Re: Actually, it is standing on a turtle
"Well, technically it is on a replaceable Flash device, the problem is that the CPU / PCH requires the firmware stored on that Flash device to carry a valid Intel cryptographic signature"
That rather misses the point, the point is to reduce the complexity and return full control of what boots back to the customer. It's about having a choice - and not having to put blind faith in a very complex setup that is known to be vulnerable until the day you decide to re-purpose that box as a boat anchor.
Ideally all the bootstrap would do is load a few bytes off the flash and execute them. The customer, if they chose, could then put some signature verification code in for bootstrapping the main CPU.
There is nothing stopping Intel et al from providing a flash drive with their current crapware installed gratis. That would give the folks who give a toss a chance to fix the hardware - and of course for Intel it gives them an easy out should they ship broken by design bootstraps in the future.
Biting the hand that feeds IT
