Email or username:

Password:

Forgot your password?
Leah Rowe is not a Rowebot's posts Post Back to profile
Top-level
Evv1L :blobcatlaptop:

@libreleah

> Run './RUNME.sh' to generate an ME image that bypasses BootGuard on the OptiPlex 3050.

Very interesting!

Is this just Dell has some weird/buggy BootGuard implementation or it could be possible on other desktops/laptops?

How this bypass even work? Is it some undocumented IME feature?

26 May at 6:26 | Wall-to-wall | Open on mastodon.ml
6 comments
Leah Rowe is not a Rowebot

@Evv1L mate kukri is working on a technical writeup. this is going in libreboot.

26 May at 12:48 | Open on mas.to
mkukri

@Evv1L @libreleah

This uses CVE-2017-5705.

It has been fixed by Intel in newer ME v11.x.x.x firmware releases, however ME11 hardware has no protection again downgrading the ME version by overwriting the SPI flash physically, thus we can downgrade to a vulnerable version.

After downgrade, we exploit the bup module of the vulnerable firmware, overwriting the copy of boot guard FPFs stored in SRAM, resulting in the fused boot guard configuration being replaced with our desired one.

26 May at 12:48 | Open on mas.to
it takes a village
Leah Rowe is not a Rowebot

@djuuss @mkukri @Evv1L mate says he is interested in that machine.

3 June at 9:30 | Open on mas.to
it takes a village

@libreleah @mkukri @Evv1L

in my circle there's also some x380 yoga's. But T480 is the last 'tinkerable' laptop that /r/thinkpad is hyped over.

edit: thank you!!

3 June at 9:31 | Open on climatejustice.social
Leah Rowe is not a Rowebot

@djuuss @mkukri @Evv1L no promises, but mate has told me in #libreboot that he is indeed interested in the t470 and t480 machines

3 June at 9:33 | Open on mas.to
Go Up