> Ребят... все это хорошо конечно, но за 500 ЕВРО можно купить крутой
> ультрабук DELL. Пока свободные ноуты будут стоить как хороший ультрабук и
> выглядеть при этом как гoвно - не будет особого спроса.Дык, так и задуманно -- поблагодарим интеля:
https://libreboot.org/faq.html#intel
> Intel Boot Guard is an ME application introduced in Q2 2013 with ME firmware version 9.0 on 4th Generation Intel Core i3/i5/i7 (Haswell) CPUs. It allows a PC OEM to generate an asymmetric cryptographic keypair, install the public key in the CPU, and prevent the CPU from executing boot firmware that isn’t signed with their private key. This means that coreboot and libreboot are impossible to port to such PCs, without the OEM’s private signing key.
> Before version 6.0 (that is, on systems from 2008/2009 and earlier), the ME can be disabled by setting a couple of values in the SPI flash memory. The ME firmware can then be removed entirely from the flash memory space. libreboot does this on the Intel 4 Series systems that it supports, such as the Libreboot X200 and Libreboot T400.
конкретно для новых моделей:
> If the ME’s boot ROM does not find in the SPI flash memory an ME firmware manifest with a valid Intel signature, the whole PC will shut down after 30 minutes
> Due to the signature verification, developing free replacement firmware for the ME is basically impossible. The only entity capable of replacing the ME firmware is Intel. As previously stated, the ME firmware includes proprietary code licensed from third parties, so Intel couldn’t release the source code
Ну а для чего все на самом деле делается (ну не верится мне, что АМДшники добровольно и с песней пошли по тому же пути встраивания залоченного зонда, вместо экономии ресурсов и попытки увеличения продаж за счет пиара и более низких цен):
> ME firmware versions 4.0 and later (Intel 4 Series and later chipsets) include an ME application for audio and video DRM called “Protected Audio Video Path” (PAVP). The ME receives from the host operating system an encrypted media stream and encrypted key, decrypts the key, and sends the encrypted media decrypt
> capabilities of the ME: this hardware and its proprietary firmware can access and control everything that is in RAM and even everything that is shown on the screen.
АНБшники скорее всего идут просто "приятным" довеском -- лобби у Д[e]РМa таки мощнейшее.