this post was submitted on 25 Dec 2024
1397 points (98.3% liked)

Greentext

4639 readers
1703 users here now

This is a place to share greentexts and witness the confounding life of Anon. If you're new to the Greentext community, think of it as a sort of zoo with Anon as the main attraction.

Be warned:

If you find yourself getting angry (or god forbid, agreeing) with something Anon has said, you might be doing it wrong.

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] quixotic120@lemmy.world 1 points 1 day ago

“Intel Boot Guard is an ME application introduced in Q2 2013 with ME firmware version 9.0 on 4th Generation Intel Core i3/i5/i7 (Haswell) CPUs. It allows a PC OEM to generate an asymmetric cryptographic keypair, install the public key in the CPU, and prevent the CPU from executing boot firmware that isn’t signed with their private key. This means that coreboot and libreboot are impossible to port to such PCs, without the OEM’s private signing key. Note that systems assembled from separately purchased mainboard and CPU parts are unaffected, since the vendor of the mainboard (on which the boot firmware is stored) can’t possibly affect the public key stored on the CPU.”

From libreboot faq. There is precedent for this and it just hasn’t been heavily exercised, yet

Unless you build the hardware you cannot prevent this from happening. It’s merely a question of how long until 99% of tech devices are basically iphones and you need a very restrictive “developers license” to buy the (likely extremely expensive) 1% that are not that puts legal repercussions on you if you do anything that they do not like