Interesting, Pepijn Bruienne is looking at new Apple firmware, and how it uses Intel ME.
So it seems I was mistaken in thinking that Apple ships all Macs with Intel ME disabled? A number of recent models actually do have an ME payload in the EFI capsule, seemingly functional. Who knows more about this? pic.twitter.com/Mu3Xx3Acb8
— Pepijn Bruienne πΆπ²π§π΄ (@bruienne) December 13, 2017
Interestingly the J137.im4p/MacEFI payload that ostensibly will live inside the T2 still has an ME region, version went from 11.6 in 10.13 DR1 to 11.10 in the bridgeOS 2 payload from November.
— Pepijn Bruienne πΆπ²π§π΄ (@bruienne) December 15, 2017
This tells me:
– Even though full secure boot mode is (still) optional, the T2 is now the first thing that boots, not EFI
– Bricking a Mac due to a bad EFI update is impossible
– This is the new normal. Start thinking about adjusting your #macadmins procedures accordingly. https://t.co/zRv8cbvILV— Pepijn Bruienne πΆπ²π§π΄ (@bruienne) December 15, 2017
Also interesting is that the only file the various ME unpacking tools can't decompress is "pavp_mod" since it's encrypted. PAVP is Intel's protected A/V path used for DRM purposes.
— Pepijn Bruienne πΆπ²π§π΄ (@bruienne) December 13, 2017
Firmware Security 