Patrick Rudolph has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/39129 )
Change subject: Documentation: Tutorial me_cleaner on Lenovo devices ......................................................................
Documentation: Tutorial me_cleaner on Lenovo devices
Add a tutorial how to use ME cleaner, and give some basic steps to strip the ME.
Tested on Lenovo X220 with stripped ME and found no issues:
* Displayport * VGA * USB * Bluetooth * Wifi * Wifi-kill switch * libgfxinit * SATA * Audio * SD-card * Ethernet * Keyboard * Fn-Keys * Display brightness * S3 resume * Battery events * CPU temperature reporting * FAN managment * Stress test stable * Youtube videos over Wifi * stress -c 2 -m 1 -d 1 * glxgears
Change-Id: I0b1d04f00b5dbb38cf04333f2b345749b740a375 Signed-off-by: Patrick Rudolph patrick.rudolph@9elements.com --- M Documentation/mainboard/index.md M Documentation/mainboard/lenovo/Sandy_Bridge_series.md A Documentation/mainboard/lenovo/flashlayout_Sandy_Bridge_stripped_me.svg A Documentation/mainboard/lenovo/stripping_me.md 4 files changed, 154 insertions(+), 3 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/29/39129/1
diff --git a/Documentation/mainboard/index.md b/Documentation/mainboard/index.md index 126a8fb..413bf03 100644 --- a/Documentation/mainboard/index.md +++ b/Documentation/mainboard/index.md @@ -66,6 +66,7 @@ ## Lenovo
- [Mainboard codenames](lenovo/codenames.md) +- [Stripping ME](lenovo/stripping_me.md) - [Hardware Maintenance Manual of ThinkPads](lenovo/thinkpad_hmm.md) - [R60](lenovo/r60.md) - [T4xx common](lenovo/t4xx_series.md) diff --git a/Documentation/mainboard/lenovo/Sandy_Bridge_series.md b/Documentation/mainboard/lenovo/Sandy_Bridge_series.md index 0b833f5..cba9a06 100644 --- a/Documentation/mainboard/lenovo/Sandy_Bridge_series.md +++ b/Documentation/mainboard/lenovo/Sandy_Bridge_series.md @@ -33,9 +33,7 @@ usable by coreboot. * ROM chip size should be set to 8MiB.
-```eval_rst -Please also have a look at :doc:`../../flash_tutorial/index`. -``` +Please also have a look at the [flashing tutorial]
## Flash layout There's one 8MiB flash which contains IFD, GBE, ME and BIOS regions. @@ -46,3 +44,27 @@
[fl]: flashlayout_Sandy_Bridge.svg
+## Reducing Intel Managment Engine firmware size + +It is possible to reduce the Intel ME firmware size to free additional +space for the `bios` region. This is usually refered to as *cleaning the ME* or +*stripping the ME*. See general notes on [me_cleaner]. + +With the reduced Intel ME firmware the IFD, GbE and ME regions require +less than 128 KiB of space in the ROM. + +The modified flash layout needs to be written to IFD! +Have a look at the [ME tutorial] for more information. + +Tests on Lenovo X220 showed no issues with a stripped ME firmware. + + +**Modified flash layout:** + +![][fl2] + +[fl2]: flashlayout_Sandy_Bridge_stripped_me.svg + +[ME tutorial]: stripping_me.md +[me_cleaner]: ../../northbridge/intel/sandybridge/me_cleaner.md +[flashing tutorial]: ../../flash_tutorial/ext_power.md diff --git a/Documentation/mainboard/lenovo/flashlayout_Sandy_Bridge_stripped_me.svg b/Documentation/mainboard/lenovo/flashlayout_Sandy_Bridge_stripped_me.svg new file mode 100644 index 0000000..d8d8213 --- /dev/null +++ b/Documentation/mainboard/lenovo/flashlayout_Sandy_Bridge_stripped_me.svg @@ -0,0 +1,74 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.0//EN" "http://www.w3.org/TR/2001/PR-SVG-20010719/DTD/svg10.dtd"> +<svg width="9cm" height="8cm" viewBox="268 -156 168 158" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> + <g> + <g> + <g> + <rect style="fill: #ffffff" x="307.888" y="-152.131" width="49.1438" height="30.4667"/> + <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #ffffff" x="307.888" y="-152.131" width="49.1438" height="30.4667"/> + </g> + <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #ffffff" x="307.888" y="-152.131" width="49.1438" height="30.4667"/> + </g> + <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="307.888" y="-152.131" width="49.1438" height="30.4667"/> + <text font-size="6.77323" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="332.46" y="-134.831"> + <tspan