Have we physically checked to determine if the ME uses e-fuses and not a poly switch. Or are we just trusting Intel on these matters?
On 17/9/21 12:37 am, Brian Milliron wrote:
Using a hardware flasher isn't a workaround, the signature check is done in hardware by the ACM using keys fused into the ME. If Bootguard enabled and keys fused, nothing can be done unfortunately.
I checked the BIOS. There was nothing specifically listed as "Bootguard" but all the BIOS protection options were turned off, including one listed as "Checked boot block on every boot". I'm guessing that means Bootguard is installed but not enabled. Is there another place to look to get a more accurate/detailed read on this?
You can build a large chunk of the board profile using inteltool (if platform supported), dumping ACPI, etc. But there are plenty of bits that aren't currently documented. And getting the EC to cooperate can be a real chore.
I dumped what inteltool was able to read, but I got a lot of "platform not supported" errors. I've attached the output to the end of this message. Do you think this information would be enough to create a bootable board profile?
the IFD and ME aren't needed strictly speaking, unless you need to modify them in some way. But you would extract those using ifdtool. Definitely don't want to use a non-board-specific ME downloaded from win-raid (eg) as the soft straps and clock mappings will not be correct for your board.
I intend on using me_cleaner to wipe all but a stub of the ME code, so having a working copy isn't something I'm too worried about as long as it passes the signature checks.
FSP (which contains both the MRC and PCH refcode) also does video init, and VBIOS isn't used on modern platforms. coreboot's native display init (libgfxinit) is preferred if available. The only bit you will likely need is the VBT, which you can get from Linux (or dump from vendor firmware, but often contains multiple copies).
How would I get hold of this?
###Inteltool output###
CPU: ID 0x806ec, Processor Type 0x0, Family 0x6, Model 0x8e, Stepping 0xc Northbridge: 8086:9b61 (10th generation (Comet Lake family) Core Processor (Mobile)) Southbridge: 8086:0284 (Comet Point-LP U Premium/Cometlake) IGD: 8086:9b41 (Intel(R) UHD Graphics) SBREG_BAR = 0xfd000000 (MEM)
Error mapping physical memory 0xfd000000[0x1000000] CPU: ID 0x806ec, Processor Type 0x0, Family 0x6, Model 0x8e, Stepping 0xc Northbridge: 8086:9b61 (10th generation (Comet Lake family) Core Processor (Mobile)) Southbridge: 8086:0284 (Comet Point-LP U Premium/Cometlake) IGD: 8086:9b41 (Intel(R) UHD Graphics)
========== LPC/eSPI =========
Error: Dumping LPC/eSPI on this southbridge is not (yet) supported.
CPU: ID 0x806ec, Processor Type 0x0, Family 0x6, Model 0x8e, Stepping 0xc Northbridge: 8086:9b61 (10th generation (Comet Lake family) Core Processor (Mobile)) Southbridge: 8086:0284 (Comet Point-LP U Premium/Cometlake) IGD: 8086:9b41 (Intel(R) UHD Graphics)
CPU: ID 0x806ec, Processor Type 0x0, Family 0x6, Model 0x8e, Stepping 0xc Northbridge: 8086:9b61 (10th generation (Comet Lake family) Core Processor (Mobile)) Southbridge: 8086:0284 (Comet Point-LP U Premium/Cometlake) IGD: 8086:9b41 (Intel(R) UHD Graphics)
============= AHCI Registers ==============
============= AHCI Configuration Registers ==============
============= SATA Initialization Registers ==============
============= ABAR ==============
ABAR = 0xf1215000 (MEM)
Error mapping physical memory 0xf1215000[0x400] CPU: ID 0x806ec, Processor Type 0x0, Family 0x6, Model 0x8e, Stepping 0xc Northbridge: 8086:9b61 (10th generation (Comet Lake family) Core Processor (Mobile)) Southbridge: 8086:0284 (Comet Point-LP U Premium/Cometlake) IGD: 8086:9b41 (Intel(R) UHD Graphics)
============= Dumping INTEL SGX status ============= Number of CPUs = 8 ------------- CPU 0 ---------------- SGX supported : YES SGX enabled : YES Feature Control locked : YES ------------- CPU 1 ---------------- SGX supported : YES SGX enabled : YES Feature Control locked : YES ------------- CPU 2 ---------------- SGX supported : YES SGX enabled : YES Feature Control locked : YES ------------- CPU 3 ---------------- SGX supported : YES SGX enabled : YES Feature Control locked : YES ------------- CPU 4 ---------------- SGX supported : YES SGX enabled : YES Feature Control locked : YES ------------- CPU 5 ---------------- SGX supported : YES SGX enabled : YES Feature Control locked : YES ------------- CPU 6 ---------------- SGX supported : YES SGX enabled : YES Feature Control locked : YES ------------- CPU 7 ---------------- SGX supported : YES SGX enabled : YES Feature Control locked : YES ==================================================== CPU: ID 0x806ec, Processor Type 0x0, Family 0x6, Model 0x8e, Stepping 0xc Northbridge: 8086:9b61 (10th generation (Comet Lake family) Core Processor (Mobile)) Southbridge: 8086:0284 (Comet Point-LP U Premium/Cometlake) IGD: 8086:9b41 (Intel(R) UHD Graphics)
============= Dumping INTEL TME status ============= TME supported : NO ==================================================== _______________________________________________ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-leave@coreboot.org