From a21049e02d7db9acc9c929cc17e50cb2c0e51353 Mon Sep 17 00:00:00 2001
From: Francis Rowe <info@gluglug.org.uk>
Date: Tue, 28 Jul 2015 07:42:57 -0400
Subject: FAQ: more info about the Intel Management Engine

---
(limited to 'site/faq/index.php')

diff --git a/site/faq/index.php b/site/faq/index.php
index dc08b80..88e5e95 100644
--- a/site/faq/index.php
+++ b/site/faq/index.php
@@ -108,10 +108,14 @@
 						on <a href="http://rtos.com/products/threadx/ARC">ThreadX RTOS</a>, which is an embedded operating system
 						designed specifically for those chips. Manufacturers (not just Intel) can pay for a (proprietary) license
 						providing access to the source code, but they are not allowed to share it with anyone. In other words, even
-						if Intel wanted to release the source code for this blob, they could not do so.
+						if Intel wanted to release the source code for this blob, they could not do so. Even if they did, the ME
+						firmware is cryptographically signed, where the signature is verified at boot time. If you try to use your own modified
+						version of the ME firmware, it will be rejected by the ARC processor and your system will not boot. In other words,
+						the ME firmware is <i>tivoized</i>.
 					</p>
 					<p>
 						The Management Engine is a giant backdoor, allowing full access to your entire system for malicious adversaries.
+						The libreboot project strongly recommends that you avoid it.
 					</p>
 				<h3>CPU microcode updates</h3>
 					<p>
--
cgit v0.9.1