Re: [Libreboot] Zero-day vulnerability - system management mode arbitrary code execution

[Duncan Guthrie]

Hi all,
All right, reading the article, it seems one of the given exploits can disable 
SPI flash write-protection mechanisms. This might mean that we can install 
Libreboot/Coreboot without an external flash tool on systems with proprietary 
BIOS. 
I will read it more carefully, and test this on my Lenovo X200, which has 
proprietary BIOS installed. If it doesn't work one suspects it will just refuse 
access to me. If it does, this is very useful, even if the rest of the exploits 
don't remove ME from recent models.
Hope this helps anyone,
D.

On 6 July 2016 00:52:11 BST, Duncan Guthrie <address@hidden> wrote:
>Hi all, 
>Poking around the internet, I happened upon this page:
>https://github.com/Cr4sh/ThinkPwn
>This is an exploit for System Management Mode of Intel x86 CPUs, tested
>on a number of recent models, including Lenovo ThinkPads, and tested on
>some other models including an HP Pavilion laptop. This suggests that
>this vulnerability exists in a wide range of recent Intel hardware. The
>page links to this extensive blog post:
>http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html
>What excites me about this is that as we are running code at such a low
>level, we might in theory be able to bypass the Intel ME signature
>checking and similar "protections", and run unsigned BIOS software.
>This would be great for Libreboot.
>Can anyone else comment on this? I am quite excited at the potential of
>this, especially as it seems to be able to target many new models of
>Intel hardware, perhaps even Intel hardware produced this year, as
>Intel, as far as I know, didn't introduce any major design changes for
>a long time as they did not need to.
>Thanks,
>D.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.