On Tue, 5 Sep 2017 at 20:14:04 +0200
mdn <bernardlprf@???> wrote:
> Hello,
> To make some precisions:
> -The "High Assurance Platform" belongs to a trusted platform program
> linked to the U.S. National Security Agency (NSA). A graphics-rich
> presentation describing the program can be found here.
> http://fm.csl.sri.com/LAW/2009/dobry-law09-HAP-Challenges.pdf
It's available at the Internet Archive's Wayback machine:
https://web.archive.org/web/20121211162830/http://fm.csl.sri.com/LAW/2009/dobry-law09-HAP-Challenges.pdf
> note: the link is dead but I have a backup of the pdf.
> If someone needs it just ask.
>
> -More parts of the ME can be removed thanks to this discovery.
>
> -The removed part makes the ME go into "TemporaryDisable mode" which is
> undocumented, like a lot of of undocumented instructions
> https://github.com/xoreaxeaxeax/sandsifter/raw/master/references/domas_breaking_the_x86_isa_wp.pdf.
>
> -This "TemporaryDisable mode" allows the CPU to initialize without the
> ME activated.
>
> -This hack doesn't work on Apollo Lake platforms.
>
> So it doesn't remove the ME it "neutralises" it and for what remains we
> can only hope that nothing reinitialise it afterwards since the
> instruction is called Temporary Disable mode.
There are many things that can be removed, as stated in the same
provided URL:
Setting the HAP bit
The aforementioned facts help to reveal the second method of disabling Intel
ME:
1. Set the HAP bit.
2. In the CPD section of the FTPR, remove or damage all modules except
those required by BUP for startup:
RBE
KERNEL
SYSLIB
dBUP
3. Fix the checksum of the CPD header (for more details on the structure
of ME firmware, see this paper).
> Imo seeing the awful state of X86 platforms, POWER is our only hope to
> own what we buy.
Not the only one. We also have ARM from a number of producers and Chinese
and Russian RISC CPUS.
--
Alessandro Selli
http://alessandro.route-add.net
VOIP SIP: dhatarattha@???
Chiavi PGP/GPG keys: B7FD89FD, 4A904FD9