Re: [coreboot] lenovo x220, tool to extract binary blobs from BIOS update

Hi!

On 24.04.2018 21:27, Mat wrote:

I'd like to have system updated against spectre, and other possible vulnerabilities as much as possible.

With the retpoline option in the Linux kernel, it should be usually safe (see attachment).

"IBPB is considered as a good addition to retpoline for Variant 2 mitigation, but your CPU microcode doesn't support it"

1. If I neutralize me.bin, then maybe updating it does not make sense?  Otherwise, maybe I could use MEanalyzer + its database to get newest ME, then neutralize it?

Maybe not, don't think that there is a new ME version availabe? Wasn't it version 9?

place where fixes are possible to appear is CPU microcode?

See above. Did you found the matching microcode?

3. flashdescriptor.bin - can it contain vulnerabilities? If yes, where to get it from?

I guess, that's only possible, if you fetch it from the flashed vendor bios.

4. gbe.bin - the same questions here.

Isn't that the firmware of the gigabit ethernet card? I think so.

Regards, Reiner