x="332.46" y="-134.831">IFD</tspan> + </text> + </g> + <g> + <g> + <rect style="fill: #ffffff" x="307.934" y="-56.9106" width="49.1438" height="56.1492"/> + <rect style="fill: none; fill-opacity:0; stroke-width: 0.02; stroke: #ffffff" x="307.934" y="-56.9106" width="49.1438" height="56.1492"/> + </g> + <rect style="fill: none; fill-opacity:0; stroke-width: 0.02; stroke: #ffffff" x="307.934" y="-56.9106" width="49.1438" height="56.1492"/> + </g> + <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="308.096" y="-57.559" width="49.1438" height="57.2839"/> + <text font-size="6.77323" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="332.182" y="-24.0245"> + <tspan x="332.182" y="-24.0245">BIOS</tspan> + </text> + <g> + <g> + <g> + <rect style="fill: #ffffff" x="308" y="-121.59" width="49.1438" height="30.4667"/> + <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #ffffff" x="308" y="-121.59" width="49.1438" height="30.4667"/> + </g> + <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #ffffff" x="308" y="-121.59" width="49.1438" height="30.4667"/> + </g> + <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="308" y="-121.59" width="49.1438" height="30.4667"/> + <text font-size="6.77323" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="332.572" y="-104.29"> + <tspan x="332.572" y="-104.29">GBE</tspan> + </text> + </g> + <text font-size="7.15705" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="268.961" y="-148.674"> + <tspan x="268.961" y="-148.674">0x000000</tspan> + </text> + <text font-size="6.77323" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="269.152" y="-120.399"> + <tspan x="269.152" y="-120.399">0x001000</tspan> + </text> + <text font-size="6.77323" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="269.155" y="-90.6472"> + <tspan x="269.155" y="-90.6472">0x003000</tspan> + </text> + <text font-size="6.77323" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="269.461" y="-56.4289"> + <tspan x="269.461" y="-56.4289">0x020000</tspan> + </text> + <text font-size="6.77323" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="270.008" y="0.198407"> + <tspan x="270.008" y="0.198407">0x800000</tspan> + </text> + <path style="fill: none; fill-opacity:0; stroke-width: 1; stroke: #000000" d="M 380.877 -151.013 C 401.876,-151.013 379.377,-73.513 400.627,-72.513"/> + <path style="fill: none; fill-opacity:0; stroke-width: 1; stroke: #000000" d="M 381.377 -0.763268 C 395.238,-0.763268 387.016,-72.763 400.877,-72.763"/> + <text font-size="6.77323" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="406.127" y="-68.513"> + <tspan x="406.127" y="-68.513">Flash #0</tspan> + </text> + <g> + <g> + <g> + <rect style="fill: #ffffff" x="308.189" y="-90.5898" width="49.1438" height="33.4161"/> + <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #ffffff" x="308.189" y="-90.5898" width="49.1438" height="33.4161"/> + </g> + <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #ffffff" x="308.189" y="-90.5898" width="49.1438" height="33.4161"/> + </g> + <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="308.189" y="-90.5898" width="49.1438" height="32.8215"/> + <text font-size="6.77323" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="331.572" y="-70.23"> + <tspan x="331.572" y="-70.23">ME</tspan> + </text> + </g> +</svg> diff --git a/Documentation/mainboard/lenovo/stripping_me.md b/Documentation/mainboard/lenovo/stripping_me.md new file mode 100644 index 0000000..00cb2e0 --- /dev/null +++ b/Documentation/mainboard/lenovo/stripping_me.md @@ -0,0 +1,54 @@ +# Tutorial reducing the Intel ME firmware size + +This tutorial is written for the Lenovo Intel Sandy Bridge/Ivy Bridge devices, +but applies to additional platforms with slightly differences. + +It is possible to reduce the Intel ME firmware size to free additional +space for the `bios` region. This is usually refered to as *cleaning the ME* or +*stripping the ME*. The ME is forced into a non-functional recovery state, +which sets the platform in an undefined state. +See general notes on [me_cleaner]. + +With the reduced Intel ME firmware the `ifd`, `gbe` and `me` regions require +less than 128 KiB