Evgeny Zinoviev uploaded patch set #11 to this change.

View Change

sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode

- Add support for ME Soft Temporary Disable Mode. In this mode, ME
doesn't load its kernel and freezes at BUP Phase. This mode is saved in
ME NVRAM (and thus will remain for next reboots and poweroffs).

- Add support of new CMOS option for Ivy Bridge ThinkPads.

HOW TO USE

To disable ME:
1. nvramtool -w me_state=Disabled
2. reboot

To enable it back:
1. nvramtool -w me_state=Normal
2. reboot

To check current status:
intelmetool -m

Tested on ThinkPad X230.

BACKGROUND

There's no Intel documentation that would explain how this should be
implemented, in public. Working binary sequence for MKHI command to put
ME in Soft Temporary Disable Mode, as well as a way to bring ME out of
it (by writing to H_GS register), was found and published by researchers
from PT Security:

1. To disable ME, BIOS issues the disable command (before End of Post)
and reboots. ME is supposed to be disabled on the next boot after DID
(DRAM Init Done).

My numerous tests show that issuing the command and rebooting is not
enough. If we reboot too early, ME will not be disabled: apparently,
it is doing something in background after receiving the command. It
works with a delay of 500-1000 ms.

I also tried to dump all known (documented) registers, such as GMES and
HFS, before and during the next 2 seconds after execution of the
disable command to find a possible indication that something's changed
in ME and we're ready to reboot. Found nothing unfortunately.

2. To enable ME back, host writes value 0x20000000 to H_GS.

PT slides don't contain any more information on it, but my tests show,
that after writing this value, GMES[31:28] is changing from 0x01 (BUP
Phase) to 0x03 (Policy Module) to 0x06 (Host Communication). Then,
after some more time, fw_init_complete bit of HFS becomes 1.

This means that ME starts loading its kernel immediately, without
reboot.

On the other hand, Lenovo BIOS clearly perform a reboot after enabling
it (one reboot after saving the settings, then ThinkPad logo appears,
and then one more reboot). I'm assuming we have to reset too.

TODO

- Implement for 7.x and test on X220.

Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2
Signed-off-by: Evgeny Zinoviev <me@ch1p.io>
---
M src/mainboard/lenovo/t430/cmos.default
M src/mainboard/lenovo/t430/cmos.layout
M src/mainboard/lenovo/t430s/cmos.default
M src/mainboard/lenovo/t430s/cmos.layout
M src/mainboard/lenovo/t530/cmos.default
M src/mainboard/lenovo/t530/cmos.layout
M src/mainboard/lenovo/x230/cmos.default
M src/mainboard/lenovo/x230/cmos.layout
M src/southbridge/intel/bd82x6x/Makefile.inc
M src/southbridge/intel/bd82x6x/early_me.c
M src/southbridge/intel/bd82x6x/early_me_mrc.c
M src/southbridge/intel/bd82x6x/me.h
M src/southbridge/intel/bd82x6x/me_8.x.c
A src/southbridge/intel/bd82x6x/me_common.c
M src/southbridge/intel/ibexpeak/Makefile.inc
15 files changed, 210 insertions(+), 42 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/15/37115/11

To view, visit change 37115. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2
Gerrit-Change-Number: 37115
Gerrit-PatchSet: 11
Gerrit-Owner: Evgeny Zinoviev <me@ch1p.io>
Gerrit-Reviewer: Alexander Couzens <lynxis@fe80.eu>
Gerrit-Reviewer: Evgeny Zinoviev <me@ch1p.io>
Gerrit-Reviewer: Martin Roth <martinroth@google.com>
Gerrit-Reviewer: Nico Huber <nico.h@gmx.de>
Gerrit-Reviewer: Patrick Georgi <pgeorgi@google.com>
Gerrit-Reviewer: Patrick Rudolph <siro@das-labor.org>
Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org>
Gerrit-CC: Angel Pons <th3fanbus@gmail.com>
Gerrit-CC: Paul Menzel <paulepanter@users.sourceforge.net>
Gerrit-MessageType: newpatchset