Announcement

Collapse
No announcement yet.

Secure Boot Breaks Kexec, Hibernate Support On Linux

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    My testboard with EFI Secure Boot can be flashed (the only way how i can reset the keys i added) also my ASUS P8Z68-V - i guess all ASUS boards with 64 mbit flash work with flashrom.

    Comment


    • #17
      Originally posted by Kano View Post
      My testboard with EFI Secure Boot can be flashed (the only way how i can reset the keys i added) also my ASUS P8Z68-V - i guess all ASUS boards with 64 mbit flash work with flashrom.
      That's nice, but such boards aren't Windows 8 logo compliant.

      Comment


      • #18
        Having helped with Flashrom, there's two big issues with flashing modern machines:
        1. Laptops
        2. Intel's Management Engine

        The Management Engine is the easier of the two (which is only because there's no generic way to handle the laptop issue). Virtually every manufacturer follows Intel's recommendations on how to lockdown the permissions on the various areas of the flash chip, which involve making the ME (Management engine region) read-only, which is quite a problem because you can't be sure of a successful flash unless you can get the ME to stop itself (and you don't know if there's an ME update inside the update which needs to be applied), and you can't just overwrite the region in software.

        Again, with physical access you can bypass all of these issues, but unless you're prepared to break out a soldering iron, programmer, and ready & able to make backups of your chips, you're stuck.

        Laptops are hard because the BIOS usually shares space with the EC (embedded controller), which controls lots of important things like your keyboard, lighting, battery, and fans. If that goes, you'll probably have a nice brick. You need to know how to stop the EC, which requires datasheets that usually aren't available, and may be missing important info.
        Combine the two, and you've got a nearly impossible situation.

        Comment

        Working...
        X