Hello Shawn,
Happy New Year to you too. I wish you and all Coreboot community to be blessed by Health. :-)
Needless to say, I found your changes there, but just yesterday evening.
Here they are: https://github.com/zamaudio/intelmetool/commit/052350ae131b34b95f55a56c35e3b...
I also fetched the latest coreboot few moments the same time, and checked: these changes are not incorporated in the latest Coreboot: 4.5-759-gab8f7d315e
So, I'll ask kindly Damien to add these changes into Coreboot (there are a bit more lines that you added there).
Damien (Zammit),
could you, please, update Coreboot intelmetool with the latest changes?
I'll look (later) into two latest net links you have provided to me. :-)
Thank you, Zoran
On Thu, Jan 5, 2017 at 7:22 AM, Shawn citypw@gmail.com wrote:
Hi Zoran,
Happy new year;-)
intelmetool merged the patch, plz check:
https://github.com/zamaudio/intelmetool
If you're going to only neutralize the ME, you can use external programmer && try me_cleaner:
https://github.com/corna/me_cleaner/
We've only tested a few coreboot supported mainboards on neutralizing ME( I'm afarid your hardware isn't on the list-_-):
https://github.com/hardenedlinux/hardenedlinux_ profiles/tree/master/coreboot
On Wed, Jan 4, 2017 at 8:28 PM, Zoran Stojsavljevic zoran.stojsavljevic@gmail.com wrote:
Hello Shawn,
I am late, I apologize... New Year, everything is slow, me either.
For me, the link you have provided does not work?! it is HTTP 404 (page
not
found). Could you, please, repost the valid link? Or to attach the given patch to this email?
With the normal Coreboot intelmetool (where I added one more printk() to explore what are the device ids the tool looks into), I have the
following:
[root@localhost intelmetool]# uname -a Linux localhost.localdomain 4.8.15-300.fc25.x86_64 #1 SMP Thu Dec 15 23:10:23 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux [1]+ Done emacs intelmetool.h [root@localhost intelmetool]# ./intelmetool -s dev->vendor_id = 0x8086, dev->device_id = 0x9c22 dev->vendor_id = 0x8086, dev->device_id = 0x9c03 dev->vendor_id = 0x8086, dev->device_id = 0x9c43 Bad news, you have a `8 Series LPC Controller` so you have ME hardware on board and you can't control or disable it, continuing...
Error mapping physical memory 0x0000004275159040 [0x4000] ERRNO=1 Segmentation fault (core dumped)
[root@localhost intelmetool]# lspci -nn | grep 9c22 00:1f.3 SMBus [0c05]: Intel Corporation 8 Series SMBus Controller [8086:9c22] (rev 04) [root@localhost intelmetool]# lspci -nn | grep 9c03 00:1f.2 SATA controller [0106]: Intel Corporation 8 Series SATA
Controller 1
[AHCI mode] [8086:9c03] (rev 04) [root@localhost intelmetool]# lspci -nn | grep 9c43 00:1f.0 ISA bridge [0601]: Intel Corporation 8 Series LPC Controller [8086:9c43] (rev 04) [root@localhost intelmetool]#
Yet, in intelmetool.h it says explicitly:
// Definitely has ME and is very difficult to remove [snap] #define PCI_DEVICE_ID_INTEL_LYNXPOINT_LP_FULL 0x9c41 #define PCI_DEVICE_ID_INTEL_LYNXPOINT_LP_PREM 0x9c43 #define PCI_DEVICE_ID_INTEL_LYNXPOINT_LP_BASE 0x9c45
Coreboot ME pros, any comment on my HW (i5-4300U HSW ULT + PCH
LynxPoint)?
Appreciate any help!
Thank you, Zoran
On Fri, Dec 30, 2016 at 11:25 AM, Shawn citypw@gmail.com wrote:
This is a work around patch( I think?):
ad778fc347b2bb0494abe2186632a072b8ad1a11
./intelmetool -s RCBA at 0x00000000 MEI not hidden on PCI, checking if visible MEI found: [8086:9d3a] Sunrise Point-LP CSME HECI
ME Status : 0xa0000245 ME Status 2 : 0x86110306
ME: FW Partition Table : OK ME: Bringup Loader Failure : NO ME: Firmware Init Complete : YES ME: Manufacturing Mode : NO ME: Boot Options Present : NO ME: Update In Progress : NO ME: Current Working State : Normal ME: Current Operation State : M0 with UMA ME: Current Operation Mode : Normal ME: Error Code : No Error ME: Progress Phase : Clean Moff->Mx wake ME: Power Management Event : Pseudo-global reset ME: Progress Phase State : Unknown 0x11
PCI READ [bc] : 0x000000bc ME: Extend Register not valid
ME seems okay on this board WRITE [00] : CB: 0x80040007 WRITE [00] : CB: 0x000002ff READ [08] : CB: 0x801c0007 READ [08] : CB: 0x000082ff READ [08] : CB: 0x000b0000 READ [08] : CB: 0x0000049c READ [08] : CB: 0x000b0000 READ [08] : CB: 0x0000049c READ [08] : CB: 0x000b0000 READ [08] : CB: 0x0000049c ME: Firmware Version 11.0.1180.0 (code) 11.0.1180.0 (recovery) 11.0.1180.0 (fitc) WRITE [00] : CB: 0x80080007 WRITE [00] : CB: 0x00000203 WRITE [00] : CB: 0x00000000 READ [08] : CB: 0x800d0007 READ [08] : CB: 0x00008203 READ [08] : CB: 0x00000000 READ [08] : CB: 0x111a4004 READ [08] : CB: 0x00000031 ME Capability: Full Network manageability : OFF ME Capability: Regular Network manageability : OFF ME Capability: Manageability : OFF ME Capability: Small business technology : OFF ME Capability: Level III manageability : OFF ME Capability: IntelR Anti-Theft (AT) : OFF ME Capability: IntelR Capability Licensing Service (CLS) : ON ME Capability: IntelR Power Sharing Technology (MPC) : OFF ME Capability: ICC Over Clocking : ON ME Capability: Protected Audio Video Path (PAVP) : ON ME Capability: IPV6 : OFF ME Capability: KVM Remote Control (KVM) : OFF ME Capability: Outbreak Containment Heuristic (OCH) : OFF ME Capability: Virtual LAN (VLAN) : ON ME Capability: TLS : OFF ME Capability: Wireless LAN (WLAN) : OFF exiting
On Fri, Dec 30, 2016 at 11:04 AM, Shawn citypw@gmail.com wrote:
Hi Zoran,
Thanks for the info. I added my Device ID into the intelmetool.h:
diff --git a/intelmetool.h b/intelmetool.h index d79d6b0..16ca43a 100644 --- a/intelmetool.h +++ b/intelmetool.h @@ -225,6 +225,7 @@ #define PCI_DEVICE_ID_INTEL_ICH9DO 0x2914 #define PCI_DEVICE_ID_INTEL_ICH9R 0x2916 #define PCI_DEVICE_ID_INTEL_ICH9 0x2918 +#define PCI_DEVICE_ID_INTEL_SUNRISE 0x9d3a
#define PCI_DEV_CAN_DISABLE_ME_IF_PRESENT(x) ( \ ( (x) == PCI_DEVICE_ID_INTEL_ICH8 ) || \ @@ -232,6 +233,7 @@ ( (x) == PCI_DEVICE_ID_INTEL_ICH9DH ) || \ ( (x) == PCI_DEVICE_ID_INTEL_ICH9DO ) || \ ( (x) == PCI_DEVICE_ID_INTEL_ICH9R ) || \
( (x) == PCI_DEVICE_ID_INTEL_SUNRISE ) || \ ( (x) == PCI_DEVICE_ID_INTEL_ICH9 ))
// Not sure at all
This one should be the ME? +-16.0 Intel Corporation Sunrise Point-LP CSME HECI [8086:9d3a]
#./intelmetool -s Not sure if ME hardware is present because you have a `Sunrise Point-LP CSME HECI`, but it is possible to disable it if you do, continuing... RCBA at 0x00000000 MEI not hidden on PCI, checking if visible MEI device not found, huh? exiting
On Thu, Dec 29, 2016 at 12:50 AM, Zoran Stojsavljevic zoran.stojsavljevic@gmail.com wrote:
> I'm not sure if intelmetool support Skylake as well.
