
Exploiting AMI Aptio Firmware on Example of Intel NUC - peter_d_sherman
http://blog.cr4.sh/2016/10/exploiting-ami-aptio-firmware.html
======
peter_d_sherman
Excerpt:

"One of my favorite microchips of all time is FT2232H from FTDI — its dual
channel USB to serial converter that supports various protocols and
configurations. It can work with UART, I2C, SPI and JTAG protocols, it also
supports bit-bang mode and multi-protocol synchronous high speed engine
(MPSSE) — its pretty much a real digital electronics swiss knife. There’s also
a single channel version of this chip called FT232H, but as for me it’s more
convenient to have dual channel one: for example, you can flash firmware to
your target device over SPI and debug it via JTAG in the same time which is
very convenient. Also, there are some motherboards which use more than one SPI
flash chip to store platform firmware (my Intel DQ77KB motherboard uses two).
To work with this neat chip you can buy official FT2232H Mini Module from FTDI
or make your own board."

------
peter_d_sherman
Opinion: This article is chock full o' SMM/UEFI/Firmware technical
information. Definitely worth a read.

Also, another excerpt:

"I sent my reports to Intel Platform Security and Incident Response Team at
15.07.2016 and after several working days and short e-mail conversation both
Intel and AMI confirmed all of the security issues. Intel decided to release a
single advisory INTEL-SA-00057 to cover all four vulnerabilities. Fixed
firmware for my NUC of version SYSKLi35.86A.0051 was released at 10.08.2016 —
not bad, especially as for the job that requires coordinated work of two
different companies."

