Evgeny Zinoviev has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: [WIP] sb/intel/bd82x6x: Support ME Software Disable Mode ......................................................................
[WIP] sb/intel/bd82x6x: Support ME Software Disable Mode
AFAIK, ME is supposed to enter Software Temp Disable Mode on the next reboot after receiving the disable command.
But my tests on X230 (ME firmware 8.1.1416.40) show that CF9 reset doesn't help here and user must manually perform power off/power on cycle.
So for now working algorithm to disable ME is as follows: - run `nvramtool -w me_disable=Enable` - reboot - power off - power on - run `intelmetool -m` to verify that ME is in soft temp disable mode.
To enable ME: - run `nvramtool -m me_disable=Disable` - reboot
TODO: if it's possible, find a way to perform correct program reset so that user wouldn't have to do one more power off/power on.
Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2 Signed-off-by: Evgeny Zinoviev me@ch1p.io --- M src/mainboard/lenovo/x230/cmos.default M src/mainboard/lenovo/x230/cmos.layout M src/southbridge/intel/bd82x6x/early_me.c M src/southbridge/intel/bd82x6x/me.h M src/southbridge/intel/bd82x6x/me_8.x.c 5 files changed, 104 insertions(+), 6 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/15/37115/1
diff --git a/src/mainboard/lenovo/x230/cmos.default b/src/mainboard/lenovo/x230/cmos.default index 979f132..75f27df 100644 --- a/src/mainboard/lenovo/x230/cmos.default +++ b/src/mainboard/lenovo/x230/cmos.default @@ -14,3 +14,4 @@ trackpoint=Enable backlight=Both usb_always_on=Disable +me_disable=Disable diff --git a/src/mainboard/lenovo/x230/cmos.layout b/src/mainboard/lenovo/x230/cmos.layout index 27197fb..755d98b 100644 --- a/src/mainboard/lenovo/x230/cmos.layout +++ b/src/mainboard/lenovo/x230/cmos.layout @@ -73,6 +73,9 @@
# coreboot config options: cpu #424 8 r 0 unused +424 1 e 1 me_disable +425 1 r 0 me_disable_prev +#426 6 r 0 unused
# coreboot config options: northbridge 432 3 e 11 gfx_uma_size diff --git a/src/southbridge/intel/bd82x6x/early_me.c b/src/southbridge/intel/bd82x6x/early_me.c index f82ed3e..41ca3f6 100644 --- a/src/southbridge/intel/bd82x6x/early_me.c +++ b/src/southbridge/intel/bd82x6x/early_me.c @@ -23,6 +23,7 @@ #include <halt.h> #include <string.h> #include <timestamp.h> +#include <option.h> #include "me.h" #include "pch.h"
@@ -236,7 +237,6 @@ printk(BIOS_NOTICE, "ME: Current PM event: 0x%x\n", (me_fws2 & 0xf000000) >> 24); printk(BIOS_NOTICE, "ME: Progress code : 0x%x\n", (me_fws2 & 0xf0000000) >> 28);
- /* Return the requested BIOS action */ printk(BIOS_NOTICE, "ME: Requested BIOS Action: %s\n", me_ack_values[(hfs & 0xe) >> 1]); diff --git a/src/southbridge/intel/bd82x6x/me.h b/src/southbridge/intel/bd82x6x/me.h index 203d0c0..e05a178 100644 --- a/src/southbridge/intel/bd82x6x/me.h +++ b/src/southbridge/intel/bd82x6x/me.h @@ -185,6 +185,11 @@ #define MKHI_GLOBAL_RESET 0x0b
#define MKHI_FWCAPS_GET_RULE 0x02 +#define MKHI_FWCAPS_SET_RULE 0x03 + +#define MKHI_HMRFPO_ENABLE 0x01 +#define MKHI_HMRFPO_LOCK 0x02 +#define MKHI_HMRFPO_DISABLE 0x04
#define MKHI_MDES_ENABLE 0x09
diff --git a/src/southbridge/intel/bd82x6x/me_8.x.c b/src/southbridge/intel/bd82x6x/me_8.x.c index f13ced9..5d57e02 100644 --- a/src/southbridge/intel/bd82x6x/me_8.x.c +++ b/src/southbridge/intel/bd82x6x/me_8.x.c @@ -23,6 +23,7 @@ */
#include <arch/acpi.h> +#include <cf9_reset.h> #include <device/mmio.h> #include <device/device.h> #include <device/pci.h> @@ -30,6 +31,7 @@ #include <console/console.h> #include <device/pci_ids.h> #include <device/pci_def.h> +#include <pc80/mc146818rtc.h> #include <string.h> #include <delay.h> #include <elog.h> @@ -189,7 +191,7 @@ }
static int mei_send_msg(struct mei_header *mei, struct mkhi_header *mkhi, - void *req_data) + void *req_data, bool wait_ready) { struct mei_csr host; unsigned int ndata, n; @@ -247,8 +249,11 @@ host.interrupt_generate = 1; write_host_csr(&host);
- /* Make sure ME is ready after sending request data */ - return mei_wait_for_me_ready(); + if (!wait_ready) + return 0; + else + /* Make sure ME is ready after sending request data */ + return mei_wait_for_me_ready(); }
static int mei_recv_msg(struct mkhi_header *mkhi, @@ -338,10 +343,12 @@ static inline int mei_sendrecv(struct mei_header *mei, struct mkhi_header *mkhi, void *req_data, void *rsp_data, int rsp_bytes) { - if (mei_send_msg(mei, mkhi, req_data) < 0) + if (mei_send_msg(mei, mkhi, req_data, true) < 0) return -1; + if (mei_recv_msg(mkhi, rsp_data, rsp_bytes) < 0) return -1; + return 0; }
@@ -513,6 +520,50 @@ }
#else /* !__SIMPLE_DEVICE__ */ +static void reset(void) { + struct device *lpc = pcidev_on_root(0x1f, 0); + u32 etr3 = pci_read_config32(lpc, ETR3); + u8 cf9; + + etr3 |= ETR3_CF9GR; + pci_write_config32(lpc, ETR3, etr3); + + cf9 = inb(0xcf9); + cf9 |= 0x0e; + outb(cf9, 0xcf9); + + halt(); +} + +static void enable_soft_temp_disable_mode(void) { + u32 message[2] = { 0x06, 0x01 }; + struct mkhi_header mkhi = { + .group_id = MKHI_GROUP_ID_FWCAPS, + .command = MKHI_FWCAPS_SET_RULE, + }; + struct mei_header mei = { + .is_complete = 1, + .length = sizeof(mkhi) + sizeof(message), + .host_address = MEI_HOST_ADDRESS, + .client_address = MEI_ADDRESS_MKHI, + }; + + printk(BIOS_NOTICE, "ME: %s\n", __FUNCTION__); + + /* + * ME stops responding after receiving the disable command, + * therefore it makes no sence to wait for it + */ + bool wait_ready = false; + + if (mei_send_msg(&mei, &mkhi, &message, wait_ready) < 0) + printk(BIOS_DEBUG, "ME: %s: me_send_msg returned -1 (wait timeout)\n", + __FUNCTION__); +} + +static void disable_soft_temp_disable_mode(struct device *dev) { + pci_write_config32(dev, PCI_ME_H_GS, 0x20000000); +}
/* Determine the path that we should take based on ME status */ static me_bios_path intel_me_path(struct device *dev) @@ -675,10 +726,19 @@ { me_bios_path path = intel_me_path(dev); me_bios_payload mbp_data; + u8 me_disable, me_disable_prev; + bool need_reset = false; + struct me_hfs hfs;
/* Do initial setup and determine the BIOS path */ printk(BIOS_NOTICE, "ME: BIOS path: %s\n", me_bios_path_values[path]);
+ get_option(&me_disable, "me_disable"); + get_option(&me_disable_prev, "me_disable_prev"); + + printk(BIOS_DEBUG, "ME: me_disable=%u, me_disable_prev=%u\n", + me_disable, me_disable_prev); + switch (path) { case ME_S3WAKE_BIOS_PATH: intel_me_hide(dev); @@ -710,6 +770,17 @@ } #endif
+ /* Put ME in Software Temporary Disable Mode, if needed */ + if (me_disable) { + printk(BIOS_DEBUG, "ME: need to disable ME\n"); + enable_soft_temp_disable_mode(); + if (!me_disable_prev) { + printk(BIOS_DEBUG, "ME: me_disable_prev differs, need to reset\n"); + need_reset = true; + break; + } + } + if (CONFIG_DEFAULT_CONSOLE_LOGLEVEL >= BIOS_DEBUG) { me_print_fw_version(&mbp_data.fw_version_name); me_print_fwcaps(&mbp_data.fw_caps_sku); @@ -721,12 +792,30 @@ */ break;
+ case ME_DISABLE_BIOS_PATH: + /* Bring ME out of Softwate Temporary Disable mode, if needed */ + pci_read_dword_ptr(dev, &hfs, PCI_ME_HFS); + if (hfs.operation_mode == ME_HFS_MODE_DIS && !me_disable) { + printk(BIOS_DEBUG, "ME: need to undisable ME\n"); + disable_soft_temp_disable_mode(dev); + if (me_disable_prev) { + printk(BIOS_DEBUG, "ME: me_disable_prev differs, need to reset\n"); + need_reset = true; + } + } + break; + case ME_ERROR_BIOS_PATH: case ME_RECOVERY_BIOS_PATH: - case ME_DISABLE_BIOS_PATH: case ME_FIRMWARE_UPDATE_BIOS_PATH: break; } + + if (me_disable != me_disable_prev) + set_option("me_disable_prev", &me_disable); + + if (need_reset) + reset(); }
static struct pci_operations pci_ops = {
build bot (Jenkins) has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: [WIP] sb/intel/bd82x6x: Support ME Software Disable Mode ......................................................................
Patch Set 1:
(6 comments)
https://review.coreboot.org/c/coreboot/+/37115/1/src/southbridge/intel/bd82x... File src/southbridge/intel/bd82x6x/me_8.x.c:
https://review.coreboot.org/c/coreboot/+/37115/1/src/southbridge/intel/bd82x... PS1, Line 254: else else is not generally useful after a break or return
https://review.coreboot.org/c/coreboot/+/37115/1/src/southbridge/intel/bd82x... PS1, Line 523: static void reset(void) { open brace '{' following function definitions go on the next line
https://review.coreboot.org/c/coreboot/+/37115/1/src/southbridge/intel/bd82x... PS1, Line 538: static void enable_soft_temp_disable_mode(void) { open brace '{' following function definitions go on the next line
https://review.coreboot.org/c/coreboot/+/37115/1/src/southbridge/intel/bd82x... PS1, Line 551: printk(BIOS_NOTICE, "ME: %s\n", __FUNCTION__); __func__ should be used instead of gcc specific __FUNCTION__
https://review.coreboot.org/c/coreboot/+/37115/1/src/southbridge/intel/bd82x... PS1, Line 561: __FUNCTION__); __func__ should be used instead of gcc specific __FUNCTION__
https://review.coreboot.org/c/coreboot/+/37115/1/src/southbridge/intel/bd82x... PS1, Line 564: static void disable_soft_temp_disable_mode(struct device *dev) { open brace '{' following function definitions go on the next line
Hello Alexander Couzens, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/37115
to look at the new patch set (#2).
Change subject: [WIP] sb/intel/bd82x6x: Support ME Software Disable Mode ......................................................................
[WIP] sb/intel/bd82x6x: Support ME Software Disable Mode
AFAIK, ME is supposed to enter Software Temp Disable Mode on the next reboot after receiving the disable command.
But my tests on X230 (ME firmware 8.1.1416.40) show that CF9 reset doesn't help here and user must manually perform power off/power on cycle.
So for now working algorithm to disable ME is as follows: - run `nvramtool -w me_disable=Enable` - reboot - power off - power on - run `intelmetool -m` to verify that ME is in soft temp disable mode.
To enable ME: - run `nvramtool -m me_disable=Disable` - reboot
TODO: if it's possible, find a way to perform correct program reset so that user wouldn't have to do one more power off/power on.
Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2 Signed-off-by: Evgeny Zinoviev me@ch1p.io --- M src/mainboard/lenovo/x230/cmos.default M src/mainboard/lenovo/x230/cmos.layout M src/southbridge/intel/bd82x6x/me.h M src/southbridge/intel/bd82x6x/me_8.x.c 4 files changed, 103 insertions(+), 5 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/15/37115/2
build bot (Jenkins) has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: [WIP] sb/intel/bd82x6x: Support ME Software Disable Mode ......................................................................
Patch Set 2:
(6 comments)
https://review.coreboot.org/c/coreboot/+/37115/2/src/southbridge/intel/bd82x... File src/southbridge/intel/bd82x6x/me_8.x.c:
https://review.coreboot.org/c/coreboot/+/37115/2/src/southbridge/intel/bd82x... PS2, Line 254: else else is not generally useful after a break or return
https://review.coreboot.org/c/coreboot/+/37115/2/src/southbridge/intel/bd82x... PS2, Line 523: static void reset(void) { open brace '{' following function definitions go on the next line
https://review.coreboot.org/c/coreboot/+/37115/2/src/southbridge/intel/bd82x... PS2, Line 538: static void enable_soft_temp_disable_mode(void) { open brace '{' following function definitions go on the next line
https://review.coreboot.org/c/coreboot/+/37115/2/src/southbridge/intel/bd82x... PS2, Line 551: printk(BIOS_NOTICE, "ME: %s\n", __FUNCTION__); __func__ should be used instead of gcc specific __FUNCTION__
https://review.coreboot.org/c/coreboot/+/37115/2/src/southbridge/intel/bd82x... PS2, Line 561: __FUNCTION__); __func__ should be used instead of gcc specific __FUNCTION__
https://review.coreboot.org/c/coreboot/+/37115/2/src/southbridge/intel/bd82x... PS2, Line 564: static void disable_soft_temp_disable_mode(struct device *dev) { open brace '{' following function definitions go on the next line
Hello Alexander Couzens, Patrick Rudolph, build bot (Jenkins),
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/37115
to look at the new patch set (#3).
Change subject: [WIP] sb/intel/bd82x6x: Support ME Software Disable Mode ......................................................................
[WIP] sb/intel/bd82x6x: Support ME Software Disable Mode
AFAIK, ME is supposed to enter Software Temp Disable Mode on the next reboot after receiving the disable command.
But my tests on X230 (ME firmware 8.1.1416.40) show that CF9 reset doesn't help here and user must manually perform power off/power on cycle.
So for now working algorithm to disable ME is as follows: - run `nvramtool -w me_disable=Enable` - reboot - power off - power on - run `intelmetool -m` to verify that ME is in soft temp disable mode.
To enable ME: - run `nvramtool -m me_disable=Disable` - reboot
TODO: if it's possible, find a way to perform correct program reset so that user wouldn't have to do one more power off/power on.
Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2 Signed-off-by: Evgeny Zinoviev me@ch1p.io --- M src/mainboard/lenovo/x230/cmos.default M src/mainboard/lenovo/x230/cmos.layout M src/southbridge/intel/bd82x6x/me.h M src/southbridge/intel/bd82x6x/me_8.x.c 4 files changed, 107 insertions(+), 7 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/15/37115/3
Hello Alexander Couzens, Patrick Rudolph, build bot (Jenkins),
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/37115
to look at the new patch set (#4).
Change subject: [WIP] sb/intel/bd82x6x: Support ME Software Disable Mode ......................................................................
[WIP] sb/intel/bd82x6x: Support ME Software Disable Mode
AFAIK, ME is supposed to enter Software Temp Disable Mode on the next reboot after receiving the disable command.
But my tests on X230 (ME firmware 8.1.1416.40) show that CF9 reset doesn't help here and user must manually perform power off/power on cycle.
So for now working algorithm to disable ME is as follows: - run `nvramtool -w me_disable=Enable` - reboot - power off - power on - run `intelmetool -m` to verify that ME is in soft temp disable mode.
To enable ME: - run `nvramtool -m me_disable=Disable` - reboot
TODO: - if it's possible, find a way to perform correct program reset so that user wouldn't have to do one more power off/power on - implement for 7.x
Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2 Signed-off-by: Evgeny Zinoviev me@ch1p.io --- M src/mainboard/lenovo/x230/cmos.default M src/mainboard/lenovo/x230/cmos.layout M src/southbridge/intel/bd82x6x/me.h M src/southbridge/intel/bd82x6x/me_8.x.c 4 files changed, 105 insertions(+), 7 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/15/37115/4
Hello Alexander Couzens, Patrick Rudolph, build bot (Jenkins),
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/37115
to look at the new patch set (#5).
Change subject: [WIP] sb/intel/bd82x6x: Support ME Software Disable Mode ......................................................................
[WIP] sb/intel/bd82x6x: Support ME Software Disable Mode
AFAIK, ME is supposed to enter Software Temp Disable Mode on the next reboot after receiving the disable command.
But my tests on X230 (ME firmware 8.1.1416.40) show that CF9 reset doesn't help here and user must manually perform power off/power on cycle.
So for now working algorithm to disable ME is as follows: - run `nvramtool -w me_disable=Enable` - reboot - power off - power on - run `intelmetool -m` to verify that ME is in soft temp disable mode.
To enable ME: - run `nvramtool -m me_disable=Disable` - reboot
TODO: - if it's possible, find a way to perform correct program reset so that user wouldn't have to do one more power off/power on - implement for 7.x
Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2 Signed-off-by: Evgeny Zinoviev me@ch1p.io --- M src/mainboard/lenovo/x230/cmos.default M src/mainboard/lenovo/x230/cmos.layout M src/southbridge/intel/bd82x6x/me.h M src/southbridge/intel/bd82x6x/me_8.x.c 4 files changed, 104 insertions(+), 7 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/15/37115/5
Evgeny Zinoviev has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: [WIP] sb/intel/bd82x6x: Support ME Software Disable Mode ......................................................................
