Hello Angel,
Thank you for your reply! Sadly, Boot Guard is enabled in Verified Boot mode. I’ll ask if Qotom can spin up a batch without any public key burned into the CPU, or perhaps share the private key. (which is obviously unlikely — but one can try)
Regards, John
On 28 Aug 2018, at 23:49, Angel Pons th3fanbus@gmail.com wrote:
Hello John,
Silly but crucial question: is Intel Boot Guard enabled on this board? If it is enabled in Verified Mode, I am afraid replacing the firmware with coreboot is impossible and proceeding any further is futile. To make sure, you can check Intel Boot Guard's status with coreboot/util/intelmetool. IIRC, another way to check would to change the reset vector (last 16 bytes of the firmware image) on the vendor firmware without changing what it actually does. The reset vector usually (if not always) contains a JMP instruction, if you change what comes after it the board should boot fine.
Please check this before doing anything else to avoid wasting time.
Best regards,
Angel Pons