Re: getting rid of ME on modern CPUs (Re: [qubes-users] QSB #46: APT update mechanism vulnerability)
Like I said, we need to reverse engineer. On Mon, 28 Jan 2019 17:56:17 + Holger Levsen wrote: >On Mon, Jan 28, 2019 at 11:46:55AM -0600, Stuart Perkins wrote: >> Up to a certain manufacture, you can go to coreboot and lose the ME >> entirely. After that point, setting the HAP bit may be your best option. >> We need someone to to reverse engineer the ME and implement enough of it in >> coreboot to take over so the newer ones will run. > >thats not enough. on modern intel cpus there's boot-guard which will >prevent booting with coreboot unless it's signed with a secret intel >key. > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190129071645.629953f1%40gmail.com. For more options, visit https://groups.google.com/d/optout. pgpW4tGXCZNTw.pgp Description: OpenPGP digital signature
getting rid of ME on modern CPUs (Re: [qubes-users] QSB #46: APT update mechanism vulnerability)
On Mon, Jan 28, 2019 at 11:46:55AM -0600, Stuart Perkins wrote: > Up to a certain manufacture, you can go to coreboot and lose the ME entirely. > After that point, setting the HAP bit may be your best option. We need > someone to to reverse engineer the ME and implement enough of it in coreboot > to take over so the newer ones will run. thats not enough. on modern intel cpus there's boot-guard which will prevent booting with coreboot unless it's signed with a secret intel key. -- tschüß, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190128175617.bclbga5ojb6i6feh%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature