Now that I think about it, I'm not sure that the exact route matters. The ME can read and write its own firmware storage; that's a necessary capability for writing new firmware with the MEI. So if a compromised ME gets a chance to execute code after new firmware has been flashed, it can read out that new firmware and reinfect it. And that means that even direct flash via SPI won't work unless you can take the ME offline, flash the firmware, and then restart the motherboard without ever giving the compromised firmware a chance to do anything. Which I'm not sure is... entirely possible? I can see setups where it's impossible to be able to get access to firmware storage with the ME offline. This is getting way into the details of how these motherboards are wired up.
> So if a compromised ME gets a chance to execute code after new firmware has been flashed, it can read out that new firmware and reinfect it.
Yeah, or it could just fake the flash operation. Much easier than re-infecting a potentially unknown firmware. Lots of oppurtinities here.
>And that means that even direct flash via SPI won't work unless you can take the ME offline, flash the firmware, and then restart the motherboard without ever giving the compromised firmware a chance to do anything. Which I'm not sure is... entirely possible
It looks like the ME processor can execute instructions from the firmware/spi region, its own memory, or from a reserved region in RAM. During the SPI flash, if the ME CPU is not offline, then it has the potential to accidentaly execute instructions out of the firmware region being flashed to and cause havoc. This may necessiciate that the ME MCU enter some kind of idle state during flashing, and then be rebooted. Although, as an aside, maybe the flashing works by copying to an unused region and then fliping a 'new firmware at location X' bit and rebooting the ME CPU which will then do the actual flashing. I haven't found any details yet, but I haven't looked that hard either.