of space in the ROM, which leaves the remaining for the +`bios` region. + +This tutorial will guide through the steps necessary. + +## Obtain a full ROM + +You need a full and working ROM with a full Intel ME firmware. + +## Running me_cleaner + +You need to run the me_cleaner on a full ROM, here called `fulldump.rom`: + +It will then generate 2 new files: +```console +./util/me_cleaner/me_cleaner.py -D patched_desciptor.bin -M stripped_me.bin fulldump.rom -t -r -S +``` +It will then generate 2 new files: +* a patched IFD called `patched_desciptor.bin` +* stripped Intel ME called `stripped_me.bin` + +The patched IFD has the `AltMeDisable` bit set and a modified flash layout. + +## Build coreboot + +1. Now include the two new files into coreboot's build system. +2. Make sure to also increase the CBFS size + * 0x7E0000 for a 8MiB ROM + * 0xBE0000 for a 12MiB ROM + * 0xFE0000 for a 16MiB ROM + +## Flashing the ROM + +As you have modified the layout you need to write the **full ROM** to flash. +Make sure to include all partitions into the ROM: +* IFD +* EC (might be unused) +* GbE (might be unused) +* ME +* BIOS + +[me_cleaner]: ../../northbridge/intel/sandybridge/me_cleaner.md
Hello build bot (Jenkins),
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/39129
to look at the new patch set (#2).
Change subject: Documentation: Tutorial me_cleaner on Lenovo devices ......................................................................
Documentation: Tutorial me_cleaner on Lenovo devices
Add a tutorial how to use ME cleaner, and give some basic steps to strip the ME.
Tested on Lenovo X220 with stripped ME and found no issues: commit: cbc5b99ac9e5856631109b1e7f20e80799beb1e4
* Displayport * VGA * USB * Bluetooth * Wifi * Wifi-kill switch * libgfxinit * SATA * Audio * SD-card * Ethernet * Keyboard * Fn-Keys * Display brightness * ACPI S3 resume * Battery events * CPU temperature reporting * FAN managment * Stress test stable * Youtube videos over Wifi * stress -c 2 -m 1 -d 1 * glxgears
Change-Id: I0b1d04f00b5dbb38cf04333f2b345749b740a375 Signed-off-by: Patrick Rudolph patrick.rudolph@9elements.com --- M Documentation/mainboard/index.md M Documentation/mainboard/lenovo/Sandy_Bridge_series.md A Documentation/mainboard/lenovo/flashlayout_Sandy_Bridge_stripped_me.svg A Documentation/mainboard/lenovo/stripping_me.md 4 files changed, 154 insertions(+), 3 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/29/39129/2
Paul Menzel has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/39129 )
Change subject: Documentation: Tutorial me_cleaner on Lenovo devices ......................................................................
Patch Set 2:
(4 comments)
https://review.coreboot.org/c/coreboot/+/39129/2//COMMIT_MSG Commit Message:
https://review.coreboot.org/c/coreboot/+/39129/2//COMMIT_MSG@7 PS2, Line 7: Documentation: Tutorial me_cleaner on Lenovo devices Statement please:
Add me_cleaner tutorial on Lenovo devices
https://review.coreboot.org/c/coreboot/+/39129/2/Documentation/mainboard/len... File Documentation/mainboard/lenovo/Sandy_Bridge_series.md:
https://review.coreboot.org/c/coreboot/+/39129/2/Documentation/mainboard/len... PS2, Line 49: It is possible to reduce the Intel ME firmware size to free additional : space for the `bios` region. This is usually refered to as *cleaning the ME* or : *stripping the ME*. See general notes on [me_cleaner]. : : With the reduced Intel ME firmware the IFD, GbE and ME regions require : less than 128 KiB of space in the ROM. : : The modified flash layout needs to be written to IFD! : Have a look at the [ME tutorial] for more information. : : Tests on Lenovo X220 showed no issues with a stripped ME firmware. Reflow the lines?
https://review.coreboot.org/c/coreboot/+/39129/2/Documentation/mainboard/len... File Documentation/mainboard/lenovo/stripping_me.md:
https://review.coreboot.org/c/coreboot/+/39129/2/Documentation/mainboard/len... PS2, Line 14: `bios` region. Should the text be duplicated?
https://review.coreboot.org/c/coreboot/+/39129/2/Documentation/mainboard/len... PS2, Line 53: Add a note, what the difference to the Kconfig integration of me_cleaner is?