Patch Set 5:
On stock BIOS on X230, after disabling ME and a software reboot, `intelmetool -m ` reports:
ME: Power Management Event : Pseudo-global reset
Power Management Event is GMES register, bits [27:24], according to intelmetool (me_status.c, static const char *me_pmevent_values[]).
Probably, we need to figure out what this pseudo-global reset is and how to trigger it.
Evgeny Zinoviev has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: [WIP] sb/intel/bd82x6x: Support ME Software Disable Mode ......................................................................
Patch Set 5:
(3 comments)
I marked it as WIP. Twice. I think it's clear that it's not ready for review.
https://review.coreboot.org/c/coreboot/+/37115/5/src/mainboard/lenovo/x230/c... File src/mainboard/lenovo/x230/cmos.default:
https://review.coreboot.org/c/coreboot/+/37115/5/src/mainboard/lenovo/x230/c... PS5, Line 17: Disable
What does this even mean? Is it disabling the ME by default, or disabling ME disablement (that is, e […]
Second.
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... File src/southbridge/intel/bd82x6x/me_8.x.c:
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 765: mkhi_hmrfpo_enable
Isn't this what you want to do?
No.
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 768: mkhi_global_reset
Isn't this your reset() function?
No.
Evgeny Zinoviev has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 7:
(11 comments)
This change is ready for review.
https://review.coreboot.org/c/coreboot/+/37115/5/src/mainboard/lenovo/x230/c... File src/mainboard/lenovo/x230/cmos.default:
https://review.coreboot.org/c/coreboot/+/37115/5/src/mainboard/lenovo/x230/c... PS5, Line 17: Disable
Ooor... […]
I think I'll turn it into enum me_state with values Normal and Disabled.
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... File src/southbridge/intel/bd82x6x/me_8.x.c:
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 521: reset
Reset of which kind? Looks like a full reset but with extra steps
Renamed and added some comments.
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 539: 0x06, 0x01
What's this?
Added a comment.
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 555: sence
sense
Removed.
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 557: bool wait_ready = false;
No need for that wait_ready boolean
Removed.
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 560: __func__);
fits on the previous line
Removed.
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 565: pci_write_config32(dev, PCI_ME_H_GS, 0x20000000);
What does this do?
Added a comment.
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 618: __func__);
fits on the previous line
Done
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 768: mkhi_global_reset
Ah, thought your reset() function is a global reset like this one.
This global reset via mkhi doesn't even work when I try it. But what I need is CF9 + CF9GR that works perfectly.
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 796: Softwate
Software
Done
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 799: undisable
uh?
Lol.
Hello Alexander Couzens, Patrick Rudolph, build bot (Jenkins), Nico Huber,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/37115
to look at the new patch set (#8).
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode
Add support for ME Soft Temporary Disable Mode. In this mode, ME doesn't load its kernel and freezes at BUP Phase. This mode is saved in ME NVRAM (and thus will remain for next reboots and poweroffs).
To disable ME: 1. nvramtool -w me_disable=Enable 2. reboot
To enable it back: 1. nvramtool -w me_disable=Disable 2. reboot
To check current status: intelmetool -m
Tested on ThinkPad X230.
BACKGROUND
There's no official Intel documentation that would explain how this should be implemented, in public. Perhaps, ME BWG contains some hints, but I don't have it.
Working binary sequence for MKHI command to put ME in Soft Temporary Disable Mode, as well as a way to bring ME out of it (by writing to H_GS register), was found and published by researchers from PT Security:
1. To disable ME, BIOS issues the disable command (before End of Post) and reboots. ME is supposed to be disabled on the next boot after DID (DRAM Init Done).
My numerous tests show that issuing the command and rebooting is not enough. If we reboot too early, ME will not be disabled: apparently, it is doing something in background after receiving the command. It works with a delay of 500-1000 ms.
I also tried to dump all known (documented) registers, such as GMES, before and during the next 2 seconds after execution of the disable command to find a possible indication that something's changed in ME and we're ready to reboot. Found nothing unfortunately.
2. To enable ME back, host writes value 0x20000000 to H_GS.
PT slides don't contain any more information on it, but my tests show, that after writing this value, GMES[31:28] is changing from 0x01 (BUP Phase) to 0x03 (Policy Module) to 0x06 (Host Communication).
This means that ME starts loading its kernel immediately, without reboot.
On the other hand, Lenovo BIOS clearly perform a reboot after enabling it (one reboot after saving the settings, then ThinkPad logo appears, and then one more reboot).
I'm not sure as to whether we should reboot here or not. For now, coreboot reboots in both cases (to enter and to exit Soft Temp Disable Mode).
TODO
- Change me_disable CMOS option to me_state with values Normal and Disabled. - Implement for 7.x and test on X220.
Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2 Signed-off-by: Evgeny Zinoviev me@ch1p.io --- M src/mainboard/lenovo/x230/cmos.default M src/mainboard/lenovo/x230/cmos.layout M src/southbridge/intel/bd82x6x/me.h M src/southbridge/intel/bd82x6x/me_8.x.c 4 files changed, 155 insertions(+), 6 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/15/37115/8
Nico Huber has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 8:
(3 comments)
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... File src/southbridge/intel/bd82x6x/me_8.x.c:
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 535: } could be:
{ set_global_reset(1); full_reset(); }
The former would have to be exported.
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 537: enable How about naming this *enter*_soft_temp_disable_mode() and the other *exit*?
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 774: if (me_disable) { I would prefer to only act if `me_disable_prev` differs. If both are 1, we tried before and failed. Probably not a good idea to try again and skip the reset.
Evgeny Zinoviev has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 9:
This change is ready for review.
Evgeny Zinoviev has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 9:
(7 comments)
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... File src/southbridge/intel/bd82x6x/me_8.x.c:
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 521: reset
Renamed and added some comments.
Removed.
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 523: struct device *lpc = pcidev_on_root(0x1f, 0); : u32 etr3 = pci_read_config32(lpc, ETR3)
Isn't this replaceable with config_of ?
Moved to a separate file.
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 535: }
could be: […]
Done
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 537: enable
How about naming this *enter*_soft_temp_disable_mode() and the other *exit*?
Done
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 539: 0x06, 0x01
Added a comment.
Done
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 546: .length = sizeof(mkhi) + sizeof(message),
Gerrit shows one tab too many?
Done
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 774: if (me_disable) {
I would prefer to only act if `me_disable_prev` differs. If both are 1, […]
Done
Hello Alexander Couzens, Patrick Rudolph, build bot (Jenkins), Nico Huber, Patrick Georgi, Martin Roth,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/37115
to look at the new patch set (#10).
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode
Add support for ME Soft Temporary Disable Mode. In this mode, ME doesn't load its kernel and freezes at BUP Phase. This mode is saved in ME NVRAM (and thus will remain for next reboots and poweroffs).
To disable ME: 1. nvramtool -w me_state=Disabled 2. reboot
To enable it back: 1. nvramtool -w me_state=Normal 2. reboot
To check current status: intelmetool -m
Tested on ThinkPad X230.
BACKGROUND
There's no Intel documentation that would explain how this should be implemented, in public. Working binary sequence for MKHI command to put ME in Soft Temporary Disable Mode, as well as a way to bring ME out of it (by writing to H_GS register), was found and published by researchers from PT Security:
1. To disable ME, BIOS issues the disable command (before End of Post) and reboots. ME is supposed to be disabled on the next boot after DID (DRAM Init Done).
My numerous tests show that issuing the command and rebooting is not enough. If we reboot too early, ME will not be disabled: apparently, it is doing something in background after receiving the command. It works with a delay of 500-1000 ms.
I also tried to dump all known (documented) registers, such as GMES and HFS, before and during the next 2 seconds after execution of the disable command to find a possible indication that something's changed in ME and we're ready to reboot. Found nothing unfortunately.
2. To enable ME back, host writes value 0x20000000 to H_GS.
PT slides don't contain any more information on it, but my tests show, that after writing this value, GMES[31:28] is changing from 0x01 (BUP Phase) to 0x03 (Policy Module) to 0x06 (Host Communication). Then, after some more time, fw_init_complete bit of HFS becomes 1.
This means that ME starts loading its kernel immediately, without reboot.
On the other hand, Lenovo BIOS clearly perform a reboot after enabling it (one reboot after saving the settings, then ThinkPad logo appears, and then one more reboot). I'm assuming we have to reset too.
TODO
- Implement for 7.x and test on X220.
Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2 Signed-off-by: Evgeny Zinoviev me@ch1p.io --- M src/mainboard/lenovo/x230/cmos.default M src/mainboard/lenovo/x230/cmos.layout M src/southbridge/intel/bd82x6x/Makefile.inc M src/southbridge/intel/bd82x6x/early_me.c M src/southbridge/intel/bd82x6x/early_me_mrc.c M src/southbridge/intel/bd82x6x/me.h M src/southbridge/intel/bd82x6x/me_8.x.c A src/southbridge/intel/bd82x6x/me_common.c M src/southbridge/intel/ibexpeak/Makefile.inc 9 files changed, 192 insertions(+), 39 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/15/37115/10
Hello Alexander Couzens, Patrick Rudolph, build bot (Jenkins), Nico Huber, Patrick Georgi, Martin Roth,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/37115
to look at the new patch set (#11).
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode
- Add support for ME Soft Temporary Disable Mode. In this mode, ME doesn't load its kernel and freezes at BUP Phase. This mode is saved in ME NVRAM (and thus will remain for next reboots and poweroffs).
- Add support of new CMOS option for Ivy Bridge ThinkPads.
HOW TO USE
To disable ME: 1. nvramtool -w me_state=Disabled 2. reboot
To enable it back: 1. nvramtool -w me_state=Normal 2. reboot
To check current status: intelmetool -m
Tested on ThinkPad X230.
BACKGROUND
There's no Intel documentation that would explain how this should be implemented, in public. Working binary sequence for MKHI command to put ME in Soft Temporary Disable Mode, as well as a way to bring ME out of it (by writing to H_GS register), was found and published by researchers from PT Security:
1. To disable ME, BIOS issues the disable command (before End of Post) and reboots. ME is supposed to be disabled on the next boot after DID (DRAM Init Done).
My numerous tests show that issuing the command and rebooting is not enough. If we reboot too early, ME will not be disabled: apparently, it is doing something in background after receiving the command. It works with a delay of 500-1000 ms.
I also tried to dump all known (documented) registers, such as GMES and HFS, before and during the next 2 seconds after execution of the disable command to find a possible indication that something's changed in ME and we're ready to reboot. Found nothing unfortunately.
2. To enable ME back, host writes value 0x20000000 to H_GS.
PT slides don't contain any more information on it, but my tests show, that after writing this value, GMES[31:28] is changing from 0x01 (BUP Phase) to 0x03 (Policy Module) to 0x06 (Host Communication). Then, after some more time, fw_init_complete bit of HFS becomes 1.
This means that ME starts loading its kernel immediately, without reboot.
On the other hand, Lenovo BIOS clearly perform a reboot after enabling it (one reboot after saving the settings, then ThinkPad logo appears, and then one more reboot). I'm assuming we have to reset too.
TODO
- Implement for 7.x and test on X220.
Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2 Signed-off-by: Evgeny Zinoviev me@ch1p.io --- M src/mainboard/lenovo/t430/cmos.default M src/mainboard/lenovo/t430/cmos.layout M src/mainboard/lenovo/t430s/cmos.default M src/mainboard/lenovo/t430s/cmos.layout M src/mainboard/lenovo/t530/cmos.default M src/mainboard/lenovo/t530/cmos.layout M src/mainboard/lenovo/x230/cmos.default M src/mainboard/lenovo/x230/cmos.layout M src/southbridge/intel/bd82x6x/Makefile.inc M src/southbridge/intel/bd82x6x/early_me.c M src/southbridge/intel/bd82x6x/early_me_mrc.c M src/southbridge/intel/bd82x6x/me.h M src/southbridge/intel/bd82x6x/me_8.x.c A src/southbridge/intel/bd82x6x/me_common.c M src/southbridge/intel/ibexpeak/Makefile.inc 15 files changed, 210 insertions(+), 42 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/15/37115/11
Paul Menzel has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 11:
(8 comments)
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... File src/southbridge/intel/bd82x6x/me.h:
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 193: #define CMOS_ME_STATE_DISABLED 1 Use tabs for alignment as above.
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 250: int Make that boolean?
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... File src/southbridge/intel/bd82x6x/me_8.x.c:
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 637: printk(BIOS_CRIT, "%s: mbp is not ready!\n", __func__); Unrelated.
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 758: BIOS_SPEW Level *info* or *debug* would be more useful I guess.
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 799: printk(BIOS_ERR, "ME: failed to enter Soft Temporary Disable mode\n"); {} around this branch.
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 821: BIOS_INFO Level *notice* would be more appropriate in my opinion.
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... File src/southbridge/intel/bd82x6x/me_common.c:
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 21: int boolean
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 28: #endif Why is the distinction needed? Is it run in romstage and ramstage?
Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 11:
(1 comment)
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... File src/southbridge/intel/bd82x6x/me_8.x.c:
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 821: BIOS_INFO
Level *notice* would be more appropriate in my opinion.
I don't think it's that important.
Damien Zammit has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 11: Code-Review+1
I have been looking for this kind of thing for ages! Thank you for figuring it out.
What is preventing this from being merged? Can it be rebased easily?
Paul Menzel has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 11:
(9 comments)
https://review.coreboot.org/c/coreboot/+/37115/11//COMMIT_MSG Commit Message:
https://review.coreboot.org/c/coreboot/+/37115/11//COMMIT_MSG@10 PS11, Line 10: at BUP Phase … at Bring UP (BUP) phase.
https://review.coreboot.org/c/coreboot/+/37115/11//COMMIT_MSG@43 PS11, Line 43: disabled: apparently I’d use:
… disabled. Apparently, …
https://review.coreboot.org/c/coreboot/+/37115/11//COMMIT_MSG@39 PS11, Line 39: and reboots. ME is supposed to be disabled on the next boot after DID : (DRAM Init Done). : : My numerous tests show that issuing the command and rebooting is not : enough. If we reboot too early, ME will not be disabled: apparently, : it is doing something in background after receiving the command. It : works with a delay of 500-1000 ms. : : I also tried to dump all known (documented) registers, such as GMES and : HFS, before and during the next 2 seconds after execution of the : disable command to find a possible indication that something's changed : in ME and we're ready to reboot. Found nothing unfortunately. Indent with four spaces, so it’s clear that this belongs to item 1.?
https://review.coreboot.org/c/coreboot/+/37115/11//COMMIT_MSG@54 PS11, Line 54: PT slides don't contain any more information on it, but my tests show, : that after writing this value, GMES[31:28] is changing from 0x01 (BUP : Phase) to 0x03 (Policy Module) to 0x06 (Host Communication). Then, : after some more time, fw_init_complete bit of HFS becomes 1. : : This means that ME starts loading its kernel immediately, without : reboot. : : On the other hand, Lenovo BIOS clearly perform a reboot after enabling : it (one reboot after saving the settings, then ThinkPad logo appears, : and then one more reboot). I'm assuming we have to reset too. Please indent too.
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... File src/southbridge/intel/bd82x6x/me_8.x.c:
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 533: .client_address = MEI_ADDRESS_MKHI, Please use tabs for alignment.
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 539: BIOS_DEBUG Please make it at least a warning or even error?
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 573: */ Use oneline comment?
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 574: for (i = 0; i < 400; i++) { : mdelay(50); : pci_read_dword_ptr(dev, &hfs, PCI_ME_HFS); : printk(BIOS_SPEW, "ME: hfs.fw_init_complete=%d after %dms\n", : hfs.fw_init_complete, (i+1)*50); : : if (hfs.fw_init_complete) : break; : } : : if (!hfs.fw_init_complete) : printk(BIOS_ERR, "ME: giving up on waiting for fw_init_complete\n"); Please use the stopwatch framework, and print the total time in the end.
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... File src/southbridge/intel/bd82x6x/me_common.c:
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 13: */ Please use SPDX license header.
Paul Menzel has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 11:
(1 comment)
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... File src/southbridge/intel/bd82x6x/me_8.x.c:
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 821: BIOS_INFO
I don't think it's that important.
Ack
Hello build bot (Jenkins), Nico Huber, Damien Zammit, Patrick Georgi, Martin Roth, Alexander Couzens, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/37115
to look at the new patch set (#12).
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode
- Add support for ME Soft Temporary Disable Mode. In this mode, ME doesn't load its kernel and freezes at BUP Phase. This mode is saved in ME NVRAM (and thus will remain for next reboots and poweroffs).
- Add support of new CMOS option for Ivy Bridge ThinkPads.
HOW TO USE
To disable ME: 1. nvramtool -w me_state=Disabled 2. reboot
To enable it back: 1. nvramtool -w me_state=Normal 2. reboot
To check current status: intelmetool -m
Tested on ThinkPad X230.
BACKGROUND
There's no Intel documentation that would explain how this should be implemented, in public. Working binary sequence for MKHI command to put ME in Soft Temporary Disable Mode, as well as a way to bring ME out of it (by writing to H_GS register), was found and published by researchers from PT Security:
1. To disable ME, BIOS issues the disable command (before End of Post) and reboots. ME is supposed to be disabled on the next boot after DID (DRAM Init Done).
My numerous tests show that issuing the command and rebooting is not enough. If we reboot too early, ME will not be disabled: apparently, it is doing something in background after receiving the command. It works with a delay of 500-1000 ms.
I also tried to dump all known (documented) registers, such as GMES and HFS, before and during the next 2 seconds after execution of the disable command to find a possible indication that something's changed in ME and we're ready to reboot. Found nothing unfortunately.
2. To enable ME back, host writes value 0x20000000 to H_GS.
PT slides don't contain any more information on it, but my tests show, that after writing this value, GMES[31:28] is changing from 0x01 (BUP Phase) to 0x03 (Policy Module) to 0x06 (Host Communication). Then, after some more time, fw_init_complete bit of HFS becomes 1.
This means that ME starts loading its kernel immediately, without reboot.
On the other hand, Lenovo BIOS clearly perform a reboot after enabling it (one reboot after saving the settings, then ThinkPad logo appears, and then one more reboot). I'm assuming we have to reset too.
TODO
- Implement for 7.x and test on X220.
Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2 Signed-off-by: Evgeny Zinoviev me@ch1p.io --- M src/mainboard/lenovo/t430/cmos.default M src/mainboard/lenovo/t430/cmos.layout M src/mainboard/lenovo/t430s/cmos.default M src/mainboard/lenovo/t430s/cmos.layout M src/mainboard/lenovo/t530/cmos.default M src/mainboard/lenovo/t530/cmos.layout M src/mainboard/lenovo/x230/cmos.default M src/mainboard/lenovo/x230/cmos.layout M src/southbridge/intel/bd82x6x/Makefile.inc M src/southbridge/intel/bd82x6x/early_me.c M src/southbridge/intel/bd82x6x/early_me_mrc.c M src/southbridge/intel/bd82x6x/me.h M src/southbridge/intel/bd82x6x/me_8.x.c A src/southbridge/intel/bd82x6x/me_common.c M src/southbridge/intel/ibexpeak/Makefile.inc 15 files changed, 197 insertions(+), 40 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/15/37115/12
Hello build bot (Jenkins), Nico Huber, Damien Zammit, Patrick Georgi, Martin Roth, Alexander Couzens, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/37115
to look at the new patch set (#13).
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode
- Add support for ME Soft Temporary Disable Mode. In this mode, ME doesn't load its kernel and freezes at Bring UP (BUP) phase. This mode is saved in ME NVRAM (and thus will remain for next reboots and poweroffs).
- Add support of new CMOS option for Sandy Bridge and Ivy Bridge ThinkPads.
HOW TO USE
To disable ME: 1. nvramtool -w me_state=Disabled 2. reboot
To enable it back: 1. nvramtool -w me_state=Normal 2. reboot
To check current status: intelmetool -m
Tested on ThinkPad X230 and ThinkPad X220.
BACKGROUND
There's no Intel documentation that would explain how this should be implemented, in public. Working binary sequence for MKHI command to put ME in Soft Temporary Disable Mode, as well as a way to bring ME out of it (by writing to H_GS register), was found and published by researchers from PT Security:
1. To disable ME, BIOS issues the disable command (before End of Post) and reboots. ME is supposed to be disabled on the next boot after DID (DRAM Init Done).
My numerous tests show that issuing the command and rebooting is not enough. If we reboot too early, ME will not be disabled. Apparently, it is doing something in background after receiving the command. It works with a delay of 500-1000 ms.
I also tried to dump all known (documented) registers, such as GMES and HFS, before and during the next 2 seconds after execution of the disable command to find a possible indication that something's changed in ME and we're ready to reboot. Found nothing unfortunately.
2. To enable ME back, host writes value 0x20000000 to H_GS.
PT slides don't contain any more information on it, but my tests show, that after writing this value, GMES[31:28] is changing from 0x01 (BUP phase) to 0x03 (Policy Module) to 0x06 (Host Communication). Then, after some more time, fw_init_complete bit of HFS becomes 1.
This means that ME starts loading its kernel immediately, without reboot.
On the other hand, Lenovo BIOS clearly perform a reboot after enabling it (one reboot after saving the settings, then ThinkPad logo appears, and then one more reboot). I'm assuming we have to reset too.
Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2 Signed-off-by: Evgeny Zinoviev me@ch1p.io --- M src/mainboard/lenovo/l520/cmos.default M src/mainboard/lenovo/l520/cmos.layout M src/mainboard/lenovo/t420/cmos.default M src/mainboard/lenovo/t420/cmos.layout M src/mainboard/lenovo/t420s/cmos.default M src/mainboard/lenovo/t420s/cmos.layout M src/mainboard/lenovo/t430/cmos.default M src/mainboard/lenovo/t430/cmos.layout M src/mainboard/lenovo/t430s/cmos.default M src/mainboard/lenovo/t430s/cmos.layout M src/mainboard/lenovo/t520/cmos.default M src/mainboard/lenovo/t520/cmos.layout M src/mainboard/lenovo/t530/cmos.default M src/mainboard/lenovo/t530/cmos.layout M src/mainboard/lenovo/x220/cmos.default M src/mainboard/lenovo/x220/cmos.layout M src/mainboard/lenovo/x230/cmos.default M src/mainboard/lenovo/x230/cmos.layout M src/southbridge/intel/bd82x6x/Makefile.inc M src/southbridge/intel/bd82x6x/early_me.c M src/southbridge/intel/bd82x6x/early_me_mrc.c M src/southbridge/intel/bd82x6x/me.c M src/southbridge/intel/bd82x6x/me.h M src/southbridge/intel/bd82x6x/me_8.x.c A src/southbridge/intel/bd82x6x/me_common.c M src/southbridge/intel/ibexpeak/Makefile.inc 26 files changed, 358 insertions(+), 53 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/15/37115/13
Evgeny Zinoviev has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 13:
(16 comments)
https://review.coreboot.org/c/coreboot/+/37115/11//COMMIT_MSG Commit Message:
https://review.coreboot.org/c/coreboot/+/37115/11//COMMIT_MSG@10 PS11, Line 10: at BUP Phase
… at Bring UP (BUP) phase.
Done
https://review.coreboot.org/c/coreboot/+/37115/11//COMMIT_MSG@43 PS11, Line 43: disabled: apparently
I’d use: […]
Done
https://review.coreboot.org/c/coreboot/+/37115/11//COMMIT_MSG@39 PS11, Line 39: and reboots. ME is supposed to be disabled on the next boot after DID : (DRAM Init Done). : : My numerous tests show that issuing the command and rebooting is not : enough. If we reboot too early, ME will not be disabled: apparently, : it is doing something in background after receiving the command. It : works with a delay of 500-1000 ms. : : I also tried to dump all known (documented) registers, such as GMES and : HFS, before and during the next 2 seconds after execution of the : disable command to find a possible indication that something's changed : in ME and we're ready to reboot. Found nothing unfortunately.
Indent with four spaces, so it’s clear that this belongs to item 1. […]
Done
https://review.coreboot.org/c/coreboot/+/37115/11//COMMIT_MSG@54 PS11, Line 54: PT slides don't contain any more information on it, but my tests show, : that after writing this value, GMES[31:28] is changing from 0x01 (BUP : Phase) to 0x03 (Policy Module) to 0x06 (Host Communication). Then, : after some more time, fw_init_complete bit of HFS becomes 1. : : This means that ME starts loading its kernel immediately, without : reboot. : : On the other hand, Lenovo BIOS clearly perform a reboot after enabling : it (one reboot after saving the settings, then ThinkPad logo appears, : and then one more reboot). I'm assuming we have to reset too.
Please indent too.
Done
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... File src/southbridge/intel/bd82x6x/me.h:
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 193: #define CMOS_ME_STATE_DISABLED 1
Use tabs for alignment as above.
Done
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 250: int
Make that boolean?
Done
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... File src/southbridge/intel/bd82x6x/me_8.x.c:
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 521: reset
Removed.
Done
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 565: pci_write_config32(dev, PCI_ME_H_GS, 0x20000000);
Added a comment.
It's done I guess.
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... File src/southbridge/intel/bd82x6x/me_8.x.c:
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 533: .client_address = MEI_ADDRESS_MKHI,
Please use tabs for alignment.
Done
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 539: BIOS_DEBUG
Please make it at least a warning or even error?
Done
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 573: */
Use oneline comment?
Done
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 637: printk(BIOS_CRIT, "%s: mbp is not ready!\n", __func__);
Unrelated.
Done
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 758: BIOS_SPEW
Level *info* or *debug* would be more useful I guess.
Done
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 799: printk(BIOS_ERR, "ME: failed to enter Soft Temporary Disable mode\n");
{} around this branch.
Done
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... File src/southbridge/intel/bd82x6x/me_common.c:
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 13: */
Please use SPDX license header.
Done
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 28: #endif
Why is the distinction needed? Is it run in romstage and ramstage?
Yes.
Evgeny Zinoviev has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 13:
(6 comments)
https://review.coreboot.org/c/coreboot/+/37115/5/src/mainboard/lenovo/x230/c... File src/mainboard/lenovo/x230/cmos.default:
https://review.coreboot.org/c/coreboot/+/37115/5/src/mainboard/lenovo/x230/c... PS5, Line 17: Disable
I think I'll turn it into enum me_state with values Normal and Disabled.
Done
https://review.coreboot.org/c/coreboot/+/37115/5/src/mainboard/lenovo/x230/c... File src/mainboard/lenovo/x230/cmos.layout:
https://review.coreboot.org/c/coreboot/+/37115/5/src/mainboard/lenovo/x230/c... PS5, Line 76: 0
This refers to CMOS enumeration #0, which is like #1 but "wired" backwards. […]
Not relevant anymore.
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... File src/southbridge/intel/bd82x6x/me.h:
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 190: #define MKHI_HMRFPO_ENABLE 0x01
Is it me, or are these hex values not aligned?
Done
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... File src/southbridge/intel/bd82x6x/me_8.x.c:
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 523: struct device *lpc = pcidev_on_root(0x1f, 0); : u32 etr3 = pci_read_config32(lpc, ETR3)
Moved to a separate file.
Not sure. Is this a problem?
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... File src/southbridge/intel/bd82x6x/me_common.c:
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 21: int
boolean
Done
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 28: #endif
Yes.
Done I guess.
Evgeny Zinoviev has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 13:
Not sure why Gerrit thinks this is a Merge Conflict. There is a relation chain, probably it ignores parent commits and compares it directly to master?
Hello build bot (Jenkins), Nico Huber, Damien Zammit, Patrick Georgi, Martin Roth, Alexander Couzens, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/37115
to look at the new patch set (#14).
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode
- Add support for ME Soft Temporary Disable Mode. In this mode, ME doesn't load its kernel and freezes at Bring UP (BUP) phase. This mode is saved in ME NVRAM (and thus will remain for next reboots and poweroffs).
- Add support of new CMOS option for Sandy Bridge and Ivy Bridge ThinkPads.
HOW TO USE
To disable ME: 1. nvramtool -w me_state=Disabled 2. reboot
To enable it back: 1. nvramtool -w me_state=Normal 2. reboot
To check current status: intelmetool -m
Tested on ThinkPad X230 and ThinkPad X220.
BACKGROUND
There's no Intel documentation that would explain how this should be implemented, in public. Working binary sequence for MKHI command to put ME in Soft Temporary Disable Mode, as well as a way to bring ME out of it (by writing to H_GS register), was found and published by researchers from PT Security:
1. To disable ME, BIOS issues the disable command (before End of Post) and reboots. ME is supposed to be disabled on the next boot after DID (DRAM Init Done).
My numerous tests show that issuing the command and rebooting is not enough. If we reboot too early, ME will not be disabled. Apparently, it is doing something in background after receiving the command. It works with a delay of 500-1000 ms.
I also tried to dump all known (documented) registers, such as GMES and HFS, before and during the next 2 seconds after execution of the disable command to find a possible indication that something's changed in ME and we're ready to reboot. Found nothing unfortunately.
2. To enable ME back, host writes value 0x20000000 to H_GS.
PT slides don't contain any more information on it, but my tests show, that after writing this value, GMES[31:28] is changing from 0x01 (BUP phase) to 0x03 (Policy Module) to 0x06 (Host Communication). Then, after some more time, fw_init_complete bit of HFS becomes 1.
This means that ME starts loading its kernel immediately, without reboot.
On the other hand, Lenovo BIOS clearly perform a reboot after enabling it (one reboot after saving the settings, then ThinkPad logo appears, and then one more reboot). I'm assuming we have to reset too.
Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2 Signed-off-by: Evgeny Zinoviev me@ch1p.io --- M src/mainboard/lenovo/l520/cmos.default M src/mainboard/lenovo/l520/cmos.layout M src/mainboard/lenovo/t420/cmos.default M src/mainboard/lenovo/t420/cmos.layout M src/mainboard/lenovo/t420s/cmos.default M src/mainboard/lenovo/t420s/cmos.layout M src/mainboard/lenovo/t430/cmos.default M src/mainboard/lenovo/t430/cmos.layout M src/mainboard/lenovo/t430s/cmos.default M src/mainboard/lenovo/t430s/cmos.layout M src/mainboard/lenovo/t520/cmos.default M src/mainboard/lenovo/t520/cmos.layout M src/mainboard/lenovo/t530/cmos.default M src/mainboard/lenovo/t530/cmos.layout M src/mainboard/lenovo/x220/cmos.default M src/mainboard/lenovo/x220/cmos.layout M src/mainboard/lenovo/x230/cmos.default M src/mainboard/lenovo/x230/cmos.layout M src/southbridge/intel/bd82x6x/Makefile.inc M src/southbridge/intel/bd82x6x/early_me.c M src/southbridge/intel/bd82x6x/early_me_mrc.c M src/southbridge/intel/bd82x6x/me.c M src/southbridge/intel/bd82x6x/me.h M src/southbridge/intel/bd82x6x/me_8.x.c A src/southbridge/intel/bd82x6x/me_common.c M src/southbridge/intel/ibexpeak/Makefile.inc 26 files changed, 366 insertions(+), 53 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/15/37115/14
Evgeny Zinoviev has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 14:
(1 comment)
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... File src/southbridge/intel/bd82x6x/me_8.x.c:
https://review.coreboot.org/c/coreboot/+/37115/11/src/southbridge/intel/bd82... PS11, Line 574: for (i = 0; i < 400; i++) { : mdelay(50); : pci_read_dword_ptr(dev, &hfs, PCI_ME_HFS); : printk(BIOS_SPEW, "ME: hfs.fw_init_complete=%d after %dms\n", : hfs.fw_init_complete, (i+1)*50); : : if (hfs.fw_init_complete) : break; : } : : if (!hfs.fw_init_complete) : printk(BIOS_ERR, "ME: giving up on waiting for fw_init_complete\n");
Please use the stopwatch framework, and print the total time in the end.
Done
Hello build bot (Jenkins), Nico Huber, Damien Zammit, Patrick Georgi, Martin Roth, Alexander Couzens, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/37115
to look at the new patch set (#16).
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode
- Add support for ME Soft Temporary Disable Mode. In this mode, ME doesn't load its kernel and freezes at Bring UP (BUP) phase. This mode is saved in ME NVRAM (and thus will remain for next reboots and poweroffs).
- Add support of new CMOS option for Sandy Bridge and Ivy Bridge ThinkPads.
HOW TO USE
To disable ME: 1. nvramtool -w me_state=Disabled 2. reboot
To enable it back: 1. nvramtool -w me_state=Normal 2. reboot
To check current status: intelmetool -m
Tested on ThinkPad X230 and ThinkPad X220.
BACKGROUND
There's no Intel documentation that would explain how this should be implemented, in public. Working binary sequence for MKHI command to put ME in Soft Temporary Disable Mode, as well as a way to bring ME out of it (by writing to H_GS register), was found and published by researchers from PT Security:
1. To disable ME, BIOS issues the disable command (before End of Post) and reboots. ME is supposed to be disabled on the next boot after DID (DRAM Init Done).
My numerous tests show that issuing the command and rebooting is not enough. If we reboot too early, ME will not be disabled. Apparently, it is doing something in background after receiving the command. It works with a delay of 500-1000 ms.
I also tried to dump all known (documented) registers, such as GMES and HFS, before and during the next 2 seconds after execution of the disable command to find a possible indication that something's changed in ME and we're ready to reboot. Found nothing unfortunately.
2. To enable ME back, host writes value 0x20000000 to H_GS.
PT slides don't contain any more information on it, but my tests show, that after writing this value, GMES[31:28] is changing from 0x01 (BUP phase) to 0x03 (Policy Module) to 0x06 (Host Communication). Then, after some more time, fw_init_complete bit of HFS becomes 1.
This means that ME starts loading its kernel immediately, without reboot.
On the other hand, Lenovo BIOS clearly perform a reboot after enabling it (one reboot after saving the settings, then ThinkPad logo appears, and then one more reboot). I'm assuming we have to reset too.
Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2 Signed-off-by: Evgeny Zinoviev me@ch1p.io --- M src/mainboard/lenovo/l520/cmos.default M src/mainboard/lenovo/l520/cmos.layout M src/mainboard/lenovo/t420/cmos.default M src/mainboard/lenovo/t420/cmos.layout M src/mainboard/lenovo/t420s/cmos.default M src/mainboard/lenovo/t420s/cmos.layout M src/mainboard/lenovo/t430/cmos.default M src/mainboard/lenovo/t430/cmos.layout M src/mainboard/lenovo/t430s/cmos.default M src/mainboard/lenovo/t430s/cmos.layout M src/mainboard/lenovo/t520/cmos.default M src/mainboard/lenovo/t520/cmos.layout M src/mainboard/lenovo/t530/cmos.default M src/mainboard/lenovo/t530/cmos.layout M src/mainboard/lenovo/x220/cmos.default M src/mainboard/lenovo/x220/cmos.layout M src/mainboard/lenovo/x230/cmos.default M src/mainboard/lenovo/x230/cmos.layout M src/southbridge/intel/bd82x6x/Makefile.inc M src/southbridge/intel/bd82x6x/early_me.c M src/southbridge/intel/bd82x6x/early_me_mrc.c M src/southbridge/intel/bd82x6x/me.c A src/southbridge/intel/bd82x6x/me.c.orig M src/southbridge/intel/bd82x6x/me.h M src/southbridge/intel/bd82x6x/me_8.x.c A src/southbridge/intel/bd82x6x/me_8.x.c.orig A src/southbridge/intel/bd82x6x/me_common.c M src/southbridge/intel/ibexpeak/Makefile.inc 28 files changed, 2,153 insertions(+), 51 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/15/37115/16
Hello build bot (Jenkins), Nico Huber, Damien Zammit, Patrick Georgi, Martin Roth, Alexander Couzens, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/37115
to look at the new patch set (#17).
