The fact that the ME is required to boot the computer depends on the
generation of the intel platforms.
On older platform such as GM45/GS45 it's not.
On some more recent platform it is. Code has to run and initialize things
that are required to permit code execution on the main CPU (I don't remember
exactly what, probably clock lines).
The issue is that the ME firmware is signed on most laptops.
It's totally unknown if it's signed on the puri.sm laptops.
Some early silicon revision (I don't remember on which generation) have the
ability of having the bootrom replaced by a flash chip, making it possible to
bypass the signature check.
Having the ME chip disable is good, but not good enough for me to actually
use a computer with such chip as my main computer.
Without free software running on it, we won't have good documentation of what
that chip is actually capable of.
Most of us probably know the dangers of such chips when running proprietary
software, but do we know its dangers when it's supposedly off? Hard to say
without documentation.
-> As far as I know, the ARC architecture (which used in older ME) permits
defining your instructions, I've no idea if that's permanent or if it permits
to override instructions.
-> Part of the code running on the ME is in rom, and it cannot easily be
dumped.
So, is the ME bootrom responsible for powering itself off when reading some
flash descriptor bits? If so can the modification of instructions be enough
to have persistent code execution even when no firmware is given to that ME?
What else would that ME be capable of?
Having a free firmware would also permit us to run 100% free sofware on more
recent computers.
Given the amount of RAM that is reserved to the ME, having GNU/Linux on it
would make sense. That can probably result in some creatives uses of it.
According to some blog posts, there are actually people using AMT under
GNU/Linux volountarly, because of the out of band features it offers.
I wound't use that but that could still be useful, for instance, to create a
test farm for coreboot/libreboot. I don't have other ideas (yet) to use it.
Denis.
