> Neither the ME or the PSP can ever be removed from their respective systems.
I already wrote extensively about this in the previous thread (I 1000% agree with you, Tim). But these people revealed the almost whole architecture how ME boots the modern INTEL platform, and, frankly, I never expected that this will be described very precisely, as they did. In other words, I never would have expected the description how BUP and stages work, and other details (what they wrote/investigated in that article) will ever see/emerge on the Day Light! :-) Zoran On Fri, Dec 8, 2017 at 2:59 PM, Timothy Pearson < [email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > That's just the HAP bit. The ME is limited but NOT disabled, and the > remaining stubs are still hackable [1]. > > Neither the ME or the PSP can ever be removed from their respective > systems. They can both be limited to some extent, but to call either of > them "disabled" is rather far from the truth. > > This all being said, it's great to see a light being shed on the ME. It > shows just how dangerous an embedded, mandatory core with signed > firmware can be. > > [1] https://twitter.com/rootkovska/status/938458875522666497 > > On 12/08/2017 07:51 AM, Zoran Stojsavljevic wrote: > > Disabling Intel ME 11 via undocumented mode > > http://blog.ptsecurity.com/2017/08/disabling-intel-me.html > > > > I just managed (few hours ago) to read this article (way after replying > > to previous thread about Dell HAP, I read only few intro paragraphs)... > > It is, after all, amazing how far these two people, *Mark Ermolov and > > Maxim Goryachy* progressed with ME debugging/cracking > > and understanding how ME is connected/related to the INTEL platforms' > > bring up! > > > > I just stumbled over it upon searching about ME, and I know what they > > did achieve previously. They achieved some > > steps forward... :-) > > > > I did not see that this article was published before on Coreboot (excuse > > me for my ignorance if I missed it), but it is worth > > reading, every word of it, especially the second part! > > > > What is described on the second part is way (much) more than I was > > willing to lament on (since in the lieu of the Legal > > issues). Especially on BringUP stages. Excellent read! > > > > Something is definitely changing in the Open Source World... And I say, > > I am very happy to read such articles! > > > > Man, there are very serious people out there trying to demystify secrets. > > > > I will read again this article later, very concentrated... Trying to put > > some more comprehensive picture in my mind. > > > > Thank you, all of you, Black Hat, Positive Technology, and others! > > > > Molodci, rebjata! > > > > Zoran > > > > > - -- > Timothy Pearson > Raptor Engineering > +1 (415) 727-8645 (direct line) > +1 (512) 690-0200 (switchboard) > https://www.raptorengineering.com > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEcBAEBAgAGBQJaKprdAAoJEK+E3vEXDOFbvZUH/0NN/gXYoyR3UIi/JWtZliYL > bo7UAdl7lzLHPzNcZLBeuoYFICl38qKStS/fOHtDj8kHqRzSrMsrWsp7o11K8JjL > vypOIhXnb+S+zBPI9e/ZLx6d9EKSV6KgWQJnVnzdh5ynNP+duR7Hbc322fu0qb/O > XbEyZwlwmMwT9+OJ6fRusyACMdf8RtOrgrg3lyJ4oW66s48RYr3UN+PLImwYH3fX > 2Kid5DxtqMQ2BR6cDHKnlGJuV+X83CTZempfgodJWSaQneg7tKqwCa39/Zv9FbC6 > RFQ4Z3gkGtXDl4Br2ovxHcuqUtMuuVUwYSoa31nilu0GJRVpA2mgjVMxVw7UGf0= > =AeQJ > -----END PGP SIGNATURE----- >
-- coreboot mailing list: [email protected] https://mail.coreboot.org/mailman/listinfo/coreboot
