No. I set both ENABLE_VMX and SET_VMX_LOCK_BIT.
And there is no weird reports from kvm.
Persmule
在 2017年04月16日 20:27, Marek Behun 写道:
Hello persmule, I am now using coreboot master with ME cleaned to 96 KiB, as you said. There is only one thing: sometimes when booting the kernel prints
kvm: disable TXT in the BIOS or activate TXT before enabling KVM kvm: disabled by bios
I have ENABLE_VMX without SET_VMX_LOCK_BIT, but am using 4.9 kernel (which Paul said has some regressions). Do you also have this problem?
Marek
On Sat, 15 Apr 2017 22:56:31 +0800 persmule persmule@gmail.com wrote:
The ethernet controller DOES work. Everything is fine, except the 3~5 minutes first boot, as well as those I reported in the initial email yesterday.
在 2017年04月15日 22:52, Marek Behun 写道:
Will the ethernet controller work?
On Sat, 15 Apr 2017 21:55:52 +0800 persmule persmule@gmail.com wrote:
Hi Marek,
You should use the latest me_cleaner. The 96 KiB ME actually works, but just costs about 3~5 minutes to training the memory controller and write MRC cache during the first boot after flashing, and costs less than one second during later boots.
The only ME modules needed left should be BUP nad ROMP, all other modules are free to cleanse.
Try again, please, for your own freedom and security, and report your results on https://github.com/corna/me_cleaner/issues/3
Persmule.
在 2017年04月15日 20:13, Marek Behun 写道:
I have just now managed to flash my X230 with ME truncated to 828 KiB. I used an older version of me_cleaner (commit d1abbca2). This is because the current version of me_cleaner (which truncates ME to 96 KiB) does not work for me (X230 won't boot).
The currently active modules in my ME are (listed with unhuffme): BUP CLS ClsPriv FTCS HOSTCOMM KERNEL POLICY ROMP RSA SESSMGR TDT UPDATE
Note that originally ME contained all this modules: admin_cm BOP BUP CLS ClsPriv CONF_STACK eac FTCS HOSTCOMM ICC JOM KERNEL krb LOCL_GER MPC NET_SERVICES NET_STACK NFC Pavp PLDM POLICY ROMP RSA sal secio SESSMGR TDT tls UPDATE utilities WCOD_PUMA wlan
So the remove modules are: admin_cm BUP CONF_STACK eac ICC JOM krb LOCL_GER MPC NET_SERVICES NET_STACK NFC Pavp PLDM sal secio tls utilities WCOD_PUMA wlan
I do not know what all can the modules that I left there do, but my e1000e is working.
The current layout of the flash is:
00000000:00000fff fd 000d2000:00bfffff bios 00003000:000d1fff me 00001000:00002fff gbe
This left me with 10.85 MiB for the payload.
I am attaching my current descriptor.bin and me.bin, if someone wants to try.
Marek