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode
- Add support for ME Soft Temporary Disable Mode. In this mode, ME doesn't load its kernel and freezes at Bring UP (BUP) phase. This mode is saved in ME NVRAM (and thus will remain for next reboots and poweroffs).
- Add support of new CMOS option for Sandy Bridge and Ivy Bridge ThinkPads.
HOW TO USE
To disable ME: 1. nvramtool -w me_state=Disabled 2. reboot
To enable it back: 1. nvramtool -w me_state=Normal 2. reboot
To check current status: intelmetool -m
Tested on ThinkPad X230 and ThinkPad X220.
BACKGROUND
There's no Intel documentation that would explain how this should be implemented, in public. Working binary sequence for MKHI command to put ME in Soft Temporary Disable Mode, as well as a way to bring ME out of it (by writing to H_GS register), was found and published by researchers from PT Security:
1. To disable ME, BIOS issues the disable command (before End of Post) and reboots. ME is supposed to be disabled on the next boot after DID (DRAM Init Done).
My numerous tests show that issuing the command and rebooting is not enough. If we reboot too early, ME will not be disabled. Apparently, it is doing something in background after receiving the command. It works with a delay of 500-1000 ms.
I also tried to dump all known (documented) registers, such as GMES and HFS, before and during the next 2 seconds after execution of the disable command to find a possible indication that something's changed in ME and we're ready to reboot. Found nothing unfortunately.
2. To enable ME back, host writes value 0x20000000 to H_GS.
PT slides don't contain any more information on it, but my tests show, that after writing this value, GMES[31:28] is changing from 0x01 (BUP phase) to 0x03 (Policy Module) to 0x06 (Host Communication). Then, after some more time, fw_init_complete bit of HFS becomes 1.
This means that ME starts loading its kernel immediately, without reboot.
On the other hand, Lenovo BIOS clearly perform a reboot after enabling it (one reboot after saving the settings, then ThinkPad logo appears, and then one more reboot). I'm assuming we have to reset too.
Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2 Signed-off-by: Evgeny Zinoviev me@ch1p.io --- M src/mainboard/lenovo/l520/cmos.default M src/mainboard/lenovo/l520/cmos.layout M src/mainboard/lenovo/t420/cmos.default M src/mainboard/lenovo/t420/cmos.layout M src/mainboard/lenovo/t420s/cmos.default M src/mainboard/lenovo/t420s/cmos.layout M src/mainboard/lenovo/t430/cmos.default M src/mainboard/lenovo/t430/cmos.layout M src/mainboard/lenovo/t430s/cmos.default M src/mainboard/lenovo/t430s/cmos.layout M src/mainboard/lenovo/t520/cmos.default M src/mainboard/lenovo/t520/cmos.layout M src/mainboard/lenovo/t530/cmos.default M src/mainboard/lenovo/t530/cmos.layout M src/mainboard/lenovo/x220/cmos.default M src/mainboard/lenovo/x220/cmos.layout M src/mainboard/lenovo/x230/cmos.default M src/mainboard/lenovo/x230/cmos.layout M src/southbridge/intel/bd82x6x/Makefile.inc M src/southbridge/intel/bd82x6x/early_me.c M src/southbridge/intel/bd82x6x/early_me_mrc.c M src/southbridge/intel/bd82x6x/me.c A src/southbridge/intel/bd82x6x/me.c.orig M src/southbridge/intel/bd82x6x/me.h M src/southbridge/intel/bd82x6x/me_8.x.c A src/southbridge/intel/bd82x6x/me_8.x.c.orig A src/southbridge/intel/bd82x6x/me_common.c M src/southbridge/intel/ibexpeak/Makefile.inc 28 files changed, 2,153 insertions(+), 53 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/15/37115/17
Hello build bot (Jenkins), Nico Huber, Damien Zammit, Patrick Georgi, Martin Roth, Alexander Couzens, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/37115
to look at the new patch set (#18).
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode
- Add support for ME Soft Temporary Disable Mode. In this mode, ME doesn't load its kernel and freezes at Bring UP (BUP) phase. This mode is saved in ME NVRAM (and thus will remain for next reboots and poweroffs).
- Add support of new CMOS option for Sandy Bridge and Ivy Bridge ThinkPads.
HOW TO USE
To disable ME: 1. nvramtool -w me_state=Disabled 2. reboot
To enable it back: 1. nvramtool -w me_state=Normal 2. reboot
To check current status: intelmetool -m
Tested on ThinkPad X230 and ThinkPad X220.
BACKGROUND
There's no Intel documentation that would explain how this should be implemented, in public. Working binary sequence for MKHI command to put ME in Soft Temporary Disable Mode, as well as a way to bring ME out of it (by writing to H_GS register), was found and published by researchers from PT Security:
1. To disable ME, BIOS issues the disable command (before End of Post) and reboots. ME is supposed to be disabled on the next boot after DID (DRAM Init Done).
My numerous tests show that issuing the command and rebooting is not enough. If we reboot too early, ME will not be disabled. Apparently, it is doing something in background after receiving the command. It works with a delay of 500-1000 ms.
I also tried to dump all known (documented) registers, such as GMES and HFS, before and during the next 2 seconds after execution of the disable command to find a possible indication that something's changed in ME and we're ready to reboot. Found nothing unfortunately.
2. To enable ME back, host writes value 0x20000000 to H_GS.
PT slides don't contain any more information on it, but my tests show, that after writing this value, GMES[31:28] is changing from 0x01 (BUP phase) to 0x03 (Policy Module) to 0x06 (Host Communication). Then, after some more time, fw_init_complete bit of HFS becomes 1.
This means that ME starts loading its kernel immediately, without reboot.
On the other hand, Lenovo BIOS clearly perform a reboot after enabling it (one reboot after saving the settings, then ThinkPad logo appears, and then one more reboot). I'm assuming we have to reset too.
Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2 Signed-off-by: Evgeny Zinoviev me@ch1p.io --- M src/mainboard/lenovo/l520/cmos.default M src/mainboard/lenovo/l520/cmos.layout M src/mainboard/lenovo/t420/cmos.default M src/mainboard/lenovo/t420/cmos.layout M src/mainboard/lenovo/t420s/cmos.default M src/mainboard/lenovo/t420s/cmos.layout M src/mainboard/lenovo/t430/cmos.default M src/mainboard/lenovo/t430/cmos.layout M src/mainboard/lenovo/t430s/cmos.default M src/mainboard/lenovo/t430s/cmos.layout M src/mainboard/lenovo/t520/cmos.default M src/mainboard/lenovo/t520/cmos.layout M src/mainboard/lenovo/t530/cmos.default M src/mainboard/lenovo/t530/cmos.layout M src/mainboard/lenovo/x220/cmos.default M src/mainboard/lenovo/x220/cmos.layout M src/mainboard/lenovo/x230/cmos.default M src/mainboard/lenovo/x230/cmos.layout M src/southbridge/intel/bd82x6x/Makefile.inc M src/southbridge/intel/bd82x6x/early_me.c M src/southbridge/intel/bd82x6x/early_me_mrc.c M src/southbridge/intel/bd82x6x/me.c M src/southbridge/intel/bd82x6x/me.h M src/southbridge/intel/bd82x6x/me_8.x.c A src/southbridge/intel/bd82x6x/me_8.x.c.orig A src/southbridge/intel/bd82x6x/me_common.c M src/southbridge/intel/ibexpeak/Makefile.inc 27 files changed, 1,326 insertions(+), 53 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/15/37115/18
Hello build bot (Jenkins), Nico Huber, Damien Zammit, Patrick Georgi, Martin Roth, Alexander Couzens, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/37115
to look at the new patch set (#19).
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode
- Add support for ME Soft Temporary Disable Mode. In this mode, ME doesn't load its kernel and freezes at Bring UP (BUP) phase. This mode is saved in ME NVRAM (and thus will remain for next reboots and poweroffs).
- Add support of new CMOS option for Sandy Bridge and Ivy Bridge ThinkPads.
HOW TO USE
To disable ME: 1. nvramtool -w me_state=Disabled 2. reboot
To enable it back: 1. nvramtool -w me_state=Normal 2. reboot
To check current status: intelmetool -m
Tested on ThinkPad X230 and ThinkPad X220.
BACKGROUND
There's no Intel documentation that would explain how this should be implemented, in public. Working binary sequence for MKHI command to put ME in Soft Temporary Disable Mode, as well as a way to bring ME out of it (by writing to H_GS register), was found and published by researchers from PT Security:
1. To disable ME, BIOS issues the disable command (before End of Post) and reboots. ME is supposed to be disabled on the next boot after DID (DRAM Init Done).
My numerous tests show that issuing the command and rebooting is not enough. If we reboot too early, ME will not be disabled. Apparently, it is doing something in background after receiving the command. It works with a delay of 500-1000 ms.
I also tried to dump all known (documented) registers, such as GMES and HFS, before and during the next 2 seconds after execution of the disable command to find a possible indication that something's changed in ME and we're ready to reboot. Found nothing unfortunately.
2. To enable ME back, host writes value 0x20000000 to H_GS.
PT slides don't contain any more information on it, but my tests show, that after writing this value, GMES[31:28] is changing from 0x01 (BUP phase) to 0x03 (Policy Module) to 0x06 (Host Communication). Then, after some more time, fw_init_complete bit of HFS becomes 1.
This means that ME starts loading its kernel immediately, without reboot.
On the other hand, Lenovo BIOS clearly perform a reboot after enabling it (one reboot after saving the settings, then ThinkPad logo appears, and then one more reboot). I'm assuming we have to reset too.
Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2 Signed-off-by: Evgeny Zinoviev me@ch1p.io --- M src/mainboard/lenovo/l520/cmos.default M src/mainboard/lenovo/l520/cmos.layout M src/mainboard/lenovo/t420/cmos.default M src/mainboard/lenovo/t420/cmos.layout M src/mainboard/lenovo/t420s/cmos.default M src/mainboard/lenovo/t420s/cmos.layout M src/mainboard/lenovo/t430/cmos.default M src/mainboard/lenovo/t430/cmos.layout M src/mainboard/lenovo/t430s/cmos.default M src/mainboard/lenovo/t430s/cmos.layout M src/mainboard/lenovo/t520/cmos.default M src/mainboard/lenovo/t520/cmos.layout M src/mainboard/lenovo/t530/cmos.default M src/mainboard/lenovo/t530/cmos.layout M src/mainboard/lenovo/x220/cmos.default M src/mainboard/lenovo/x220/cmos.layout M src/mainboard/lenovo/x230/cmos.default M src/mainboard/lenovo/x230/cmos.layout M src/southbridge/intel/bd82x6x/Makefile.inc M src/southbridge/intel/bd82x6x/early_me.c M src/southbridge/intel/bd82x6x/early_me_mrc.c M src/southbridge/intel/bd82x6x/me.c M src/southbridge/intel/bd82x6x/me.h M src/southbridge/intel/bd82x6x/me_8.x.c A src/southbridge/intel/bd82x6x/me_common.c M src/southbridge/intel/ibexpeak/Makefile.inc 26 files changed, 366 insertions(+), 53 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/15/37115/19
Patrick Rudolph has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 19:
(3 comments)
https://review.coreboot.org/c/coreboot/+/37115/19/src/southbridge/intel/bd82... File src/southbridge/intel/bd82x6x/early_me.c:
https://review.coreboot.org/c/coreboot/+/37115/19/src/southbridge/intel/bd82... PS19, Line 94: set_global_reset That can be factored out in a separate commit
https://review.coreboot.org/c/coreboot/+/37115/19/src/southbridge/intel/bd82... File src/southbridge/intel/bd82x6x/me_8.x.c:
https://review.coreboot.org/c/coreboot/+/37115/19/src/southbridge/intel/bd82... PS19, Line 764: me_state_prev What happens on CMOS reset? me_state_prev will be state_normal and thus the ME won't come out of soft disable.
https://review.coreboot.org/c/coreboot/+/37115/19/src/southbridge/intel/bd82... File src/southbridge/intel/bd82x6x/me_common.c:
https://review.coreboot.org/c/coreboot/+/37115/19/src/southbridge/intel/bd82... PS19, Line 3: arch Seems unused
Evgeny Zinoviev has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 19:
(2 comments)
https://review.coreboot.org/c/coreboot/+/37115/19/src/southbridge/intel/bd82... File src/southbridge/intel/bd82x6x/early_me.c:
https://review.coreboot.org/c/coreboot/+/37115/19/src/southbridge/intel/bd82... PS19, Line 94: set_global_reset
That can be factored out in a separate commit
This old version is for romstage only and the version moved to me_common.c is for both. Wouldn't it be a bit weird to introduce a new commit where the function gets ramstage support that's never used? If that's not a problem I can do that :)
https://review.coreboot.org/c/coreboot/+/37115/19/src/southbridge/intel/bd82... File src/southbridge/intel/bd82x6x/me_common.c:
https://review.coreboot.org/c/coreboot/+/37115/19/src/southbridge/intel/bd82... PS19, Line 3: arch
Seems unused
Indeed.
Hello build bot (Jenkins), Nico Huber, Damien Zammit, Patrick Georgi, Martin Roth, Alexander Couzens, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/37115
to look at the new patch set (#20).
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode
- Add support for ME Soft Temporary Disable Mode. In this mode, ME doesn't load its kernel and freezes at Bring UP (BUP) phase. This mode is saved in ME NVRAM (and thus will remain for next reboots and poweroffs).
- Add support of new CMOS option for Sandy Bridge and Ivy Bridge ThinkPads.
HOW TO USE
To disable ME: 1. nvramtool -w me_state=Disabled 2. reboot
To enable it back: 1. nvramtool -w me_state=Normal 2. reboot
To check current status: intelmetool -m
Tested on ThinkPad X230 and ThinkPad X220.
BACKGROUND
There's no Intel documentation that would explain how this should be implemented, in public. Working binary sequence for MKHI command to put ME in Soft Temporary Disable Mode, as well as a way to bring ME out of it (by writing to H_GS register), was found and published by researchers from PT Security:
1. To disable ME, BIOS issues the disable command (before End of Post) and reboots. ME is supposed to be disabled on the next boot after DID (DRAM Init Done).
My numerous tests show that issuing the command and rebooting is not enough. If we reboot too early, ME will not be disabled. Apparently, it is doing something in background after receiving the command. It works with a delay of 500-1000 ms.
I also tried to dump all known (documented) registers, such as GMES and HFS, before and during the next 2 seconds after execution of the disable command to find a possible indication that something's changed in ME and we're ready to reboot. Found nothing unfortunately.
2. To enable ME back, host writes value 0x20000000 to H_GS.
PT slides don't contain any more information on it, but my tests show, that after writing this value, GMES[31:28] is changing from 0x01 (BUP phase) to 0x03 (Policy Module) to 0x06 (Host Communication). Then, after some more time, fw_init_complete bit of HFS becomes 1.
This means that ME starts loading its kernel immediately, without reboot.
On the other hand, Lenovo BIOS clearly perform a reboot after enabling it (one reboot after saving the settings, then ThinkPad logo appears, and then one more reboot). I'm assuming we have to reset too.
TODO
- Handle CMOS reset
Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2 Signed-off-by: Evgeny Zinoviev me@ch1p.io --- M src/mainboard/lenovo/l520/cmos.default M src/mainboard/lenovo/l520/cmos.layout M src/mainboard/lenovo/t420/cmos.default M src/mainboard/lenovo/t420/cmos.layout M src/mainboard/lenovo/t420s/cmos.default M src/mainboard/lenovo/t420s/cmos.layout M src/mainboard/lenovo/t430/cmos.default M src/mainboard/lenovo/t430/cmos.layout M src/mainboard/lenovo/t430s/cmos.default M src/mainboard/lenovo/t430s/cmos.layout M src/mainboard/lenovo/t520/cmos.default M src/mainboard/lenovo/t520/cmos.layout M src/mainboard/lenovo/t530/cmos.default M src/mainboard/lenovo/t530/cmos.layout M src/mainboard/lenovo/x220/cmos.default M src/mainboard/lenovo/x220/cmos.layout M src/mainboard/lenovo/x230/cmos.default M src/mainboard/lenovo/x230/cmos.layout M src/southbridge/intel/bd82x6x/Makefile.inc M src/southbridge/intel/bd82x6x/early_me.c M src/southbridge/intel/bd82x6x/early_me_mrc.c M src/southbridge/intel/bd82x6x/me.c M src/southbridge/intel/bd82x6x/me.h M src/southbridge/intel/bd82x6x/me_8.x.c A src/southbridge/intel/bd82x6x/me_common.c M src/southbridge/intel/ibexpeak/Makefile.inc 26 files changed, 365 insertions(+), 53 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/15/37115/20
Evgeny Zinoviev has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 20:
I guess I'll wait until Angel's patches for deduplicating ME 7/8 code get merged. That's what I wanted to do too but he's ahead of me:)
Hello build bot (Jenkins), Nico Huber, Damien Zammit, Patrick Georgi, Martin Roth, Alexander Couzens, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/37115
to look at the new patch set (#21).
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode
- Add support for ME Soft Temporary Disable Mode. In this mode, ME doesn't load its kernel and freezes at Bring UP (BUP) phase. This mode is saved in ME NVRAM (and thus will remain for next reboots and poweroffs).
- Add support of new CMOS option for Sandy Bridge and Ivy Bridge ThinkPads.
HOW TO USE
To disable ME: 1. nvramtool -w me_state=Disabled 2. reboot
To enable it back: 1. nvramtool -w me_state=Normal 2. reboot
To check current status: intelmetool -m
Tested on ThinkPad X230 and ThinkPad X220.
