summaryrefslogtreecommitdiffstats
path: root/site
diff options
context:
space:
mode:
Diffstat (limited to 'site')
-rw-r--r--site/faq/index.php6
1 files changed, 5 insertions, 1 deletions
diff --git a/site/faq/index.php b/site/faq/index.php
index dc08b80..88e5e95 100644
--- a/site/faq/index.php
+++ b/site/faq/index.php
@@ -108,10 +108,14 @@
on <a href="http://rtos.com/products/threadx/ARC">ThreadX RTOS</a>, which is an embedded operating system
designed specifically for those chips. Manufacturers (not just Intel) can pay for a (proprietary) license
providing access to the source code, but they are not allowed to share it with anyone. In other words, even
- if Intel wanted to release the source code for this blob, they could not do so.
+ if Intel wanted to release the source code for this blob, they could not do so. Even if they did, the ME
+ firmware is cryptographically signed, where the signature is verified at boot time. If you try to use your own modified
+ version of the ME firmware, it will be rejected by the ARC processor and your system will not boot. In other words,
+ the ME firmware is <i>tivoized</i>.
</p>
<p>
The Management Engine is a giant backdoor, allowing full access to your entire system for malicious adversaries.
+ The libreboot project strongly recommends that you avoid it.
</p>
<h3>CPU microcode updates</h3>
<p>