On Sun, Jan 26, 2020 at 9:44 AM Mogens Jensen via coreboot < coreboot@coreboot.org> wrote:
When compiling coreboot for my Intense PC, I used binary blobs extracted from stock firmware. The ME/TXE firmware version is 8.1.20.1336 and this contains multiple security vulnerabilities. Unfortunately, running me_cleaner on ME blob breaks SATA [1], so next best thing is updating to latest ME blob released by CompuLab. However, this seems not so straight forward.
Have you considered different permutations of me_cleaner - for example using the AltMeDisable/HAP switch instead of the partition removal method? i tend to do both the partition removal and the altme/hap switch, but some motherboards simply dont like partitions removed.In those cases, ive used HAP/altMEdisable and ME has stayed inoperative. Theres a reason a certain three letter agency asked for that switch to be there for their high assurance platform. Id be surprised if the HAP switch setting didnt work - try the lowercase -s switch.
Another area to consider would be whitelisting some FTPR modules when running me_cleaner and see if that resolves the issue with SATA, if you really have to run the partition removal method. Some of my mobos require --whitelist EFFS,FCRS
--
Kind Regards,
Simon Newton
E: Simon.newton@gmail.com