![]() On the other hand, if it is configured that way but a bit flip happens you can't boot anymore and can repair either. Problem is that you still read SPI Flash which can be modified out of band, so after the CPU ROM reads the ACB it continues reading code which can be altered and if the UEFI firmware is set to 'verify but don't stop running' mode, you can modify all you want and it will work. It starts out with the CPU reading an authenticated code block which contains further code to verify other blocks. The CPU has a BOOTROM which can cryptographically verify code blocks, the PCH has a CPU that can do the same, and the firmware has signed code blocks. Normally the CPU talks to the PCH and the PCH via SPI to a Flash ROM. There is no actual BIOS Flash chip, only T2 Flash. Yes, because the CPU boots after the T2, and the T2 emulates the SPI ROM to the PCH.
0 Comments
Leave a Reply. |