Nicola Corna (nicola@corna.info) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/18206

-gerrit

commit 3c9e88fb18168fdf8f3e2fb0297f0e58e822baee Author: Nicola Corna nicola@corna.info Date: Mon Jan 23 15:29:03 2017 +0100

sb/intel/common: Hook up me_cleaner

Change-Id: I46f461a1a7e058d57259f313142b00146f0196aa Signed-off-by: Nicola Corna nicola@corna.info --- src/southbridge/intel/common/firmware/Kconfig | 26 ++++++++++++++++++++++ src/southbridge/intel/common/firmware/Makefile.inc | 5 +++++ 2 files changed, 31 insertions(+)

diff --git a/src/southbridge/intel/common/firmware/Kconfig b/src/southbridge/intel/common/firmware/Kconfig index c36b235..d049383 100644 --- a/src/southbridge/intel/common/firmware/Kconfig +++ b/src/southbridge/intel/common/firmware/Kconfig @@ -58,6 +58,32 @@ config ME_BIN_PATH default "3rdparty/blobs/mainboard/$(MAINBOARDDIR)/me.bin" depends on HAVE_ME_BIN

+config USE_ME_CLEANER + bool "Strip down the Intel ME/TXE firmware" + depends on HAVE_ME_BIN && (NORTHBRIDGE_INTEL_SANDYBRIDGE || \ + NORTHBRIDGE_INTEL_IVYBRIDGE || NORTHBRIDGE_INTEL_HASWELL || \ + SOC_INTEL_BROADWELL || SOC_INTEL_SKYLAKE || \ + SOC_INTEL_BAYTRAIL || SOC_INTEL_BRASWELL) + help + Use me_cleaner.py to partially deblob the Intel ME/TXE firmware. + The resulting Intel ME/TXE firmware has only the code responsible for + the very basic hardware initialization, leaving the ME/TXE subsystem + essentially in a disabled state, but still allowing the system to + power on correctly. + + WARNING: this tool isn't based on any official Intel documentation but + only on reverse engineering and trial & error. Even if this tool seems + stable on multiple platforms and architectures, it still might lead to + unexpected behaviours. + See the project's page + https://github.com/corna/me_cleaner + or the wiki + https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F + https://github.com/corna/me_cleaner/wiki/me_cleaner-status + for more info about this tool + + If unsure, say N. + config HAVE_GBE_BIN bool "Add gigabit ethernet firmware" depends on HAVE_IFD_BIN diff --git a/src/southbridge/intel/common/firmware/Makefile.inc b/src/southbridge/intel/common/firmware/Makefile.inc index 17e53b5..98a36d3 100644 --- a/src/southbridge/intel/common/firmware/Makefile.inc +++ b/src/southbridge/intel/common/firmware/Makefile.inc @@ -58,6 +58,11 @@ ifeq ($(CONFIG_HAVE_ME_BIN),y) $(obj)/coreboot.pre mv $(obj)/coreboot.pre.new $(obj)/coreboot.pre endif +ifeq ($(CONFIG_USE_ME_CLEANER),y) + printf " ME_CLEANER coreboot.pre\n" + util/me_cleaner/me_cleaner.py $(obj)/coreboot.pre > \ + $(obj)/me_cleaner.log +endif ifeq ($(CONFIG_HAVE_GBE_BIN),y) printf " IFDTOOL gbe.bin -> coreboot.pre\n" $(objutil)/ifdtool/ifdtool \