Investigated more. The coreboot intelmetool is the latest one, as I understood (comparing one from github and coreboot).
And Sunrise Point is NOT supported (look into latest coreboot's coreboot/util/intelmetool/intelmetool.h). You can try to add it (as Device ID), manually, peek around the C code, and see if this can help you.
Zoran
On Wed, Dec 28, 2016 at 5:26 PM, Zoran Stojsavljevic zoran.stojsavljevic@gmail.com wrote:
Hello Shawn,
Please, follow my CLI transcript from my Future Fedora 26 VM over WIN10 (now rawhide) with Fedora 4.8.15 kernel implanted (kernel 4.10.0-rc0 gives me lot of griefs, I do not trust it, so I eliminated it for now):
[zoran@localhost ~]$ cd projects/ [zoran@localhost projects]$ mkdir intelmetool [zoran@localhost projects]$ cd intelmetool/ [zoran@localhost intelmetool]$ pwd /home/zoran/projects/intelmetool [zoran@localhost intelmetool]$ uname -r 4.8.15-300.fc25.x86_64 [zoran@localhost intelmetool]$ git clone https://github.com/zamaudio/intelmetool.git Cloning into 'intelmetool'... remote: Counting objects: 214, done. remote: Total 214 (delta 0), reused 0 (delta 0), pack-reused 214 Receiving objects: 100% (214/214), 72.42 KiB | 0 bytes/s, done. Resolving deltas: 100% (125/125), done. [zoran@localhost intelmetool]$ ls -al total 12 drwxrwxr-x. 3 zoran zoran 4096 Dec 28 17:06 . drwxrwxr-x. 10 zoran zoran 4096 Dec 28 17:05 .. drwxrwxr-x. 3 zoran zoran 4096 Dec 28 17:06 intelmetool [zoran@localhost intelmetool]$ cd intelmetool/ [zoran@localhost intelmetool]$ ls -al total 100 drwxrwxr-x. 3 zoran zoran 4096 Dec 28 17:06 . drwxrwxr-x. 3 zoran zoran 4096 Dec 28 17:06 .. drwxrwxr-x. 8 zoran zoran 4096 Dec 28 17:06 .git -rw-rw-r--. 1 zoran zoran 16 Dec 28 17:06 .gitignore -rw-rw-r--. 1 zoran zoran 8956 Dec 28 17:06 intelmetool.c -rw-rw-r--. 1 zoran zoran 9783 Dec 28 17:06 intelmetool.h -rw-rw-r--. 1 zoran zoran 532 Dec 28 17:06 LICENSE -rw-rw-r--. 1 zoran zoran 351 Dec 28 17:06 Makefile -rw-rw-r--. 1 zoran zoran 16810 Dec 28 17:06 me.c -rw-rw-r--. 1 zoran zoran 10622 Dec 28 17:06 me.h -rw-rw-r--. 1 zoran zoran 7246 Dec 28 17:06 me_status.c -rw-rw-r--. 1 zoran zoran 1109 Dec 28 17:06 mmap.c -rw-rw-r--. 1 zoran zoran 224 Dec 28 17:06 mmap.h -rw-rw-r--. 