Looks like it can be done through Management Engine, which has access to everything apparently.
Only success so far is unlocking BCLK, but the overclock is small and unstable that way.
Another roadblock was the read only lock, which can fortunately be bypassed on POST on xx67/77 chipsets.
You mean non-extreme?
> unlocking BCLK, but the overclock is small and unstable that way
On desktop Skylake, BCLK can get you to anywhere you want (I run an i5-6400 at 4.5GHz daily, over 4.7 for benchmarks). You're talking about laptops, right?
And BCLK allows for a 5MHz overclock, which is not much, anything more and the system crashes. Which is really strange, may have something to do with PCIE as Dogma said.
I just want to get everything out of my extreme processor and RAM.
Some are resorting to dual PSU's to handle the power requirements, so the system boards are capable of handling some insane load.
I myself squeezed another year out of a Core 2 Quad laptop by overclocking everything as much as possible. Temperatures were averaging 90-95 under load, but I didn't care at that point, as I was going to upgrade. It still works :D
Intel's HEDT platform supports proper CPU strap overclocking withou adverse effects, but even then it's usually not recommended unless you are doing extreme OC and that's liquid nitro :)
I thought Intel shut this down with microcode updates.
I feel like there would be legal problems though...
When we were rooting Android devices we sat on a lot of exploits that we believed we could use to give end-users freedom. There were a handful that were bad enough to warrant disclosure , but we still offered them as ways for users to control their own devices with a few layers of obfuscation on top.
With software, a patch release is a common enough thing that it's a solid argument that letting companies like Microsoft or Apple or Google or others who've demonstrated they'll actually fix security bugs (so, maybe not Oracle, for example), or any of the hundreds or thousands of widely-used OSS projects - I'm _much_ less convinced that any company like Intel will ever manage to get even a single digit percentage of their users to reflash CPU firmware - if that's even possible - and I've never heard of a hardware company freely replacing all user's CPUs where remote exploits are known.
Where the option of "give them 90 days to get a patch out - possibly give them an extension if they ask and explain why, but otherwise sit on the bug with the vendor until it's fixed or being actively exploited in the wild" à la Google Zero & Tavis seems to work reasonably well enough of the time for software bugs - it seems to me unlikely to be as beneficial for hardware bugs which are much much harder to get fixes to end users - and early disclosure giving the opportunity to mitigate with firewalls or unplugging the device seems more likely to be the better choice.
I often think whether one should really help people who decide to buy locked-down Android devices.
This said: To my knowledge for some mobile phones using a TI Calypso chip, one can flash a free firmware (OsmocomBB):
Sure, they could release a new version with the bug fixed, but the attacker doesn't have to use the new version, they can deliberately use the old flawed version in their modified version of the bios.