Hi Philipp,
there is some documentation you might have missed [1] (can't blame you, the index is broken [2]).
On 18.09.19 23:23, Philipp Stanner wrote:
Am Montag, den 16.09.2019, 07:20 -0700 schrieb Stefan Reinauer:
Yes, this is often done as a cost reduction method. The habit started with the arrival of the ME and the firmware descriptor allowing you to spread your different firmware regions across one or both chips.
Hm, surprises me. Normally, in technology one big thing is cheaper – a large container ship instead of several small ones, one big hard drive instead of two small ones. And in this case they need some hardware mechanism concatenating the chips; this had to be developed first etc.
The opposite seems true if you consider that these chips are at the limit of the current technology. A better comparison would be a high end processor, 16 cores might cost you three times as much as 8 cores in the same package.
The tool ifdtool will help you analyze images for Intel firmware descriptors. Sounds like in this case ME and the other regions live in the larger chip, allowing the smaller chip to be fully used for system firmware. If that's the case, erasing the larger chip will brick your system. Better do some analysis first.
Ok, just to confirm: I have to analyze which part of the firmware + ME lays where. If the ME lays partly on the second chip (and I want to strip it), I have to extract both images – and flash both chips again so that the IME lays at the same offsets? I didn't fully understand how the flash descriptors work so far.
See documentation ^
If the ME lays on the first chip and coreboot fits into it with the stripped ME, I could erase the second chip – but don't really have to, because if there's no ME code on it, whatever lays there will not be executed again after flashing?
That question can only be answered if we'd assume absence of all bugs (otherwise, "will not be executed" becomes "shouldn't be executed"). If you erase it, you can be sure. If you don't, and some dormant code gets activated, you can never tell if it was an accident or a sophis- ticated backdoor.
In case, if you want to put coreboot into the first chip, you'll have to adapt the descriptor layout. coreboot needs to reside at the top (highest address) of the BIOS region.
Nico
[1] https://doc.coreboot.org/mainboard/lenovo/xx30_series.html [2] https://review.coreboot.org/c/coreboot/+/35462