1 zoran zoran 90 Dec 28 17:06 README.md [zoran@localhost intelmetool]$ su -m Password: [root@localhost intelmetool]# make gcc -Wall -O0 -g -I. -c me_status.c -o me_status.o gcc -Wall -O0 -g -I. -c me.c -o me.o me.c: In function ‘mei_dump’: me.c:63:18: warning: variable ‘csr’ set but not used [-Wunused-but-set-variable] struct mei_csr *csr; ^~~ gcc -Wall -O0 -g -I. -c mmap.c -o mmap.o mmap.c: In function ‘map_physical_exact’: mmap.c:11:26: warning: passing argument 1 of ‘mmap’ makes pointer
from
integer without a cast [-Wint-conversion] virt_addr = mmap(mapto, len, PROT_WRITE | PROT_READ, MAP_SHARED|MAP_FIXED, ^~~~~ In file included from mmap.h:4:0, from mmap.c:1: /usr/include/sys/mman.h:57:14: note: expected ‘void *’ but argument
is
of type ‘uint64_t {aka long unsigned int}’ extern void *mmap (void *__addr, size_t __len, int __prot, ^~~~ gcc -Wall -O0 -g -I. -o intelmetool intelmetool.o me_status.o me.o mmap.o -lpci [root@localhost intelmetool]# date Wed Dec 28 17:07:26 CET 2016 [root@localhost intelmetool]# ls -al total 228 drwxrwxr-x. 3 zoran zoran 4096 Dec 28 17:07 . drwxrwxr-x. 3 zoran zoran 4096 Dec 28 17:06 .. drwxrwxr-x. 8 zoran zoran 4096 Dec 28 17:06 .git -rw-rw-r--. 1 zoran zoran 16 Dec 28 17:06 .gitignore -rwxr-xr-x. 1 root root 47008 Dec 28 17:07 intelmetool -rw-rw-r--. 1 zoran zoran 8956 Dec 28 17:06 intelmetool.c -rw-rw-r--. 1 zoran zoran 9783 Dec 28 17:06 intelmetool.h -rw-rw-r--. 1 zoran zoran 22144 Dec 28 17:06 intelmetool.o -rw-rw-r--. 1 zoran zoran 532 Dec 28 17:06 LICENSE -rw-rw-r--. 1 zoran zoran 351 Dec 28 17:06 Makefile -rw-rw-r--. 1 zoran zoran 16810 Dec 28 17:06 me.c -rw-rw-r--. 1 zoran zoran 10622 Dec 28 17:06 me.h -rw-r--r--. 1 root root 28984 Dec 28 17:07 me.o -rw-rw-r--. 1 zoran zoran 7246 Dec 28 17:06 me_status.c -rw-r--r--. 1 root root 15704 Dec 28 17:07 me_status.o -rw-rw-r--. 1 zoran zoran 1109 Dec 28 17:06 mmap.c -rw-rw-r--. 1 zoran zoran 224 Dec 28 17:06 mmap.h -rw-r--r--. 1 root root 7648 Dec 28 17:07 mmap.o -rw-rw-r--. 1 zoran zoran 90 Dec 28 17:06 README.md [root@localhost intelmetool]# ./intelmetool ME is not present on your board because we found a `82371AB/EB/MB PIIX4 ISA`, you are safe, exiting [root@localhost intelmetool]# _______
Do NOT forget: I run Fedora rawhide on VMWorkstation 12.5.2 Type 2
HYP
on the top of WIN10 64 Pro!
Please, do the same on Mint18 distro on raw HW, and see if this will give you some different results then what you have presently?
Please, let us know!
