevic wrote:
You can fully use UEFI BIOS without any signatures. With so-called slim
TXE engine.
Can we completely replace UEFI w/o any signatures ?
And what about ME ? I've read that the cpu itself verifies the
signature of ME firmware, so we cant
> I believe some day soon we will see a POWER laptop, even 5 years ago
people would say that something like TALOS 2 couldn't be done and look
where we are now!
As my best understanding is, POWER is done by IBM (if I am not mistaken),
and as I also know IBM got rid
of their fabs long time ago.
It doesn't matter - Intel will simply fix this exploit leaving you back
where you started and in the end you would still be supporting them
monetary to make bigger and better methods of anti-feature
technology...there also isn't any way to be sure that the hypothetical
ME uber-rootkit isn't
> If i'm correct, the ME firmware (or parts of it) is signed, and
> the CPU won't run (or switches off) if signatures don't match.
I have no idea how it works for non INTEL architectures. I do know how it
works for INTEL.
You can fully use UEFI BIOS without any signatures. With so-called slim TXE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- From a technical perspective I'm not sure. From a legal perspective
this sounds a lot like a "modchip" and may land people in a world of
legal trouble if used.
On 11/29/2017 04:39 PM, Enrico Weigelt, metux IT consult wrote:
> Hi folks,
>
> i'm
Hi folks,
i'm curios whether Goryachy's JTAG hack is a chance for
getting rid of all proprietary ME/UEFI firmware.
If i'm correct, the ME firmware (or parts of it) is signed, and
the CPU won't run (or switches off) if signatures don't match.
Can the JTAG channel be used to get around that ?
11 matches
Mail list logo