On Mon, Jan 28, 2019 at 11:46:55AM -0600, Stuart Perkins wrote: > Up to a certain manufacture, you can go to coreboot and lose the ME entirely. > After that point, setting the HAP bit may be your best option. We need > someone to to reverse engineer the ME and implement enough of it in coreboot > to take over so the newer ones will run.
thats not enough. on modern intel cpus there's boot-guard which will prevent booting with coreboot unless it's signed with a secret intel key. -- tschüß, Holger ------------------------------------------------------------------------------- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190128175617.bclbga5ojb6i6feh%40layer-acht.org. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: PGP signature