Hello build bot (Jenkins),
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/39129
to look at the new patch set (#3).
Change subject: Documentation: Tutorial me_cleaner on Lenovo devices ......................................................................
Documentation: Tutorial me_cleaner on Lenovo devices
Add a tutorial how to use ME cleaner, and give some basic steps to strip the ME.
Tested on Lenovo X220 with stripped ME and found no issues: commit: cbc5b99ac9e5856631109b1e7f20e80799beb1e4
* Displayport * VGA * USB * Bluetooth * Wifi * Wifi-kill switch * libgfxinit * SATA * Audio * SD-card * Ethernet * Keyboard * Fn-Keys * Display brightness * ACPI S3 resume * Battery events * CPU temperature reporting * FAN managment * Stress test stable * Youtube videos over Wifi * stress -c 2 -m 1 -d 1 * glxgears
Change-Id: I0b1d04f00b5dbb38cf04333f2b345749b740a375 Signed-off-by: Patrick Rudolph patrick.rudolph@9elements.com --- M Documentation/mainboard/lenovo/Sandy_Bridge_series.md A Documentation/mainboard/lenovo/flashlayout_Sandy_Bridge_stripped_me.svg M Documentation/northbridge/intel/sandybridge/me_cleaner.md 3 files changed, 163 insertions(+), 4 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/29/39129/3
Patrick Rudolph has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/39129 )
Change subject: Documentation: Tutorial me_cleaner on Lenovo devices ......................................................................
Patch Set 3:
(3 comments)
https://review.coreboot.org/c/coreboot/+/39129/2/Documentation/mainboard/len... File Documentation/mainboard/lenovo/Sandy_Bridge_series.md:
https://review.coreboot.org/c/coreboot/+/39129/2/Documentation/mainboard/len... PS2, Line 49: It is possible to reduce the Intel ME firmware size to free additional : space for the `bios` region. This is usually refered to as *cleaning the ME* or : *stripping the ME*. See general notes on [me_cleaner]. : : With the reduced Intel ME firmware the IFD, GbE and ME regions require : less than 128 KiB of space in the ROM. : : The modified flash layout needs to be written to IFD! : Have a look at the [ME tutorial] for more information. : : Tests on Lenovo X220 showed no issues with a stripped ME firmware.
Reflow the lines?
Done
https://review.coreboot.org/c/coreboot/+/39129/2/Documentation/mainboard/len... File Documentation/mainboard/lenovo/stripping_me.md:
https://review.coreboot.org/c/coreboot/+/39129/2/Documentation/mainboard/len... PS2, Line 14: `bios` region.
Should the text be duplicated?
rephrased the text
https://review.coreboot.org/c/coreboot/+/39129/2/Documentation/mainboard/len... PS2, Line 53:
Add a note, what the difference to the Kconfig integration of me_cleaner is?
I don't know. The default is -S, which says "... in addition to the usual operations ...". So I guess it removes code and sets AltMeDisable without relocating files.
Hello build bot (Jenkins),
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/39129
to look at the new patch set (#4).
Change subject: Documentation: Add tutorial for me_cleaner on Lenovo devices ......................................................................
Documentation: Add tutorial for me_cleaner on Lenovo devices
Add a tutorial how to use ME cleaner, and give some basic steps to strip the ME. Update the Lenovo Sandy Bridge documentation that no issues could be observed on X220 and give an example flash layout.
