Overview
Syllabus
Intro
Outline
About the ME
About ME
Working with ME firmware images
Understanding the ME: Firmware Partitions
Understanding the ME: Code partitions
Understanding the ME: Metadata
Code verification chain
ME shared libraries
Analysing a simple module
Data sections
Example driver main() function
Trace output: SVEN
ME driver overview device files
Accessing hardware
Message Passing: Basics
Memory Grants: Indirect Grants
DMA Locks
Understanding the address space
The bus driver: busdrv
The table in human readable form
Processor
Custom host bridge: Minute IA System Agent
Hardware Cryptographic Accelerator IP blocks (partial)
Crypto: DMA Engines
Host-Embedded Controller Interface (HECI)
Primary Address Translation Table
Root spaces
Sideband Fabric
Developing an exploit for CVE-2017-5705,6,7
meloader: WINE for the ME
meloader as a debugger
Getting JTAG access
ME Boot Process
Host Boot Process: Boot Guard
The Power Management Controller
Host Initialization: ME tasks
Getting to the minimal viable implementation
Boot Guard Configuration
Future goals
Acknowledgements
Taught by
media.ccc.de