BACKGROUND
There's no Intel documentation that would explain how this should be implemented, in public. Working binary sequence for MKHI command to put ME in Soft Temporary Disable Mode, as well as a way to bring ME out of it (by writing to H_GS register), was found and published by researchers from PT Security:
1. To disable ME, BIOS issues the disable command (before End of Post) and reboots. ME is supposed to be disabled on the next boot after DID (DRAM Init Done).
My numerous tests show that issuing the command and rebooting is not enough. If we reboot too early, ME will not be disabled. Apparently, it is doing something in background after receiving the command. It works with a delay of 500-1000 ms.
I also tried to dump all known (documented) registers, such as GMES and HFS, before and during the next 2 seconds after execution of the disable command to find a possible indication that something's changed in ME and we're ready to reboot. Found nothing unfortunately.
2. To enable ME back, host writes value 0x20000000 to H_GS.
PT slides don't contain any more information on it, but my tests show, that after writing this value, GMES[31:28] is changing from 0x01 (BUP phase) to 0x03 (Policy Module) to 0x06 (Host Communication). Then, after some more time, fw_init_complete bit of HFS becomes 1.
This means that ME starts loading its kernel immediately, without reboot.
On the other hand, Lenovo BIOS clearly perform a reboot after enabling it (one reboot after saving the settings, then ThinkPad logo appears, and then one more reboot). I'm assuming we have to reset too.
TODO
- Handle CMOS reset
Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2 Signed-off-by: Evgeny Zinoviev me@ch1p.io --- M src/mainboard/lenovo/l520/cmos.default M src/mainboard/lenovo/l520/cmos.layout M src/mainboard/lenovo/t420/cmos.default M src/mainboard/lenovo/t420/cmos.layout M src/mainboard/lenovo/t420s/cmos.default M src/mainboard/lenovo/t420s/cmos.layout M src/mainboard/lenovo/t430/cmos.default M src/mainboard/lenovo/t430/cmos.layout M src/mainboard/lenovo/t430s/cmos.default M src/mainboard/lenovo/t430s/cmos.layout M src/mainboard/lenovo/t520/cmos.default M src/mainboard/lenovo/t520/cmos.layout M src/mainboard/lenovo/t530/cmos.default M src/mainboard/lenovo/t530/cmos.layout M src/mainboard/lenovo/x220/cmos.default M src/mainboard/lenovo/x220/cmos.layout M src/mainboard/lenovo/x230/cmos.default M src/mainboard/lenovo/x230/cmos.layout M src/southbridge/intel/bd82x6x/Makefile.inc M src/southbridge/intel/bd82x6x/early_me.c M src/southbridge/intel/bd82x6x/early_me_mrc.c M src/southbridge/intel/bd82x6x/me.c M src/southbridge/intel/bd82x6x/me.h M src/southbridge/intel/bd82x6x/me_8.x.c A src/southbridge/intel/bd82x6x/me_common.c M src/southbridge/intel/ibexpeak/Makefile.inc 26 files changed, 364 insertions(+), 49 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/15/37115/21
Hello build bot (Jenkins), Nico Huber, Damien Zammit, Patrick Georgi, Martin Roth, Alexander Couzens, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/37115
to look at the new patch set (#22).
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode
- Add support for ME Soft Temporary Disable Mode. In this mode, ME doesn't load its kernel and freezes at Bring UP (BUP) phase. This mode is saved in ME NVRAM (and thus will remain for next reboots and poweroffs).
- Add support of new CMOS option for Sandy Bridge and Ivy Bridge ThinkPads.
HOW TO USE
To disable ME: 1. nvramtool -w me_state=Disabled 2. reboot
To enable it back: 1. nvramtool -w me_state=Normal 2. reboot
To check current status: intelmetool -m
Tested on ThinkPad X230 and ThinkPad X220.
BACKGROUND
There's no Intel documentation that would explain how this should be implemented, in public. Working binary sequence for MKHI command to put ME in Soft Temporary Disable Mode, as well as a way to bring ME out of it (by writing to H_GS register), was found and published by researchers from PT Security:
1. To disable ME, BIOS issues the disable command (before End of Post) and reboots. ME is supposed to be disabled on the next boot after DID (DRAM Init Done).
My numerous tests show that issuing the command and rebooting is not enough. If we reboot too early, ME will not be disabled. Apparently, it is doing something in background after receiving the command. It works with a delay of 500-1000 ms.
I also tried to dump all known (documented) registers, such as GMES and HFS, before and during the next 2 seconds after execution of the disable command to find a possible indication that something's changed in ME and we're ready to reboot. Found nothing unfortunately.
2. To enable ME back, host writes value 0x20000000 to H_GS.
PT slides don't contain any more information on it, but my tests show, that after writing this value, GMES[31:28] is changing from 0x01 (BUP phase) to 0x03 (Policy Module) to 0x06 (Host Communication). Then, after some more time, fw_init_complete bit of HFS becomes 1.
This means that ME starts loading its kernel immediately, without reboot.
On the other hand, Lenovo BIOS clearly perform a reboot after enabling it (one reboot after saving the settings, then ThinkPad logo appears, and then one more reboot). I'm assuming we have to reset too.
TODO
- Handle CMOS reset
Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2 Signed-off-by: Evgeny Zinoviev me@ch1p.io --- M src/mainboard/lenovo/l520/cmos.default M src/mainboard/lenovo/l520/cmos.layout M src/mainboard/lenovo/t420/cmos.default M src/mainboard/lenovo/t420/cmos.layout M src/mainboard/lenovo/t420s/cmos.default M src/mainboard/lenovo/t420s/cmos.layout M src/mainboard/lenovo/t430/cmos.default M src/mainboard/lenovo/t430/cmos.layout M src/mainboard/lenovo/t430s/cmos.default M src/mainboard/lenovo/t430s/cmos.layout M src/mainboard/lenovo/t520/cmos.default M src/mainboard/lenovo/t520/cmos.layout M src/mainboard/lenovo/t530/cmos.default M src/mainboard/lenovo/t530/cmos.layout M src/mainboard/lenovo/x220/cmos.default M src/mainboard/lenovo/x220/cmos.layout M src/mainboard/lenovo/x230/cmos.default M src/mainboard/lenovo/x230/cmos.layout M src/southbridge/intel/bd82x6x/Makefile.inc M src/southbridge/intel/bd82x6x/early_me.c M src/southbridge/intel/bd82x6x/early_me_mrc.c M src/southbridge/intel/bd82x6x/me.c M src/southbridge/intel/bd82x6x/me.h M src/southbridge/intel/bd82x6x/me_8.x.c A src/southbridge/intel/bd82x6x/me_common.c M src/southbridge/intel/ibexpeak/Makefile.inc 26 files changed, 364 insertions(+), 51 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/15/37115/22
Hello build bot (Jenkins), Nico Huber, Damien Zammit, Patrick Georgi, Martin Roth, Alexander Couzens, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/37115
to look at the new patch set (#23).
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode
- Add support for ME Soft Temporary Disable Mode. In this mode, ME doesn't load its kernel and freezes at Bring UP (BUP) phase. This mode is saved in ME NVRAM (and thus will remain for next reboots and poweroffs).
- Add support of new CMOS option for Sandy Bridge and Ivy Bridge ThinkPads.
HOW TO USE
To disable ME: 1. nvramtool -w me_state=Disabled 2. reboot
To enable it back: 1. nvramtool -w me_state=Normal 2. reboot
To check current status: intelmetool -m
Tested on ThinkPad X230 and ThinkPad X220.
BACKGROUND
There's no Intel documentation that would explain how this should be implemented, in public. Working binary sequence for MKHI command to put ME in Soft Temporary Disable Mode, as well as a way to bring ME out of it (by writing to H_GS register), was found and published by researchers from PT Security:
1. To disable ME, BIOS issues the disable command (before End of Post) and reboots. ME is supposed to be disabled on the next boot after DID (DRAM Init Done).
My numerous tests show that issuing the command and rebooting is not enough. If we reboot too early, ME will not be disabled. Apparently, it is doing something in background after receiving the command. It works with a delay of 500-1000 ms.
I also tried to dump all known (documented) registers, such as GMES and HFS, before and during the next 2 seconds after execution of the disable command to find a possible indication that something's changed in ME and we're ready to reboot. Found nothing unfortunately.
2. To enable ME back, host writes value 0x20000000 to H_GS.
PT slides don't contain any more information on it, but my tests show, that after writing this value, GMES[31:28] is changing from 0x01 (BUP phase) to 0x03 (Policy Module) to 0x06 (Host Communication). Then, after some more time, fw_init_complete bit of HFS becomes 1.
This means that ME starts loading its kernel immediately, without reboot.
On the other hand, Lenovo BIOS clearly perform a reboot after enabling it (one reboot after saving the settings, then ThinkPad logo appears, and then one more reboot). I'm assuming we have to reset too.
TODO
- me_common2.c is a temporary hack. I don't know what to do with me_common.c given that there is CB:42019.
- Handle CMOS reset
Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2 Signed-off-by: Evgeny Zinoviev me@ch1p.io --- M src/mainboard/lenovo/l520/cmos.default M src/mainboard/lenovo/l520/cmos.layout M src/mainboard/lenovo/t420/cmos.default M src/mainboard/lenovo/t420/cmos.layout M src/mainboard/lenovo/t420s/cmos.default M src/mainboard/lenovo/t420s/cmos.layout M src/mainboard/lenovo/t430/cmos.default M src/mainboard/lenovo/t430/cmos.layout M src/mainboard/lenovo/t430s/cmos.default M src/mainboard/lenovo/t430s/cmos.layout M src/mainboard/lenovo/t520/cmos.default M src/mainboard/lenovo/t520/cmos.layout M src/mainboard/lenovo/t530/cmos.default M src/mainboard/lenovo/t530/cmos.layout M src/mainboard/lenovo/x220/cmos.default M src/mainboard/lenovo/x220/cmos.layout M src/mainboard/lenovo/x230/cmos.default M src/mainboard/lenovo/x230/cmos.layout M src/southbridge/intel/bd82x6x/Makefile.inc M src/southbridge/intel/bd82x6x/early_me.c M src/southbridge/intel/bd82x6x/early_me_mrc.c M src/southbridge/intel/bd82x6x/me.c M src/southbridge/intel/bd82x6x/me.h M src/southbridge/intel/bd82x6x/me_8.x.c A src/southbridge/intel/bd82x6x/me_common2.c M src/southbridge/intel/ibexpeak/Makefile.inc 26 files changed, 367 insertions(+), 44 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/15/37115/23
Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 23:
(1 comment)
https://review.coreboot.org/c/coreboot/+/37115/23//COMMIT_MSG Commit Message:
https://review.coreboot.org/c/coreboot/+/37115/23//COMMIT_MSG@74 PS23, Line 74: CB:42019 I rebased the change, it needs reviewers
Hello build bot (Jenkins), Nico Huber, Damien Zammit, Patrick Georgi, Martin Roth, Alexander Couzens, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/37115
to look at the new patch set (#24).
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode
- Add support for ME Soft Temporary Disable Mode. In this mode, ME doesn't load its kernel and freezes at Bring UP (BUP) phase. This mode is saved in ME NVRAM (and thus will remain for next reboots and poweroffs).
- Add support of new CMOS option for Sandy Bridge and Ivy Bridge ThinkPads.
HOW TO USE
To disable ME: 1. nvramtool -w me_state=Disabled 2. reboot
To enable it back: 1. nvramtool -w me_state=Normal 2. reboot
To check current status: intelmetool -m
Tested on ThinkPad X230 and ThinkPad X220.
BACKGROUND
There's no Intel documentation that would explain how this should be implemented, in public. Working binary sequence for MKHI command to put ME in Soft Temporary Disable Mode, as well as a way to bring ME out of it (by writing to H_GS register), was found and published by researchers from PT Security:
1. To disable ME, BIOS issues the disable command (before End of Post) and reboots. ME is supposed to be disabled on the next boot after DID (DRAM Init Done).
My numerous tests show that issuing the command and rebooting is not enough. If we reboot too early, ME will not be disabled. Apparently, it is doing something in background after receiving the command. It works with a delay of 500-1000 ms.
I also tried to dump all known (documented) registers, such as GMES and HFS, before and during the next 2 seconds after execution of the disable command to find a possible indication that something's changed in ME and we're ready to reboot. Found nothing unfortunately.
2. To enable ME back, host writes value 0x20000000 to H_GS.
PT slides don't contain any more information on it, but my tests show, that after writing this value, GMES[31:28] is changing from 0x01 (BUP phase) to 0x03 (Policy Module) to 0x06 (Host Communication). Then, after some more time, fw_init_complete bit of HFS becomes 1.
This means that ME starts loading its kernel immediately, without reboot.
On the other hand, Lenovo BIOS clearly perform a reboot after enabling it (one reboot after saving the settings, then ThinkPad logo appears, and then one more reboot). I'm assuming we have to reset too.
Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2 Signed-off-by: Evgeny Zinoviev me@ch1p.io --- M src/mainboard/lenovo/l520/cmos.default M src/mainboard/lenovo/l520/cmos.layout M src/mainboard/lenovo/t420/cmos.default M src/mainboard/lenovo/t420/cmos.layout M src/mainboard/lenovo/t420s/cmos.default M src/mainboard/lenovo/t420s/cmos.layout M src/mainboard/lenovo/t430/cmos.default M src/mainboard/lenovo/t430/cmos.layout M src/mainboard/lenovo/t430s/cmos.default M src/mainboard/lenovo/t430s/cmos.layout M src/mainboard/lenovo/t520/cmos.default M src/mainboard/lenovo/t520/cmos.layout M src/mainboard/lenovo/t530/cmos.default M src/mainboard/lenovo/t530/cmos.layout M src/mainboard/lenovo/x220/cmos.default M src/mainboard/lenovo/x220/cmos.layout M src/mainboard/lenovo/x230/cmos.default M src/mainboard/lenovo/x230/cmos.layout M src/southbridge/intel/bd82x6x/Makefile.inc M src/southbridge/intel/bd82x6x/early_me.c M src/southbridge/intel/bd82x6x/early_me_mrc.c M src/southbridge/intel/bd82x6x/me.c M src/southbridge/intel/bd82x6x/me.h M src/southbridge/intel/bd82x6x/me_8.x.c M src/southbridge/intel/bd82x6x/me_common.c M src/southbridge/intel/ibexpeak/Makefile.inc 26 files changed, 370 insertions(+), 43 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/15/37115/24
Evgeny Zinoviev has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 24:
(4 comments)
https://review.coreboot.org/c/coreboot/+/37115/23//COMMIT_MSG Commit Message:
https://review.coreboot.org/c/coreboot/+/37115/23//COMMIT_MSG@74 PS23, Line 74: CB:42019
I rebased the change, it needs reviewers
Ack
https://review.coreboot.org/c/coreboot/+/37115/19/src/southbridge/intel/bd82... File src/southbridge/intel/bd82x6x/early_me.c:
https://review.coreboot.org/c/coreboot/+/37115/19/src/southbridge/intel/bd82... PS19, Line 94: set_global_reset
This old version is for romstage only and the version moved to me_common.c is for both. […]
marking as resolved due to non response
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... File src/southbridge/intel/bd82x6x/me_8.x.c:
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 523: struct device *lpc = pcidev_on_root(0x1f, 0); : u32 etr3 = pci_read_config32(lpc, ETR3)
Not sure. […]
i hope it's not, marking as resolved.
https://review.coreboot.org/c/coreboot/+/37115/19/src/southbridge/intel/bd82... File src/southbridge/intel/bd82x6x/me_8.x.c:
https://review.coreboot.org/c/coreboot/+/37115/19/src/southbridge/intel/bd82... PS19, Line 764: me_state_prev
What happens on CMOS reset? […]
fixed
Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 24:
(3 comments)
https://review.coreboot.org/c/coreboot/+/37115/24/src/southbridge/intel/bd82... File src/southbridge/intel/bd82x6x/me.c:
https://review.coreboot.org/c/coreboot/+/37115/24/src/southbridge/intel/bd82... PS24, Line 246: 20 sec twenty seconds? Why stall for so long?
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... File src/southbridge/intel/bd82x6x/me_8.x.c:
https://review.coreboot.org/c/coreboot/+/37115/5/src/southbridge/intel/bd82x... PS5, Line 523: struct device *lpc = pcidev_on_root(0x1f, 0); : u32 etr3 = pci_read_config32(lpc, ETR3)
i hope it's not, marking as resolved.
The thing about pcidev_on_root() is that it could return NULL. `config_of` couldn't be used here, though
https://review.coreboot.org/c/coreboot/+/37115/24/src/southbridge/intel/bd82... File src/southbridge/intel/bd82x6x/me_8.x.c:
https://review.coreboot.org/c/coreboot/+/37115/24/src/southbridge/intel/bd82... PS24, Line 223: 20 sec Wait, isn't the code in this file the same as on me.c?
Hello build bot (Jenkins), Nico Huber, Damien Zammit, Patrick Georgi, Martin Roth, Alexander Couzens, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/37115
to look at the new patch set (#25).
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode
- Add support for ME Soft Temporary Disable Mode. In this mode, ME doesn't load its kernel and freezes at Bring UP (BUP) phase. This mode is saved in ME NVRAM (and thus will remain for next reboots and poweroffs).
- Add support of new CMOS option for Sandy Bridge and Ivy Bridge ThinkPads.
HOW TO USE
To disable ME: 1. nvramtool -w me_state=Disabled 2. reboot
To enable it back: 1. nvramtool -w me_state=Normal 2. reboot
To check current status: intelmetool -m
Tested on ThinkPad X230 and ThinkPad X220.
BACKGROUND
There's no Intel documentation that would explain how this should be implemented, in public. Working binary sequence for MKHI command to put ME in Soft Temporary Disable Mode, as well as a way to bring ME out of it (by writing to H_GS register), was found and published by researchers from PT Security:
1. To disable ME, BIOS issues the disable command (before End of Post) and reboots. ME is supposed to be disabled on the next boot after DID (DRAM Init Done).