Tested on Lenovo X220 with stripped ME and found no issues: commit: cbc5b99ac9e5856631109b1e7f20e80799beb1e4
* Displayport * VGA * USB * Bluetooth * Wifi * Wifi-kill switch * libgfxinit * SATA * Audio * SD-card * Ethernet * Keyboard * Fn-Keys * Display brightness * ACPI S3 resume * Battery events * CPU temperature reporting * FAN managment * Stress test stable * Youtube videos over Wifi * stress -c 2 -m 1 -d 1 * glxgears
Change-Id: I0b1d04f00b5dbb38cf04333f2b345749b740a375 Signed-off-by: Patrick Rudolph patrick.rudolph@9elements.com --- M Documentation/mainboard/lenovo/Sandy_Bridge_series.md A Documentation/mainboard/lenovo/flashlayout_Sandy_Bridge_stripped_me.svg M Documentation/northbridge/intel/sandybridge/me_cleaner.md 3 files changed, 163 insertions(+), 4 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/29/39129/4
Patrick Rudolph has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/39129 )
Change subject: Documentation: Add tutorial for me_cleaner on Lenovo devices ......................................................................
Patch Set 4:
(1 comment)
https://review.coreboot.org/c/coreboot/+/39129/2//COMMIT_MSG Commit Message:
https://review.coreboot.org/c/coreboot/+/39129/2//COMMIT_MSG@7 PS2, Line 7: Documentation: Tutorial me_cleaner on Lenovo devices
Statement please: […]
Done
Paul Menzel has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/39129 )
Change subject: Documentation: Add tutorial for me_cleaner on Lenovo devices ......................................................................
Patch Set 4: Code-Review+1
(2 comments)
https://review.coreboot.org/c/coreboot/+/39129/2/Documentation/mainboard/len... File Documentation/mainboard/lenovo/stripping_me.md:
https://review.coreboot.org/c/coreboot/+/39129/2/Documentation/mainboard/len... PS2, Line 14: `bios` region.
rephrased the text
Done
https://review.coreboot.org/c/coreboot/+/39129/2/Documentation/mainboard/len... PS2, Line 53:
I don't know. The default is -S, which says "... in addition to the usual operations ...". […]
Ack
Arthur Heymans has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/39129 )
Change subject: Documentation: Add tutorial for me_cleaner on Lenovo devices ......................................................................
Patch Set 4: Code-Review+2
Patrick Georgi has submitted this change. ( https://review.coreboot.org/c/coreboot/+/39129 )
Change subject: Documentation: Add tutorial for me_cleaner on Lenovo devices ......................................................................
Documentation: Add tutorial for me_cleaner on Lenovo devices
Add a tutorial how to use ME cleaner, and give some basic steps to strip the ME. Update the Lenovo Sandy Bridge documentation that no issues could be observed on X220 and give an example flash layout.
Tested on Lenovo X220 with stripped ME and found no issues: commit: cbc5b99ac9e5856631109b1e7f20e80799beb1e4
* Displayport * VGA * USB * Bluetooth * Wifi * Wifi-kill switch * libgfxinit * SATA * Audio * SD-card * Ethernet * Keyboard * Fn-Keys * Display brightness * ACPI S3 resume * Battery events * CPU temperature reporting * FAN managment * Stress test stable * Youtube videos over Wifi * stress -c 2 -m 1 -d 1 * glxgears
Change-Id: I0b1d04f00b5dbb38cf04333f2b345749b740a375 Signed-off-by: Patrick Rudolph patrick.rudolph@9elements.com Reviewed-on: https://review.coreboot.org/c/coreboot/+/39129 Reviewed-by: Paul Menzel paulepanter@users.sourceforge.net Reviewed-by: Arthur Heymans arthur@aheymans.xyz Tested-by: build bot (Jenkins) no-reply@coreboot.org --- M Documentation/mainboard/lenovo/Sandy_Bridge_series.md A Documentation/mainboard/lenovo/flashlayout_Sandy_Bridge_stripped_me.svg M Documentation/northbridge/intel/sandybridge/me_cleaner.md 3 files changed, 163 insertions(+), 4 deletions(-)
Approvals: build bot (Jenkins): Verified Paul Menzel: Looks good to me, but someone else must approve Arthur Heymans: Looks good to me, approved
diff --git a/Documentation/mainboard/lenovo/Sandy_Bridge_series.md b/Documentation/mainboard/lenovo/Sandy_Bridge_series.md index 0b833f5..dbbbbee 100644 --- a/Documentation/mainboard/lenovo/Sandy_Bridge_series.md +++ b/Documentation/mainboard/lenovo/Sandy_Bridge_series.md @@ -33,9 +33,7 @@ usable by coreboot. * ROM chip size should be set to 8MiB.
