From a21049e02d7db9acc9c929cc17e50cb2c0e51353 Mon Sep 17 00:00:00 2001
From: Francis Rowe
Date: Tue, 28 Jul 2015 07:42:57 -0400
Subject: FAQ: more info about the Intel Management Engine
---
(limited to 'site/faq')
diff --git a/site/faq/index.php b/site/faq/index.php
index dc08b80..88e5e95 100644
--- a/site/faq/index.php
+++ b/site/faq/index.php
@@ -108,10 +108,14 @@
on ThreadX RTOS, which is an embedded operating system
designed specifically for those chips. Manufacturers (not just Intel) can pay for a (proprietary) license
providing access to the source code, but they are not allowed to share it with anyone. In other words, even
- if Intel wanted to release the source code for this blob, they could not do so.
+ if Intel wanted to release the source code for this blob, they could not do so. Even if they did, the ME
+ firmware is cryptographically signed, where the signature is verified at boot time. If you try to use your own modified
+ version of the ME firmware, it will be rejected by the ARC processor and your system will not boot. In other words,
+ the ME firmware is tivoized.
The Management Engine is a giant backdoor, allowing full access to your entire system for malicious adversaries.
+ The libreboot project strongly recommends that you avoid it.
CPU microcode updates
--
cgit v0.9.1