My numerous tests show that issuing the command and rebooting is not enough. If we reboot too early, ME will not be disabled. Apparently, it is doing something in background after receiving the command. It works with a delay of 500-1000 ms.
I also tried to dump all known (documented) registers, such as GMES and HFS, before and during the next 2 seconds after execution of the disable command to find a possible indication that something's changed in ME and we're ready to reboot. Found nothing unfortunately.
2. To enable ME back, host writes value 0x20000000 to H_GS.
PT slides don't contain any more information on it, but my tests show, that after writing this value, GMES[31:28] is changing from 0x01 (BUP phase) to 0x03 (Policy Module) to 0x06 (Host Communication). Then, after some more time, fw_init_complete bit of HFS becomes 1.
This means that ME starts loading its kernel immediately, without reboot.
On the other hand, Lenovo BIOS clearly perform a reboot after enabling it (one reboot after saving the settings, then ThinkPad logo appears, and then one more reboot). I'm assuming we have to reset too.
Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2 Signed-off-by: Evgeny Zinoviev me@ch1p.io --- M src/mainboard/lenovo/l520/cmos.default M src/mainboard/lenovo/l520/cmos.layout M src/mainboard/lenovo/t420/cmos.default M src/mainboard/lenovo/t420/cmos.layout M src/mainboard/lenovo/t420s/cmos.default M src/mainboard/lenovo/t420s/cmos.layout M src/mainboard/lenovo/t430/cmos.default M src/mainboard/lenovo/t430/cmos.layout M src/mainboard/lenovo/t430s/cmos.default M src/mainboard/lenovo/t430s/cmos.layout M src/mainboard/lenovo/t520/cmos.default M src/mainboard/lenovo/t520/cmos.layout M src/mainboard/lenovo/t530/cmos.default M src/mainboard/lenovo/t530/cmos.layout M src/mainboard/lenovo/x220/cmos.default M src/mainboard/lenovo/x220/cmos.layout M src/mainboard/lenovo/x230/cmos.default M src/mainboard/lenovo/x230/cmos.layout M src/southbridge/intel/bd82x6x/Makefile.inc M src/southbridge/intel/bd82x6x/early_me.c M src/southbridge/intel/bd82x6x/early_me_mrc.c M src/southbridge/intel/bd82x6x/me.c M src/southbridge/intel/bd82x6x/me.h M src/southbridge/intel/bd82x6x/me_8.x.c M src/southbridge/intel/bd82x6x/me_common.c M src/southbridge/intel/ibexpeak/Makefile.inc 26 files changed, 306 insertions(+), 43 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/15/37115/25
Attention is currently required from: Angel Pons. Evgeny Zinoviev has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 25:
(2 comments)
File src/southbridge/intel/bd82x6x/me.c:
https://review.coreboot.org/c/coreboot/+/37115/comment/62a4c538_bad413d0 PS24, Line 246: 20 sec
twenty seconds? Why stall for so long?
This is what vendor does. Takes 1.5-2 seconds usually.
File src/southbridge/intel/bd82x6x/me_8.x.c:
https://review.coreboot.org/c/coreboot/+/37115/comment/e67608b2_5ac8273a PS24, Line 223: 20 sec
Wait, isn't the code in this file the same as on me. […]
Moved to me_common.c
Attention is currently required from: Angel Pons, Evgeny Zinoviev. Nico Huber has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 25: Code-Review+1
(7 comments)
Commit Message:
https://review.coreboot.org/c/coreboot/+/37115/comment/000c6421_64566c09 PS25, Line 47: works with a delay of 500-1000 ms. It's probably because we always do the "blunt" global reset via ETR3 + full_reset(). This is only a last resort method and we should try a global-reset MEI message first.
Probably worth to look into after this is is merged.
Patchset:
PS25: This looks very good and I hope you can spare just a little more patience. The only thing that I see that should be addressed now is the stale comments in the `cmos.layout` files.
I had some trouble understand CMOS_ME_CHANGED. It's just a bit to tell us that we wrote `me_state_prev`... No need to change that now, but here's a half-baked idea from the top of my head: Make a single, tri-state CMOS option: (Keep, Normal, Disable). coreboot would only have to reset it to `Keep` everytime it processed one of the other states. This would also allow to keep the ME disabled if CMOS fails later.
File src/mainboard/lenovo/l520/cmos.layout:
https://review.coreboot.org/c/coreboot/+/37115/comment/82c167a4_e0c94382 PS25, Line 37: # coreboot config options: cpu Sorry, this looks just wrong. Maybe update the comments to say `me` instead?
File src/southbridge/intel/bd82x6x/me.h:
https://review.coreboot.org/c/coreboot/+/37115/comment/dd66740e_7250ce56 PS25, Line 178: state Nit, macro parameters should always be guarded with additional parentheses.
https://review.coreboot.org/c/coreboot/+/37115/comment/a877dcdb_2772a896 PS25, Line 188: u32 As I understand the manual, this could also be `u16`. Or more accurately 2x `u8`.
File src/southbridge/intel/bd82x6x/me.c:
https://review.coreboot.org/c/coreboot/+/37115/comment/4a8d154e_ca34f92e PS25, Line 342: * Nit, remove dangling asterisk to comply with coding style.
File src/southbridge/intel/bd82x6x/me_common.c:
https://review.coreboot.org/c/coreboot/+/37115/comment/64bbc35f_b57781e6 PS25, Line 499: #ifdef __SIMPLE_DEVICE__ This would be much easier in a file that simply defines __SIMPLE_DEVICE__. Mixing both in one compilation unit was never the idea.
Attention is currently required from: Evgeny Zinoviev. Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 25:
(1 comment)
File src/mainboard/lenovo/l520/cmos.layout:
https://review.coreboot.org/c/coreboot/+/37115/comment/b473acd4_d54c30c0 PS25, Line 40: #427 5 r 0 unused Please drop comments for unused space. Also note these files use tabs to align columns of values
Attention is currently required from: Evgeny Zinoviev. Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 25:
(4 comments)
File src/southbridge/intel/bd82x6x/me.c:
https://review.coreboot.org/c/coreboot/+/37115/comment/6f4b25b1_f89c015a PS25, Line 282: : /* Put ME in Software Temporary Disable Mode, if needed */ : if (me_state == CMOS_ME_STATE_DISABLED : && CMOS_ME_STATE(me_state_prev) == CMOS_ME_STATE_NORMAL) { : printk(BIOS_INFO, "ME: disabling ME\n"); : if (enter_soft_temp_disable()) { : enter_soft_temp_disable_wait(); : need_reset = true; : } else { : printk(BIOS_ERR, "ME: failed to enter Soft Temporary Disable mode\n"); : } : : break; : } Would it make sense to print the capabilities before switching to soft temporary disable mode?
https://review.coreboot.org/c/coreboot/+/37115/comment/1a754267_e9ea5904 PS25, Line 322: /* : * ME starts loading firmware immediately after writing to H_GS, : * but Lenovo BIOS performs a reboot after bringing ME back to : * Normal mode. Assume that global reset is needed. : */ On later ME firmware versions, there's a SET ME ENABLE RESPONSE message that should be read from the MEI circular buffer
File src/southbridge/intel/bd82x6x/me_common.c:
https://review.coreboot.org/c/coreboot/+/37115/comment/10df4b1a_a53bae83 PS25, Line 467: 0x20000000 0x2 << 28
File src/southbridge/intel/ibexpeak/Makefile.inc:
https://review.coreboot.org/c/coreboot/+/37115/comment/3a304061_7d142f3a PS25, Line 33: romstage-y +=../bd82x6x/me_common.c aaaaaargh! can we avoid this?
Attention is currently required from: Angel Pons, Evgeny Zinoviev. Nico Huber has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 25:
(1 comment)
File src/southbridge/intel/bd82x6x/me.c:
https://review.coreboot.org/c/coreboot/+/37115/comment/87ea22a6_fd75f32a PS25, Line 322: /* : * ME starts loading firmware immediately after writing to H_GS, : * but Lenovo BIOS performs a reboot after bringing ME back to : * Normal mode. Assume that global reset is needed. : */
On later ME firmware versions, there's a SET ME ENABLE RESPONSE message that should be read from the […]
Did you test this or read about it? We discovered many things like these don't work as documented in the ME BIOS spec.
Attention is currently required from: Nico Huber, Angel Pons, Evgeny Zinoviev. Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 25:
(1 comment)
File src/southbridge/intel/bd82x6x/me.h:
https://review.coreboot.org/c/coreboot/+/37115/comment/5bae509c_e9825c41 PS25, Line 188: u32
As I understand the manual, this could also be `u16`. Or more accurately 2x […]
Actually, this may be a problem... We use sizeof() to tell the ME how long the MEI message is, and it should be 10 bytes (4 bytes MKHI header + 6 bytes of this struct).
Attention is currently required from: Nico Huber, Angel Pons, Evgeny Zinoviev. Hello build bot (Jenkins), Nico Huber, Damien Zammit, Patrick Georgi, Martin Roth, Alexander Couzens, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/37115
to look at the new patch set (#26).
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode
- Add support for ME Soft Temporary Disable Mode. In this mode, ME doesn't load its kernel and freezes at Bring UP (BUP) phase. This mode is saved in ME NVRAM (and thus will remain for next reboots and poweroffs).
- Add support of new CMOS option for Sandy Bridge and Ivy Bridge ThinkPads.
HOW TO USE
To disable ME: 1. nvramtool -w me_state=Disabled 2. reboot
To enable it back: 1. nvramtool -w me_state=Normal 2. reboot
To check current status: intelmetool -m
Tested on ThinkPad X230 and ThinkPad X220.
BACKGROUND
There's no Intel documentation that would explain how this should be implemented, in public. Working binary sequence for MKHI command to put ME in Soft Temporary Disable Mode, as well as a way to bring ME out of it (by writing to H_GS register), was found and published by researchers from PT Security:
1. To disable ME, BIOS issues the disable command (before End of Post) and reboots. ME is supposed to be disabled on the next boot after DID (DRAM Init Done).
My numerous tests show that issuing the command and rebooting is not enough. If we reboot too early, ME will not be disabled. Apparently, it is doing something in background after receiving the command. It works with a delay of 500-1000 ms.
I also tried to dump all known (documented) registers, such as GMES and HFS, before and during the next 2 seconds after execution of the disable command to find a possible indication that something's changed in ME and we're ready to reboot. Found nothing unfortunately.
2. To enable ME back, host writes value 0x20000000 to H_GS.
PT slides don't contain any more information on it, but my tests show, that after writing this value, GMES[31:28] is changing from 0x01 (BUP phase) to 0x03 (Policy Module) to 0x06 (Host Communication). Then, after some more time, fw_init_complete bit of HFS becomes 1.
This means that ME starts loading its kernel immediately, without reboot.
On the other hand, Lenovo BIOS clearly perform a reboot after enabling it (one reboot after saving the settings, then ThinkPad logo appears, and then one more reboot). I'm assuming we have to reset too.
Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2 Signed-off-by: Evgeny Zinoviev me@ch1p.io --- M src/mainboard/lenovo/l520/cmos.default M src/mainboard/lenovo/l520/cmos.layout M src/mainboard/lenovo/t420/cmos.default M src/mainboard/lenovo/t420/cmos.layout M src/mainboard/lenovo/t420s/cmos.default M src/mainboard/lenovo/t420s/cmos.layout M src/mainboard/lenovo/t430/cmos.default M src/mainboard/lenovo/t430/cmos.layout M src/mainboard/lenovo/t430s/cmos.default M src/mainboard/lenovo/t430s/cmos.layout M src/mainboard/lenovo/t520/cmos.default M src/mainboard/lenovo/t520/cmos.layout M src/mainboard/lenovo/t530/cmos.default M src/mainboard/lenovo/t530/cmos.layout M src/mainboard/lenovo/x220/cmos.default M src/mainboard/lenovo/x220/cmos.layout M src/mainboard/lenovo/x230/cmos.default M src/mainboard/lenovo/x230/cmos.layout M src/southbridge/intel/bd82x6x/Makefile.inc M src/southbridge/intel/bd82x6x/early_me.c M src/southbridge/intel/bd82x6x/early_me_mrc.c M src/southbridge/intel/bd82x6x/me.c M src/southbridge/intel/bd82x6x/me.h M src/southbridge/intel/bd82x6x/me_8.x.c M src/southbridge/intel/bd82x6x/me_common.c M src/southbridge/intel/ibexpeak/Makefile.inc 26 files changed, 305 insertions(+), 51 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/15/37115/26
Attention is currently required from: Nico Huber, Angel Pons. Evgeny Zinoviev has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 26:
(9 comments)
Commit Message:
https://review.coreboot.org/c/coreboot/+/37115/comment/ecc462c6_bcaab7b3 PS25, Line 47: works with a delay of 500-1000 ms.
It's probably because we always do the "blunt" global reset via […]
IIRC I tried to send a global-reset message and it didn't work, ME just stops responding after receiving the disable message. Not 100% sure though as it was in 2019, maybe 90% sure.
Patchset:
PS25:
This looks very good and I hope you can spare just a little […]
About CMOS_ME_CHANGED. We discussed it on the channel some time ago (me and Angel, I think, and maybe siro). And decided that ME should come out of disabled state on CMOS reset, in case something goes wrong. That's the purpose of that bit, to see if we need to reset ME back to normal.
File src/mainboard/lenovo/l520/cmos.layout:
https://review.coreboot.org/c/coreboot/+/37115/comment/c04fd83c_cc8cfac8 PS25, Line 37: # coreboot config options: cpu
Sorry, this looks just wrong. Maybe update the comments to say […]
Done
https://review.coreboot.org/c/coreboot/+/37115/comment/950e722e_0676932f PS25, Line 40: #427 5 r 0 unused
Please drop comments for unused space. […]
Done
File src/southbridge/intel/bd82x6x/me.h:
https://review.coreboot.org/c/coreboot/+/37115/comment/be68e7cd_bdc70ba7 PS25, Line 178: state
Nit, macro parameters should always be guarded with additional parentheses.
Done.
File src/southbridge/intel/bd82x6x/me.c:
https://review.coreboot.org/c/coreboot/+/37115/comment/2262ea3e_b0023643 PS25, Line 282: : /* Put ME in Software Temporary Disable Mode, if needed */ : if (me_state == CMOS_ME_STATE_DISABLED : && CMOS_ME_STATE(me_state_prev) == CMOS_ME_STATE_NORMAL) { : printk(BIOS_INFO, "ME: disabling ME\n"); : if (enter_soft_temp_disable()) { : enter_soft_temp_disable_wait(); : need_reset = true; : } else { : printk(BIOS_ERR, "ME: failed to enter Soft Temporary Disable mode\n"); : } : : break; : }
Would it make sense to print the capabilities before switching to soft temporary disable mode?
It doesn't hurt, I guess.
https://review.coreboot.org/c/coreboot/+/37115/comment/d871c75b_2d84e311 PS25, Line 322: /* : * ME starts loading firmware immediately after writing to H_GS, : * but Lenovo BIOS performs a reboot after bringing ME back to : * Normal mode. Assume that global reset is needed. : */
On later ME firmware versions, there's a SET ME ENABLE RESPONSE message that should be read from the […]
I'll try tonight.
https://review.coreboot.org/c/coreboot/+/37115/comment/c4732158_7b7f9f98 PS25, Line 342: *
Nit, remove dangling asterisk to comply with coding style.
Done.
File src/southbridge/intel/bd82x6x/me_common.c:
https://review.coreboot.org/c/coreboot/+/37115/comment/4d0e4f3e_e7393ff8 PS25, Line 467: 0x20000000
0x2 << 28
Done
Attention is currently required from: Nico Huber, Evgeny Zinoviev. Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 26:
(1 comment)
File src/southbridge/intel/bd82x6x/me.c:
https://review.coreboot.org/c/coreboot/+/37115/comment/b14f8fb9_7e709364 PS25, Line 322: /* : * ME starts loading firmware immediately after writing to H_GS, : * but Lenovo BIOS performs a reboot after bringing ME back to : * Normal mode. Assume that global reset is needed. : */
I'll try tonight.
I didn't test, but I'm looking at ME 9.0 and 10.0 code/docs.
Attention is currently required from: Nico Huber, Evgeny Zinoviev. Hello build bot (Jenkins), Nico Huber, Damien Zammit, Patrick Georgi, Martin Roth, Alexander Couzens, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/37115
to look at the new patch set (#27).
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode
- Add support for ME Soft Temporary Disable Mode. In this mode, ME doesn't load its kernel and freezes at Bring UP (BUP) phase. This mode is saved in ME NVRAM (and thus will remain for next reboots and poweroffs).
- Add support of new CMOS option for Sandy Bridge and Ivy Bridge ThinkPads.
HOW TO USE
To disable ME: 1. nvramtool -w me_state=Disabled 2. reboot
To enable it back: 1. nvramtool -w me_state=Normal 2. reboot
To check current status: intelmetool -m
Tested on ThinkPad X230 and ThinkPad X220.
BACKGROUND
There's no Intel documentation that would explain how this should be implemented, in public. Working binary sequence for MKHI command to put ME in Soft Temporary Disable Mode, as well as a way to bring ME out of it (by writing to H_GS register), was found and published by researchers from PT Security:
1. To disable ME, BIOS issues the disable command (before End of Post) and reboots. ME is supposed to be disabled on the next boot after DID (DRAM Init Done).
My numerous tests show that issuing the command and rebooting is not enough. If we reboot too early, ME will not be disabled. Apparently, it is doing something in background after receiving the command. It works with a delay of 500-1000 ms.
I also tried to dump all known (documented) registers, such as GMES and HFS, before and during the next 2 seconds after execution of the disable command to find a possible indication that something's changed in ME and we're ready to reboot. Found nothing unfortunately.