-```eval_rst -Please also have a look at :doc:`../../flash_tutorial/index`. -``` +Please also have a look at the [flashing tutorial]
## Flash layout There's one 8MiB flash which contains IFD, GBE, ME and BIOS regions. @@ -46,3 +44,26 @@
[fl]: flashlayout_Sandy_Bridge.svg
+## Reducing Intel Managment Engine firmware size + +It is possible to reduce the Intel ME firmware size to free additional +space for the `bios` region. This is usually refered to as *cleaning the ME* or +*stripping the ME*. +After reducing the Intel ME firmware size you must modify the original IFD +and then write a full ROM using an [external programmer]. +Have a look at the [me_cleaner] for more information. + +Tests on Lenovo X220 showed no issues with a stripped ME firmware. + +**Modified flash layout:** + +![][fl2] + +[fl2]: flashlayout_Sandy_Bridge_stripped_me.svg + +The overall size of the `gbe`, `me,` `ifd` region is less than 128KiB, leaving +the remaining space for the `bios` partition. + + +[me_cleaner]: ../../northbridge/intel/sandybridge/me_cleaner.md +[external programmer]: ../../flash_tutorial/index.md diff --git a/Documentation/mainboard/lenovo/flashlayout_Sandy_Bridge_stripped_me.svg b/Documentation/mainboard/lenovo/flashlayout_Sandy_Bridge_stripped_me.svg new file mode 100644 index 0000000..d8d8213 --- /dev/null +++ b/Documentation/mainboard/lenovo/flashlayout_Sandy_Bridge_stripped_me.svg @@ -0,0 +1,74 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.0//EN" "http://www.w3.org/TR/2001/PR-SVG-20010719/DTD/svg10.dtd"> +<svg width="9cm" height="8cm" viewBox="268 -156 168 158" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> + <g> + <g> + <g> + <rect style="fill: #ffffff" x="307.888" y="-152.131" width="49.1438" height="30.4667"/> + <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #ffffff" x="307.888" y="-152.131" width="49.1438" height="30.4667"/> + </g> + <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #ffffff" x="307.888" y="-152.131" width="49.1438" height="30.4667"/> + </g> + <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="307.888" y="-152.131" width="49.1438" height="30.4667"/> + <text font-size="6.77323" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="332.46" y="-134.831"> + <tspan x="332.46" y="-134.831">IFD</tspan> + </text> + </g> + <g> + <g> + <rect style="fill: #ffffff" x="307.934" y="-56.9106" width="49.1438" height="56.1492"/> + <rect style="fill: none; fill-opacity:0; stroke-width: 0.02; stroke: #ffffff" x="307.934" y="-56.9106" width="49.1438" height="56.1492"/> + </g> + <rect style="fill: none; fill-opacity:0; stroke-width: 0.02; stroke: #ffffff" x="307.934" y="-56.9106" width="49.1438" height="56.1492"/> + </g> + <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="308.096" y="-57.559" width="49.1438" height="57.2839"/> + <text font-size="6.77323" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="332.182" y="-24.0245"> + <tspan x="332.182" y="-24.0245">BIOS</tspan> + </text> + <g> + <g> + <g> + <rect style="fill: #ffffff" x="308" y="-121.59" width="49.1438" height="30.4667"/> + <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #ffffff" x="308" y="-121.59" width="49.1438" height="30.4667"/> + </g> + <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #ffffff" x="308" y="-121.59" width="49.1438" height="30.4667"/> + </g> + <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="308" y="-121.59" width="49.1438" height="30.4667"/> + <text font-size="6.77323" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="332.572" y="-104.29"> + <tspan x="332.572" y="-104.29">GBE</tspan> + </text> + </g> + <text font-size="7.15705" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="268.961" y="-148.674"> + <tspan x="268.961" y="-148.674">0x000000</tspan> + </text> + <text font-size="6.77323" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="269.152" y="-120.399"> + <tspan x="269.152" y="-120.399">0x001000</tspan> + </text> + <text font-size="6.77323" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="269.155" y="-90.6472"> + <tspan x="269.155" y="-90.6472">0x003000</tspan> + </text> + <text