Our new paper "Intel ME Manufacturing Mode: obscured dangers" about SPI write-protection bypass in Apple MacBook. https://habr.com/company/pt/blog/425105/ … [ru] http://blog.ptsecurity.com/2018/10/intel-me-manufacturing-mode-macbook.html … [en]
The first paragraph is golden! Some notes: The Mnf mode term is used broadly in Engine as it is enabled even when unlocking the FD & Mnf Done Bit manually after the fact. But in that "Mnf Mode" you cannot change FPF (and by extension BG), only MFS CVARs.
-
-
So there is a big distinction between "OEM" Mnf Mode and "User" Mnf Mode if we can call it that. However, most sloppy OEMs do indeed forget to close it at least once so the PFP are not committed and yes in such case an attacker can commit the platform with their own keys.
-
What's interesting & new for me is MCA for CVAR, SPI Master Grant and the hidden ability to use HMRFPO without a CPU reset. The last ones are very cool for firmware repairing as well, provided that the heci command works with "User" Mnf Mode as well. Great work guys! :)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.