2. To enable ME back, host writes value 0x20000000 to H_GS.
PT slides don't contain any more information on it, but my tests show, that after writing this value, GMES[31:28] is changing from 0x01 (BUP phase) to 0x03 (Policy Module) to 0x06 (Host Communication). Then, after some more time, fw_init_complete bit of HFS becomes 1.
This means that ME starts loading its kernel immediately, without reboot.
On the other hand, Lenovo BIOS clearly perform a reboot after enabling it (one reboot after saving the settings, then ThinkPad logo appears, and then one more reboot). I'm assuming we have to reset too.
Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2 Signed-off-by: Evgeny Zinoviev me@ch1p.io --- M src/mainboard/lenovo/l520/cmos.default M src/mainboard/lenovo/l520/cmos.layout M src/mainboard/lenovo/t420/cmos.default M src/mainboard/lenovo/t420/cmos.layout M src/mainboard/lenovo/t420s/cmos.default M src/mainboard/lenovo/t420s/cmos.layout M src/mainboard/lenovo/t430/cmos.default M src/mainboard/lenovo/t430/cmos.layout M src/mainboard/lenovo/t430s/cmos.default M src/mainboard/lenovo/t430s/cmos.layout M src/mainboard/lenovo/t520/cmos.default M src/mainboard/lenovo/t520/cmos.layout M src/mainboard/lenovo/t530/cmos.default M src/mainboard/lenovo/t530/cmos.layout M src/mainboard/lenovo/x220/cmos.default M src/mainboard/lenovo/x220/cmos.layout M src/mainboard/lenovo/x230/cmos.default M src/mainboard/lenovo/x230/cmos.layout M src/southbridge/intel/bd82x6x/Makefile.inc M src/southbridge/intel/bd82x6x/early_me.c M src/southbridge/intel/bd82x6x/early_me_mrc.c M src/southbridge/intel/bd82x6x/me.c M src/southbridge/intel/bd82x6x/me.h M src/southbridge/intel/bd82x6x/me_8.x.c M src/southbridge/intel/bd82x6x/me_common.c M src/southbridge/intel/ibexpeak/Makefile.inc 26 files changed, 306 insertions(+), 52 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/15/37115/27
Attention is currently required from: Nico Huber, Angel Pons. Evgeny Zinoviev has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 27:
(1 comment)
File src/southbridge/intel/bd82x6x/me.c:
https://review.coreboot.org/c/coreboot/+/37115/comment/4b6d1bcd_edee2b5e PS25, Line 322: /* : * ME starts loading firmware immediately after writing to H_GS, : * but Lenovo BIOS performs a reboot after bringing ME back to : * Normal mode. Assume that global reset is needed. : */
I didn't test, but I'm looking at ME 9.0 and 10.0 code/docs.
Update: my usbdebug ft2232h+pl2303 combo doesn't work for some reason (tried on two laptops, worked before), or maybe I'm just being stupid and missing something obvious because it's late, so I'll test it later when I fix the debug.
Attention is currently required from: Nico Huber, Angel Pons. Hello build bot (Jenkins), Nico Huber, Damien Zammit, Patrick Georgi, Martin Roth, Alexander Couzens, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/37115
to look at the new patch set (#28).
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode
- Add support for ME Soft Temporary Disable Mode. In this mode, ME doesn't load its kernel and freezes at Bring UP (BUP) phase. This mode is saved in ME NVRAM (and thus will remain for next reboots and poweroffs).
- Add support of new CMOS option for Sandy Bridge and Ivy Bridge ThinkPads.
HOW TO USE
To disable ME: 1. nvramtool -w me_state=Disabled 2. reboot
To enable it back: 1. nvramtool -w me_state=Normal 2. reboot
To check current status: intelmetool -m
Tested on ThinkPad X230 and ThinkPad X220.
BACKGROUND
There's no Intel documentation that would explain how this should be implemented, in public. Working binary sequence for MKHI command to put ME in Soft Temporary Disable Mode, as well as a way to bring ME out of it (by writing to H_GS register), was found and published by researchers from PT Security:
1. To disable ME, BIOS issues the disable command (before End of Post) and reboots. ME is supposed to be disabled on the next boot after DID (DRAM Init Done).
My numerous tests show that issuing the command and rebooting is not enough. If we reboot too early, ME will not be disabled. Apparently, it is doing something in background after receiving the command. It works with a delay of 500-1000 ms.
I also tried to dump all known (documented) registers, such as GMES and HFS, before and during the next 2 seconds after execution of the disable command to find a possible indication that something's changed in ME and we're ready to reboot. Found nothing unfortunately.
2. To enable ME back, host writes value 0x20000000 to H_GS.
PT slides don't contain any more information on it, but my tests show, that after writing this value, GMES[31:28] is changing from 0x01 (BUP phase) to 0x03 (Policy Module) to 0x06 (Host Communication). Then, after some more time, fw_init_complete bit of HFS becomes 1.
This means that ME starts loading its kernel immediately, without reboot.
On the other hand, Lenovo BIOS clearly perform a reboot after enabling it (one reboot after saving the settings, then ThinkPad logo appears, and then one more reboot). I'm assuming we have to reset too.
Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2 Signed-off-by: Evgeny Zinoviev me@ch1p.io --- M src/mainboard/lenovo/l520/cmos.default M src/mainboard/lenovo/l520/cmos.layout M src/mainboard/lenovo/t420/cmos.default M src/mainboard/lenovo/t420/cmos.layout M src/mainboard/lenovo/t420s/cmos.default M src/mainboard/lenovo/t420s/cmos.layout M src/mainboard/lenovo/t430/cmos.default M src/mainboard/lenovo/t430/cmos.layout M src/mainboard/lenovo/t430s/cmos.default M src/mainboard/lenovo/t430s/cmos.layout M src/mainboard/lenovo/t520/cmos.default M src/mainboard/lenovo/t520/cmos.layout M src/mainboard/lenovo/t530/cmos.default M src/mainboard/lenovo/t530/cmos.layout M src/mainboard/lenovo/x220/cmos.default M src/mainboard/lenovo/x220/cmos.layout M src/mainboard/lenovo/x230/cmos.default M src/mainboard/lenovo/x230/cmos.layout M src/southbridge/intel/bd82x6x/me.c M src/southbridge/intel/bd82x6x/me.h M src/southbridge/intel/bd82x6x/me_8.x.c M src/southbridge/intel/bd82x6x/me_common.c 22 files changed, 272 insertions(+), 13 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/15/37115/28
Attention is currently required from: Nico Huber, Angel Pons. Evgeny Zinoviev has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 28:
(3 comments)
File src/southbridge/intel/bd82x6x/me.h:
https://review.coreboot.org/c/coreboot/+/37115/comment/e8dadd00_fba716b0 PS25, Line 188: u32
Actually, this may be a problem... […]
Fixed, tested, works.
File src/southbridge/intel/bd82x6x/me.c:
https://review.coreboot.org/c/coreboot/+/37115/comment/4a902811_4573a715 PS25, Line 322: /* : * ME starts loading firmware immediately after writing to H_GS, : * but Lenovo BIOS performs a reboot after bringing ME back to : * Normal mode. Assume that global reset is needed. : */
Update: my usbdebug ft2232h+pl2303 combo doesn't work for some reason (tried on two laptops, worked […]
Here's what I found.
Tested it multiple times on a corebooted MacBook Pro 10,1, ME FW version 8.0.1441.4. It doesn't work as we would expect after reading ME10 docs: ME returns some weird value of 0x12cc678c in MEI header. No idea what it means but if you google it you'll find this https://github.com/corna/me_cleaner/issues/53#issuecomment-325455687
My theory is that it's just the first message in a multi message response (the completed bit is 0 here), and coreboot doesn't support them, it just returns with an error if it sees a non-complete bit in MEI header. I'll try supporting multi packet responses but it's out of scope of this patch.
File src/southbridge/intel/ibexpeak/Makefile.inc:
https://review.coreboot.org/c/coreboot/+/37115/comment/b787ac96_09214dac PS25, Line 33: romstage-y +=../bd82x6x/me_common.c
aaaaaargh! can we avoid this?
Done
Attention is currently required from: Nico Huber, Evgeny Zinoviev. Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 28: Code-Review+1
Attention is currently required from: Nico Huber, Evgeny Zinoviev. Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 28: Code-Review+2
Attention is currently required from: Evgeny Zinoviev. Nico Huber has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
Patch Set 28: Code-Review+2
(1 comment)
Patchset:
PS25:
About CMOS_ME_CHANGED. […]
Ah, well, the default of such a tri-state option could be `Normal`, too. Anyway, as I said, no need to change it now. I can play with that idea when I find the time.
Angel Pons has submitted this change. ( https://review.coreboot.org/c/coreboot/+/37115 )
Change subject: sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode ......................................................................
sb/intel/bd82x6x: Support ME Soft Temporary Disable Mode
- Add support for ME Soft Temporary Disable Mode. In this mode, ME doesn't load its kernel and freezes at Bring UP (BUP) phase. This mode is saved in ME NVRAM (and thus will remain for next reboots and poweroffs).
- Add support of new CMOS option for Sandy Bridge and Ivy Bridge ThinkPads.
HOW TO USE
To disable ME: 1. nvramtool -w me_state=Disabled 2. reboot
To enable it back: 1. nvramtool -w me_state=Normal 2. reboot
To check current status: intelmetool -m
Tested on ThinkPad X230 and ThinkPad X220.
BACKGROUND
There's no Intel documentation that would explain how this should be implemented, in public. Working binary sequence for MKHI command to put ME in Soft Temporary Disable Mode, as well as a way to bring ME out of it (by writing to H_GS register), was found and published by researchers from PT Security:
1. To disable ME, BIOS issues the disable command (before End of Post) and reboots. ME is supposed to be disabled on the next boot after DID (DRAM Init Done).
My numerous tests show that issuing the command and rebooting is not enough. If we reboot too early, ME will not be disabled. Apparently, it is doing something in background after receiving the command. It works with a delay of 500-1000 ms.
I also tried to dump all known (documented) registers, such as GMES and HFS, before and during the next 2 seconds after execution of the disable command to find a possible indication that something's changed in ME and we're ready to reboot. Found nothing unfortunately.
2. To enable ME back, host writes value 0x20000000 to H_GS.
PT slides don't contain any more information on it, but my tests show, that after writing this value, GMES[31:28] is changing from 0x01 (BUP phase) to 0x03 (Policy Module) to 0x06 (Host Communication). Then, after some more time, fw_init_complete bit of HFS becomes 1.
This means that ME starts loading its kernel immediately, without reboot.
On the other hand, Lenovo BIOS clearly perform a reboot after enabling it (one reboot after saving the settings, then ThinkPad logo appears, and then one more reboot). I'm assuming we have to reset too.
Change-Id: Ic01526c9731cbef4e8552bbc352133a2415787c2 Signed-off-by: Evgeny Zinoviev me@ch1p.io Reviewed-on: https://review.coreboot.org/c/coreboot/+/37115 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Angel Pons th3fanbus@gmail.com Reviewed-by: Nico Huber nico.h@gmx.de --- M src/mainboard/lenovo/l520/cmos.default M src/mainboard/lenovo/l520/cmos.layout M src/mainboard/lenovo/t420/cmos.default M src/mainboard/lenovo/t420/cmos.layout M src/mainboard/lenovo/t420s/cmos.default M src/mainboard/lenovo/t420s/cmos.layout M src/mainboard/lenovo/t430/cmos.default M src/mainboard/lenovo/t430/cmos.layout M src/mainboard/lenovo/t430s/cmos.default M src/mainboard/lenovo/t430s/cmos.layout M src/mainboard/lenovo/t520/cmos.default M src/mainboard/lenovo/t520/cmos.layout M src/mainboard/lenovo/t530/cmos.default M src/mainboard/lenovo/t530/cmos.layout M src/mainboard/lenovo/x220/cmos.default M src/mainboard/lenovo/x220/cmos.layout M src/mainboard/lenovo/x230/cmos.default M src/mainboard/lenovo/x230/cmos.layout M src/southbridge/intel/bd82x6x/me.c M src/southbridge/intel/bd82x6x/me.h M src/southbridge/intel/bd82x6x/me_8.x.c M src/southbridge/intel/bd82x6x/me_common.c 22 files changed, 272 insertions(+), 13 deletions(-)
Approvals: build bot (Jenkins): Verified Nico Huber: Looks good to me, approved Angel Pons: Looks good to me, approved
diff --git a/src/mainboard/lenovo/l520/cmos.default b/src/mainboard/lenovo/l520/cmos.default index 979f132..681c40e 100644 --- a/src/mainboard/lenovo/l520/cmos.default +++ b/src/mainboard/lenovo/l520/cmos.default @@ -14,3 +14,4 @@ trackpoint=Enable backlight=Both usb_always_on=Disable +me_state=Normal diff --git a/src/mainboard/lenovo/l520/cmos.layout b/src/mainboard/lenovo/l520/cmos.layout index e96915d..a3f5308 100644 --- a/src/mainboard/lenovo/l520/cmos.layout +++ b/src/mainboard/lenovo/l520/cmos.layout @@ -34,7 +34,9 @@ 421 1 e 9 sata_mode 422 2 e 10 backlight
-# coreboot config options: cpu +# coreboot config options: ME +424 1 e 13 me_state +425 2 h 0 me_state_prev
# coreboot config options: northbridge 432 3 e 11 gfx_uma_size @@ -89,6 +91,8 @@ 12 0 Disable 12 1 AC and battery 12 2 AC only +13 0 Normal +13 1 Disabled
# ----------------------------------------------------------------- checksums diff --git a/src/mainboard/lenovo/t420/cmos.default b/src/mainboard/lenovo/t420/cmos.default index 467f965..8244071 100644 --- a/src/mainboard/lenovo/t420/cmos.default +++ b/src/mainboard/lenovo/t420/cmos.default @@ -14,3 +14,4 @@ trackpoint=Enable hybrid_graphics_mode=Integrated Only usb_always_on=Disable +me_state=Normal diff --git a/src/mainboard/lenovo/t420/cmos.layout b/src/mainboard/lenovo/t420/cmos.layout index e1d15be..daf569c 100644 --- a/src/mainboard/lenovo/t420/cmos.layout +++ b/src/mainboard/lenovo/t420/cmos.layout @@ -34,7 +34,9 @@ 421 1 e 9 sata_mode 422 2 e 13 usb_always_on
-# coreboot config options: cpu +# coreboot config options: ME +424 1 e 14 me_state +425 2 h 0 me_state_prev
# coreboot config options: northbridge 432 3 e 11 gfx_uma_size @@ -97,6 +99,8 @@ 13 0 Disable 13 1 AC and battery 13 2 AC only +14 0 Normal +14 1 Disabled
# ----------------------------------------------------------------- checksums diff --git a/src/mainboard/lenovo/t420s/cmos.default b/src/mainboard/lenovo/t420s/cmos.default index 467f965..8244071 100644 --- a/src/mainboard/lenovo/t420s/cmos.default +++ b/src/mainboard/lenovo/t420s/cmos.default @@ -14,3 +14,4 @@ trackpoint=Enable hybrid_graphics_mode=Integrated Only usb_always_on=Disable +me_state=Normal diff --git a/src/mainboard/lenovo/t420s/cmos.layout b/src/mainboard/lenovo/t420s/cmos.layout index e1d15be..daf569c 100644 --- a/src/mainboard/lenovo/t420s/cmos.layout +++ b/src/mainboard/lenovo/t420s/cmos.layout @@ -34,7 +34,9 @@ 421 1 e 9 sata_mode 422 2 e 13 usb_always_on
-# coreboot config options: cpu +# coreboot config options: ME +424 1 e 14 me_state +425 2 h 0 me_state_prev