font-size="6.77323" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="269.461" y="-56.4289"> + <tspan x="269.461" y="-56.4289">0x020000</tspan> + </text> + <text font-size="6.77323" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="270.008" y="0.198407"> + <tspan x="270.008" y="0.198407">0x800000</tspan> + </text> + <path style="fill: none; fill-opacity:0; stroke-width: 1; stroke: #000000" d="M 380.877 -151.013 C 401.876,-151.013 379.377,-73.513 400.627,-72.513"/> + <path style="fill: none; fill-opacity:0; stroke-width: 1; stroke: #000000" d="M 381.377 -0.763268 C 395.238,-0.763268 387.016,-72.763 400.877,-72.763"/> + <text font-size="6.77323" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="406.127" y="-68.513"> + <tspan x="406.127" y="-68.513">Flash #0</tspan> + </text> + <g> + <g> + <g> + <rect style="fill: #ffffff" x="308.189" y="-90.5898" width="49.1438" height="33.4161"/> + <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #ffffff" x="308.189" y="-90.5898" width="49.1438" height="33.4161"/> + </g> + <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #ffffff" x="308.189" y="-90.5898" width="49.1438" height="33.4161"/> + </g> + <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="308.189" y="-90.5898" width="49.1438" height="32.8215"/> + <text font-size="6.77323" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="331.572" y="-70.23"> + <tspan x="331.572" y="-70.23">ME</tspan> + </text> + </g> +</svg> diff --git a/Documentation/northbridge/intel/sandybridge/me_cleaner.md b/Documentation/northbridge/intel/sandybridge/me_cleaner.md index 1086e7e..b457dcd 100644 --- a/Documentation/northbridge/intel/sandybridge/me_cleaner.md +++ b/Documentation/northbridge/intel/sandybridge/me_cleaner.md @@ -5,7 +5,7 @@ operate any more.
**Using a 'cleaned' ME partition may lead to issues and its use should be -carefully evaulated.** +carefully evaluated.**
## Observations with 'cleaned' ME
@@ -18,3 +18,67 @@
Always test with unmodified IFD and ME section before reporting bugs to the coreboot project. + +## Tutorial reducing the Intel ME firmware size + +By default the cleaned ME firmware will still occupy the same space in +the firmware image. It's possible to change the firmware partition layout +and reclaim the space for the use by coreboot. +With the reduced Intel ME firmware the `ifd`, `gbe` and `me` regions require +less than 128 KiB of space in the ROM, which leaves the remaining for the +`bios` region. + +This tutorial will guide you through the steps necessary. + +### 1. Obtain a full ROM + +You need a full and working ROM with a full Intel ME firmware. + +### 2. Running me_cleaner + +You need to run the *me_cleaner* on a full ROM, here called `fulldump.rom`: +The full ROM contains: +* IFD +* fully working Intel ME +* GbE (optional) +* BIOS (any firmware) + +Running the command will generate two new files: +```console +./util/me_cleaner/me_cleaner.py -D patched_desciptor.bin -M stripped_me.bin fulldump.rom -t -r -S +``` + +The generated files are: +* a patched IFD called `patched_desciptor.bin` +* stripped Intel ME called `stripped_me.bin` + +The patched IFD has the *AltMeDisable* bit set and a modified flash layout. + + +*Note:* coreboot allows to select `CONFIG_ME_CLEANER` as part of the +build-process, but that doesn't rework the flash layout, it only removes +files from ME and sets the *AltMeDisable*-bit. + +### 3. Build coreboot + +1. Now include the two new files from the previous step into coreboot's + build system. +2. Make sure to also increase the CBFS size + * 0x7E0000 for a 8MiB ROM + * 0xBE0000 for a 12MiB ROM + * 0xFE0000 for a 16MiB ROM +3. Make sure to **not** enable me_cleaner in Kconfig again as + you have already run it + +### 4. Flashing the ROM + +As you have modified the layout you need to write the **full ROM** to flash +using an [external programmer]. +Make sure to include all partitions into the ROM: +* IFD +* EC (might be unused) +* GbE (might be unused) +* ME +* BIOS + +[external programmer]: ../../../flash_tutorial/index.md
-
Arthur Heymans (Code Review) -
Patrick Georgi (Code Review)
-
Patrick Rudolph (Code Review)
-
Paul Menzel (Code Review)