summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrancis Rowe <info@gluglug.org.uk>2015-07-28 07:42:57 (EDT)
committer Francis Rowe <info@gluglug.org.uk>2015-07-28 07:42:57 (EDT)
commita21049e02d7db9acc9c929cc17e50cb2c0e51353 (patch)
tree368c2fe200aa6b5926d81a8e44db5b72202fee5d
parent66cc4a917eeb021713dd3bb361fe44f1525eb3ce (diff)
downloadlibreboot.org-a21049e02d7db9acc9c929cc17e50cb2c0e51353.zip
libreboot.org-a21049e02d7db9acc9c929cc17e50cb2c0e51353.tar.gz
libreboot.org-a21049e02d7db9acc9c929cc17e50cb2c0e51353.tar.bz2
FAQ: more info about the Intel Management Engine
-rw-r--r--site/faq/index.php6
1 files changed, 5 insertions, 1 deletions
diff --git a/site/faq/index.php b/site/faq/index.php
index dc08b80..88e5e95 100644
--- a/site/faq/index.php
+++ b/site/faq/index.php
@@ -108,10 +108,14 @@
on <a href="http://rtos.com/products/threadx/ARC">ThreadX RTOS</a>, which is an embedded operating system
designed specifically for those chips. Manufacturers (not just Intel) can pay for a (proprietary) license
providing access to the source code, but they are not allowed to share it with anyone. In other words, even
- if Intel wanted to release the source code for this blob, they could not do so.
+ if Intel wanted to release the source code for this blob, they could not do so. Even if they did, the ME
+ firmware is cryptographically signed, where the signature is verified at boot time. If you try to use your own modified
+ version of the ME firmware, it will be rejected by the ARC processor and your system will not boot. In other words,
+ the ME firmware is <i>tivoized</i>.
</p>
<p>
The Management Engine is a giant backdoor, allowing full access to your entire system for malicious adversaries.
+ The libreboot project strongly recommends that you avoid it.
</p>
<h3>CPU microcode updates</h3>
<p>