logoalt Hacker News

throw0101dtoday at 3:28 PM1 replyview on HN

> For example intel systems (and Android) run resident supervisor code you can't get rid of, and that can do remotely initiated updates you have no control over. That's not so on Apple silicon.

The Oxide Computer folks wrote their own AMD boot loader and have an entire chain of trust and apparently (?) basically got rid of the supervisor code (Ring -2 and -3). They also have custom motherboards with third-party BMCs.

Could something similar be done on Intel?


Replies

simonhtoday at 3:59 PM

I suppose it's possible, after all if the thing can phone home and update itself, that could be spoofed so it updates itself with your code.

However if that phone home feature is read only, it could always just re-root itself.