>About pgp keys,
It's not PGP that's used in any real sense. To paraphrase my understanding of
https://recon.cx/2014/slides/Recon%202014%20Skochinsky.pdf, each module is
hashed, with the hash stored next to it, and then the set of hashes is
RSA-signed and stored around the front of the line. The public key, as OnPon4
said, is baked into the ROM- there's no way to change it.
>If you could or if you had the public key, with some
>probability you would be able to reverse engineer the intel
>me software and install the reverse engineered version of
>the software?
If you had the private key, then it would be entirely possible to install the
reverse engineered software. However, no computationally feasible way of
doing that, besides leaking, is known- and finding any such technique would
be absolutely terrible, as it would render most forms of encryption
ineffective.
What looks promising is the bug the link you posted suggests might exist. If
that bug does exist, then it becomes possible to edit the hashes the ME
checks against AFTER they've been checked against the signed ones-
essentially, breaking the chain of authentication and letting us run whatever
we want.
