On 29.03.2017 22:37, Denis 'GNUtoo' Carikli wrote:
Nico Huber nico.huber@secunet.com wrote:
I had this on my TODO list for some time. I think we should (if not already done) extend ifdtool to toggle whatever bit is needed to run without ME firmware. And let people use that instead of building a new blob which only extends the list of entities you have to trust.
I had that on my TODO list too, I planed to do it this way:
- First merge ifdtool and ifdfake
- Adjust the build system to use the unified tool
Just drop ifdfake and related functions in our Kconfig/Makefiles. It's purpose relies on a patch to flashrom that was never merged and even its author (me) doesn't use it any more. The idea was to have the region table in the image to verify it against the descriptor in flash. IMO, flashrom should use the in flash descriptor by default and only support a different layout when explicitly asked to overwrite the descriptor. So you wouldn't usually need any descriptor in the coreboot image.
- Add the bits necessary to produce a working GM45 image, by using ich9gen as documentation.
flashrom/ich_descriptors.[ch] might also be a good reference.
However, I believe as long as a user can't verify the code of such a tool against some official documentation, he has not only to trust the chip vendors + OEM but also the author of such a tool to run his machine. You'll just exchange a blob for a blob.
Nico