This is fantastic!
I hope you can write this up for the coreboot wiki ...
ron
On Thu, Sep 15, 2016 at 12:24 PM Trammell Hudson hudson@trmm.net wrote:
On Mon, Sep 12, 2016 at 09:27:18PM +0000, Peter Stuge wrote:
Trammell Hudson wrote:
I've experimented with clearing additional bits, from 0x3000 to 0x10000 with the same results. If I were really motivated I might binary
search
how much of the firmware it needs...
That would be interesting.
After a fairly brief binary search, I have determined a significantly reduced chunk of code required to have the Intel Management Engine bring up the hardware and then stay in the "ROM Phase". This also allowed me to adjust the flash descriptor to give an extra 3 MB of storage to coreboot for my payload, as well as removed some of the problematic ME applications.
The only piece that must be present for my x230 to function is the 512 KB FTPR partition at offset 0x183000, which contains these compressed modules (some Huffman, some LZMA):
'UPDATE' 000001BE 'ROMP' 0000070A 'BUP' 0000E064 'KERNEL' 00021B62 'POLICY' 00016AE2 'HOSTCOMM' 00006DDB 'RSA' 00005255 'CLS' 00005791 'TDT' 000066E5 'FTCS' 00004680 'ClsPriv' 000003E1 'SESSMGR' 0000E909This means that the ME no longer has any network stack (stored in the NFTP partition that has been removed), nor the protected video path or JCOM modules from the MDMV parition. I do not know if the various anti-theft and timeout measures are also now neutralized.
If I leave the firmware partition table at offset 0x3000 in place, the ME faults after bringup (but the system continues to function). Without the partition table it stays in the ROM phase. I'm not sure if one outcome is preferable to the other.
Relocating the FTPR partition did not work unfortunately, so there is some wasted space.
-- Trammell
-- coreboot mailing list: coreboot@coreboot.org https://www.coreboot.org/mailman/listinfo/coreboot