# coreboot config options: northbridge 432 3 e 11 gfx_uma_size @@ -97,6 +99,8 @@ 13 0 Disable 13 1 AC and battery 13 2 AC only +14 0 Normal +14 1 Disabled
# ----------------------------------------------------------------- checksums diff --git a/src/mainboard/lenovo/t430/cmos.default b/src/mainboard/lenovo/t430/cmos.default index e65869b..26795fe 100644 --- a/src/mainboard/lenovo/t430/cmos.default +++ b/src/mainboard/lenovo/t430/cmos.default @@ -15,3 +15,4 @@ backlight=Both usb_always_on=Disable hybrid_graphics_mode=Integrated Only +me_state=Normal diff --git a/src/mainboard/lenovo/t430/cmos.layout b/src/mainboard/lenovo/t430/cmos.layout index dd51c36..3e48df5 100644 --- a/src/mainboard/lenovo/t430/cmos.layout +++ b/src/mainboard/lenovo/t430/cmos.layout @@ -34,7 +34,9 @@ 421 1 e 9 sata_mode 422 2 e 10 backlight
-# coreboot config options: cpu +# coreboot config options: ME +424 1 e 14 me_state +425 2 h 0 me_state_prev
# coreboot config options: northbridge 432 3 e 11 gfx_uma_size @@ -96,6 +98,8 @@ 13 0 Disable 13 1 AC and battery 13 2 AC only +14 0 Normal +14 1 Disabled
# ----------------------------------------------------------------- checksums diff --git a/src/mainboard/lenovo/t430s/cmos.default b/src/mainboard/lenovo/t430s/cmos.default index a30c90d..52dbf70 100644 --- a/src/mainboard/lenovo/t430s/cmos.default +++ b/src/mainboard/lenovo/t430s/cmos.default @@ -16,3 +16,4 @@ enable_dual_graphics=Disable usb_always_on=Disable f1_to_f12_as_primary=Enable +me_state=Normal diff --git a/src/mainboard/lenovo/t430s/cmos.layout b/src/mainboard/lenovo/t430s/cmos.layout index 02c1ea7..14a21eb 100644 --- a/src/mainboard/lenovo/t430s/cmos.layout +++ b/src/mainboard/lenovo/t430s/cmos.layout @@ -35,7 +35,9 @@ 422 2 e 10 backlight 424 1 e 1 f1_to_f12_as_primary
-# coreboot config options: cpu +# coreboot config options: ME +425 1 e 13 me_state +426 2 h 0 me_state_prev
# coreboot config options: northbridge 432 3 e 11 gfx_uma_size @@ -94,6 +96,8 @@ 12 0 Disable 12 1 AC and battery 12 2 AC only +13 0 Normal +13 1 Disabled
# ----------------------------------------------------------------- checksums diff --git a/src/mainboard/lenovo/t520/cmos.default b/src/mainboard/lenovo/t520/cmos.default index 6e61dae..cf79b39 100644 --- a/src/mainboard/lenovo/t520/cmos.default +++ b/src/mainboard/lenovo/t520/cmos.default @@ -15,3 +15,4 @@ backlight=Both hybrid_graphics_mode=Integrated Only usb_always_on=Disable +me_state=Normal diff --git a/src/mainboard/lenovo/t520/cmos.layout b/src/mainboard/lenovo/t520/cmos.layout index dd51c36..3e48df5 100644 --- a/src/mainboard/lenovo/t520/cmos.layout +++ b/src/mainboard/lenovo/t520/cmos.layout @@ -34,7 +34,9 @@ 421 1 e 9 sata_mode 422 2 e 10 backlight
-# coreboot config options: cpu +# coreboot config options: ME +424 1 e 14 me_state +425 2 h 0 me_state_prev
# coreboot config options: northbridge 432 3 e 11 gfx_uma_size @@ -96,6 +98,8 @@ 13 0 Disable 13 1 AC and battery 13 2 AC only +14 0 Normal +14 1 Disabled
# ----------------------------------------------------------------- checksums diff --git a/src/mainboard/lenovo/t530/cmos.default b/src/mainboard/lenovo/t530/cmos.default index 6e61dae..cf79b39 100644 --- a/src/mainboard/lenovo/t530/cmos.default +++ b/src/mainboard/lenovo/t530/cmos.default @@ -15,3 +15,4 @@ backlight=Both hybrid_graphics_mode=Integrated Only usb_always_on=Disable +me_state=Normal diff --git a/src/mainboard/lenovo/t530/cmos.layout b/src/mainboard/lenovo/t530/cmos.layout index 6cd8ac0..d109a61 100644 --- a/src/mainboard/lenovo/t530/cmos.layout +++ b/src/mainboard/lenovo/t530/cmos.layout @@ -34,7 +34,9 @@ 421 1 e 9 sata_mode 422 2 e 10 backlight
-# coreboot config options: cpu +# coreboot config options: ME +424 1 e 14 me_state +425 2 h 0 me_state_prev
# coreboot config options: northbridge 432 3 e 11 gfx_uma_size @@ -97,6 +99,8 @@ 13 0 Disable 13 1 AC and battery 13 2 AC only +14 0 Normal +14 1 Disabled
# ----------------------------------------------------------------- checksums diff --git a/src/mainboard/lenovo/x220/cmos.default b/src/mainboard/lenovo/x220/cmos.default index 42720a2..6d1d57a 100644 --- a/src/mainboard/lenovo/x220/cmos.default +++ b/src/mainboard/lenovo/x220/cmos.default @@ -13,3 +13,4 @@ fn_ctrl_swap=Disable sticky_fn=Disable trackpoint=Enable +me_state=Normal diff --git a/src/mainboard/lenovo/x220/cmos.layout b/src/mainboard/lenovo/x220/cmos.layout index f152b29..c63ed8c 100644 --- a/src/mainboard/lenovo/x220/cmos.layout +++ b/src/mainboard/lenovo/x220/cmos.layout @@ -34,7 +34,9 @@ 421 1 e 9 sata_mode 422 2 e 12 usb_always_on
-# coreboot config options: cpu +# coreboot config options: ME +424 1 e 13 me_state +425 2 h 0 me_state_prev
# coreboot config options: northbridge 432 3 e 11 gfx_uma_size @@ -92,6 +94,8 @@ 12 0 Disable 12 1 AC and battery 12 2 AC only +13 0 Normal +13 1 Disabled
# ----------------------------------------------------------------- checksums diff --git a/src/mainboard/lenovo/x230/cmos.default b/src/mainboard/lenovo/x230/cmos.default index 5c19d0f..7314066 100644 --- a/src/mainboard/lenovo/x230/cmos.default +++ b/src/mainboard/lenovo/x230/cmos.default @@ -15,3 +15,4 @@ backlight=Both usb_always_on=Disable f1_to_f12_as_primary=Enable +me_state=Normal diff --git a/src/mainboard/lenovo/x230/cmos.layout b/src/mainboard/lenovo/x230/cmos.layout index 89891bf..2211018 100644 --- a/src/mainboard/lenovo/x230/cmos.layout +++ b/src/mainboard/lenovo/x230/cmos.layout @@ -35,7 +35,9 @@ 422 2 e 10 backlight 424 1 e 1 f1_to_f12_as_primary
-# coreboot config options: cpu +# coreboot config options: ME +425 1 e 13 me_state +426 2 h 0 me_state_prev
# coreboot config options: northbridge 432 3 e 11 gfx_uma_size @@ -94,6 +96,8 @@ 12 0 Disable 12 1 AC and battery 12 2 AC only +13 0 Normal +13 1 Disabled
# ----------------------------------------------------------------- checksums diff --git a/src/southbridge/intel/bd82x6x/me.c b/src/southbridge/intel/bd82x6x/me.c index fe2a37c..c522d77 100644 --- a/src/southbridge/intel/bd82x6x/me.c +++ b/src/southbridge/intel/bd82x6x/me.c @@ -9,6 +9,7 @@ */
#include <acpi/acpi.h> +#include <cf9_reset.h> #include <device/mmio.h> #include <device/device.h> #include <device/pci.h> @@ -19,6 +20,9 @@ #include <string.h> #include <delay.h> #include <elog.h> +#include <halt.h> +#include <option.h> +#include <southbridge/intel/common/me.h>
#include "me.h" #include "pch.h" @@ -248,13 +252,20 @@ static void intel_me_init(struct device *dev) { me_bios_path path = intel_me_path(dev); + u8 me_state = 0, me_state_prev = 0; + bool need_reset = false; + struct me_hfs hfs;
/* Do initial setup and determine the BIOS path */ printk(BIOS_NOTICE, "ME: BIOS path: %s\n", me_get_bios_path_string(path));
+ get_option(&me_state, "me_state"); + get_option(&me_state_prev, "me_state_prev"); + + printk(BIOS_DEBUG, "ME: me_state=%u, me_state_prev=%u\n", me_state, me_state_prev); + switch (path) { case ME_S3WAKE_BIOS_PATH: - case ME_DISABLE_BIOS_PATH: #if CONFIG(HIDE_MEI_ON_ERROR) case ME_ERROR_BIOS_PATH: #endif @@ -277,12 +288,49 @@ mkhi_get_fwcaps(); }
+ /* Put ME in Software Temporary Disable Mode, if needed */ + if (me_state == CMOS_ME_STATE_DISABLED + && CMOS_ME_STATE(me_state_prev) == CMOS_ME_STATE_NORMAL) { + printk(BIOS_INFO, "ME: disabling ME\n"); + if (enter_soft_temp_disable()) { + enter_soft_temp_disable_wait(); + need_reset = true; + } else { + printk(BIOS_ERR, "ME: failed to enter Soft Temporary Disable mode\n"); + } + + break; + } + /* * Leave the ME unlocked in this path. * It will be locked via SMI command later. */ break;
+ case ME_DISABLE_BIOS_PATH: + /* Bring ME out of Soft Temporary Disable mode, if needed */ + pci_read_dword_ptr(dev, &hfs, PCI_ME_HFS); + if (hfs.operation_mode == ME_HFS_MODE_DIS + && me_state == CMOS_ME_STATE_NORMAL + && (CMOS_ME_STATE(me_state_prev) == CMOS_ME_STATE_DISABLED + || !CMOS_ME_CHANGED(me_state_prev))) { + printk(BIOS_INFO, "ME: re-enabling ME\n"); + + exit_soft_temp_disable(dev); + exit_soft_temp_disable_wait(dev); + + /* + * ME starts loading firmware immediately after writing to H_GS, + * but Lenovo BIOS performs a reboot after bringing ME back to + * Normal mode. Assume that global reset is needed. + */ + need_reset = true; + } else { + intel_me_hide(dev); + } + break; + #if !CONFIG(HIDE_MEI_ON_ERROR) case ME_ERROR_BIOS_PATH: #endif @@ -290,6 +338,18 @@ case ME_FIRMWARE_UPDATE_BIOS_PATH: break; } + + /* To avoid boot loops if ME fails to get back from disabled mode, + set the 'changed' bit here. */ + if (me_state != CMOS_ME_STATE(me_state_prev) || need_reset) { + u8 new_state = me_state | CMOS_ME_STATE_CHANGED; + set_option("me_state_prev", &new_state); + } + + if (need_reset) { + set_global_reset(true); + full_reset(); + } }
static struct device_operations device_ops = { diff --git a/src/southbridge/intel/bd82x6x/me.h b/src/southbridge/intel/bd82x6x/me.h index 014fc1d..d99c452 100644 --- a/src/southbridge/intel/bd82x6x/me.h +++ b/src/southbridge/intel/bd82x6x/me.h @@ -171,6 +171,22 @@ #define MKHI_GLOBAL_RESET 0x0b
#define MKHI_FWCAPS_GET_RULE 0x02 +#define MKHI_FWCAPS_SET_RULE 0x03 + +#define MKHI_DISABLE_RULE_ID 0x06 + +#define CMOS_ME_STATE(state) ((state) & 0x1) +#define CMOS_ME_CHANGED(state) (((state) & 0x2) >> 1) +#define CMOS_ME_STATE_NORMAL 0 +#define CMOS_ME_STATE_DISABLED 1 +#define CMOS_ME_STATE_CHANGED 2 + +#define ME_ENABLE_TIMEOUT 20000 + +struct me_disable { + u32 rule_id; + u16 data; +} __packed;
#define MKHI_MDES_ENABLE 0x09
@@ -228,6 +244,10 @@
#ifndef __SIMPLE_DEVICE__ void pci_read_dword_ptr(struct device *dev, void *ptr, int offset); +bool enter_soft_temp_disable(void); +void enter_soft_temp_disable_wait(void); +void exit_soft_temp_disable(struct device *dev); +void exit_soft_temp_disable_wait(struct device *dev); #endif
void read_host_csr(struct mei_csr *csr); diff --git a/src/southbridge/intel/bd82x6x/me_8.x.c b/src/southbridge/intel/bd82x6x/me_8.x.c index f5a39ec..78c71aa 100644 --- a/src/southbridge/intel/bd82x6x/me_8.x.c +++ b/src/southbridge/intel/bd82x6x/me_8.x.c @@ -9,6 +9,7 @@ */
#include <acpi/acpi.h> +#include <cf9_reset.h> #include <device/mmio.h> #include <device/device.h> #include <device/pci.h> @@ -19,6 +20,9 @@ #include <string.h> #include <delay.h> #include <elog.h> +#include <halt.h> +#include <option.h> +#include <southbridge/intel/common/me.h>
#include "me.h" #include "pch.h" @@ -206,8 +210,7 @@
/* Check if the MBP is ready */ if (!gmes.mbp_rdy) { - printk(BIOS_CRIT, "%s: mbp is not ready!\n", - __func__); + printk(BIOS_CRIT, "%s: mbp is not ready!\n", __func__); path = ME_ERROR_BIOS_PATH; }
@@ -236,13 +239,20 @@ { me_bios_path path = intel_me_path(dev); me_bios_payload mbp_data; + u8 me_state = 0, me_state_prev = 0; + bool need_reset = false; + struct me_hfs hfs;
/* Do initial setup and determine the BIOS path */ printk(BIOS_NOTICE, "ME: BIOS path: %s\n", me_get_bios_path_string(path));
+ get_option(&me_state, "me_state"); + get_option(&me_state_prev, "me_state_prev"); + + printk(BIOS_DEBUG, "ME: me_state=%u, me_state_prev=%u\n", me_state, me_state_prev); + switch (path) { case ME_S3WAKE_BIOS_PATH: - case ME_DISABLE_BIOS_PATH: #if CONFIG(HIDE_MEI_ON_ERROR) case ME_ERROR_BIOS_PATH: #endif @@ -266,12 +276,49 @@ me_print_fwcaps(&mbp_data.fw_caps_sku); }
+ /* Put ME in Software Temporary Disable Mode, if needed */ + if (me_state == CMOS_ME_STATE_DISABLED + && CMOS_ME_STATE(me_state_prev) == CMOS_ME_STATE_NORMAL) { + printk(BIOS_INFO, "ME: disabling ME\n"); + if (enter_soft_temp_disable()) { + enter_soft_temp_disable_wait(); + need_reset = true; + } else { + printk(BIOS_ERR, "ME: failed to enter Soft Temporary Disable mode\n"); + } + + break; + } + /* * Leave the ME unlocked in this path. * It will be locked via SMI command later. */ break;
+ case ME_DISABLE_BIOS_PATH: + /* Bring ME out of Soft Temporary Disable mode, if needed */ + pci_read_dword_ptr(dev, &hfs, PCI_ME_HFS); + if (hfs.operation_mode == ME_HFS_MODE_DIS + && me_state == CMOS_ME_STATE_NORMAL + && (CMOS_ME_STATE(me_state_prev) == CMOS_ME_STATE_DISABLED + || !CMOS_ME_CHANGED(me_state_prev))) { + printk(BIOS_INFO, "ME: re-enabling ME\n"); + + exit_soft_temp_disable(dev); + exit_soft_temp_disable_wait(dev); + + /* + * ME starts loading firmware immediately after writing to H_GS, + * but Lenovo BIOS performs a reboot after bringing ME back to + * Normal mode. Assume that global reset is needed. + */ + need_reset = true; + } else { + intel_me_hide(dev); + } + break; + #if !CONFIG(HIDE_MEI_ON_ERROR) case ME_ERROR_BIOS_PATH: #endif @@ -279,6 +326,18 @@ case ME_FIRMWARE_UPDATE_BIOS_PATH: break; } + + /* To avoid boot loops if ME fails to get back from disabled mode, + set the 'changed' bit here. */ + if (me_state != CMOS_ME_STATE(me_state_prev) || need_reset) { + u8 new_state = me_state | CMOS_ME_STATE_CHANGED; + set_option("me_state_prev", &new_state); + } + + if (need_reset) { + set_global_reset(true); + full_reset(); + } }
static struct device_operations device_ops = { diff --git a/src/southbridge/intel/bd82x6x/me_common.c b/src/southbridge/intel/bd82x6x/me_common.c index 422c091..e229956 100644 --- a/src/southbridge/intel/bd82x6x/me_common.c +++ b/src/southbridge/intel/bd82x6x/me_common.c @@ -11,6 +11,7 @@ #include <string.h> #include <delay.h> #include <halt.h> +#include <timer.h>
#include "me.h" #include "pch.h" @@ -417,4 +418,78 @@ pch_enable(dev); }
+bool enter_soft_temp_disable(void) +{ + /* The binary sequence for the disable command was found by PT in some vendor BIOS */ + struct me_disable message = { + .rule_id = MKHI_DISABLE_RULE_ID, + .data = 0x01, + }; + struct mkhi_header mkhi = { + .group_id = MKHI_GROUP_ID_FWCAPS, + .command = MKHI_FWCAPS_SET_RULE, + }; + struct mei_header mei = { + .is_complete = 1, + .length = sizeof(mkhi) + sizeof(message), + .host_address = MEI_HOST_ADDRESS, + .client_address = MEI_ADDRESS_MKHI, + }; + u32 resp; + + if (mei_sendrecv(&mei, &mkhi, &message, &resp, sizeof(resp)) < 0 + || resp != MKHI_DISABLE_RULE_ID) { + printk(BIOS_WARNING, "ME: disable command failed\n"); + return false; + } + + return true; +} + +void enter_soft_temp_disable_wait(void) +{ + /* + * TODO: Find smarter way to determine when we're ready to reboot. + * + * There has to be some bit in some register, or something, that indicates that ME has + * finished doing its thing and we're ready to reboot. + * + * It was not found yet, though, and waiting for a response after the disable command is + * not enough. If we reboot too early, ME will not be disabled on next boot. For now, + * let's just wait for 1 second here. + */ + mdelay(1000); +} + +void exit_soft_temp_disable(struct device *dev) +{ + /* To bring ME out of Soft Temporary Disable Mode, host writes 0x20000000 to H_GS */ + pci_write_config32(dev, PCI_ME_H_GS, 0x2 << 28); +} + +void exit_soft_temp_disable_wait(struct device *dev) +{ + struct me_hfs hfs; + struct stopwatch sw; + + stopwatch_init_msecs_expire(&sw, ME_ENABLE_TIMEOUT); + + /** + * Wait for fw_init_complete. Check every 50 ms, give up after 20 sec. + * This is what vendor BIOS does. Usually it takes 1.5 seconds or so. + */ + do { + mdelay(50); + pci_read_dword_ptr(dev, &hfs, PCI_ME_HFS); + if (hfs.fw_init_complete) + break; + } while (!stopwatch_expired(&sw)); + + if (!hfs.fw_init_complete) + printk(BIOS_ERR, "ME: giving up on waiting for fw_init_complete\n"); + else + printk(BIOS_NOTICE, "ME: took %lums to complete initialization\n", + stopwatch_duration_msecs(&sw)); +} + #endif
-
Angel Pons (Code Review) -
build bot (Jenkins) (Code Review)
-
Damien Zammit (Code Review)
-
Evgeny Zinoviev (Code Review)
-
Nico Huber (Code Review)
-
Patrick Rudolph (Code Review)
-
Paul Menzel (Code Review)