Zoran
On Wed, Dec 28, 2016 at 11:06 AM, Shawn citypw@gmail.com wrote: > > Hi Zoran, > > I created hwdb.bin via: > > # udevadm hwdb --update > > The result is still "segfault". dmesg: > > [ 972.044664] intelmetool[5055]: segfault at 16 ip
000000000040169e
> sp 000072ed96a44680 error 4 in intelmetool[400000+6000] > [ 972.044674] grsec: Segmentation fault occurred at
0000000000000016
> in /usr/local/bin/intelmetool[intelmetool:5055] uid/euid:0/0 > gid/egid:0/0, parent /bin/bash[bash:4332] uid/euid:0/0 gid/egid:0/0 > [ 972.044685] grsec: denied resource overstep by requesting 4096
for
> RLIMIT_CORE against limit 0 for > /usr/local/bin/intelmetool[intelmetool:5055] uid/euid:0/0 > gid/egid:0/0, parent /bin/bash[bash:4332] uid/euid:0/0 gid/egid:0/0 > > > On Mon, Dec 26, 2016 at 9:49 PM, Zoran Stojsavljevic > zoran.stojsavljevic@gmail.com wrote: > > Not sure if your strace log has anything to do with intelmetool. > > > > I did on your strace log the following (and in RED is possible > > cause of > > your > > problems): > > > > [zoran@localhost projects]$ cat crash.log | grep ENOENT > > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file > > or > > directory) > > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file > > or > > directory) > > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file > > or > > directory) > > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file > > or > > directory) > > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file > > or > > directory) > > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file > > or > > directory) > > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file > > or > > directory) > > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file > > or > > directory) > > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file > > or > > directory) > > open("/usr/share/misc/pci.ids.gz", O_RDONLY) = -1 ENOENT (No
such
> > file > > or > > directory) > > connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/
socket"},
> > 110) > > = -1 > > ENOENT (No such file or directory) > > connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/
socket"},
> > 110) > > = -1 > > ENOENT (No such file or directory) > > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file > > or > > directory) > > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file > > or > > directory) > > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file > > or > > directory) > > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file > > or > > directory) > > open("/root/.pciids-cache", O_RDONLY) = -1 ENOENT (No such file > > or > > directory) > > open("/etc/systemd/hwdb/hwdb.bin", O_RDONLY|O_CLOEXEC) = -1
ENOENT
> > (No > > such > > file or directory) > > open("/etc/udev/hwdb.bin", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No
such
> > file or > > directory) > > open("/usr/lib/systemd/hwdb/hwdb.bin", O_RDONLY|O_CLOEXEC) = -1 > > ENOENT > > (No > > such file or directory) > > open("/lib/systemd/hwdb/hwdb.bin", O_RDONLY|O_CLOEXEC) = -1
ENOENT
> > (No > > such > > file or directory) > > [zoran@localhost projects]$ > > > > I guess, you have one very important missing file in your Linux > > configuration, this one: /etc/systemd/hwdb/hwdb.bin... > > /etc/udev/hwdb.bin ?! > > > > Here is good read: > > https://www.freedesktop.org/software/systemd/man/hwdb.html > > > > > > http://www.dsm.fordham.edu/cgi-bin/man-cgi.pl?topic=
systemd-hwdb&sect=8
> > > > Have no idea who is creating this file, but you can check your > > Linux > > distro > > / tree with the following paths to find hwdb.bin: > > > > /etc/systemd/hwdb/hwdb.bin > > /etc/udev/hwdb.bin <<======= In my Fedora > > rawhide VM > > (future Fedora 26) I have here hwdb.bin ======= > > /usr/lib/systemd/hwdb/hwdb.bin > > /lib/systemd/hwdb/hwdb.bin > > > > If you don't have in any, please, create one with the following > > link: > > > > > > http://www.dsm.fordham.edu/cgi-bin/man-cgi.pl?topic=
systemd-hwdb&sect=8
> > > > Please, let us know! > > > > Zoran > > > > On Mon, Dec 26, 2016 at 3:42 PM, Shawn citypw@gmail.com wrote: > >> > >> Hi, > >> > >> intelmetool occurs "segfault" on my laptop running Mint 18 with > >> PaX/Grsecurity 4.7.10. The PCI info: > >> > >> -[0000:00]-+-00.0 Intel Corporation Sky Lake Host Bridge/DRAM > >> Registers [8086:1904] > >> +-02.0 Intel Corporation Sky Lake Integrated
Graphics
> >> [8086:1916] > >> +-04.0 Intel Corporation Skylake Processor Thermal > >> Subsystem [8086:1903] > >> +-14.0 Intel Corporation Sunrise Point-LP USB 3.0
xHCI
> >> Controller [8086:9d2f] > >> +-14.2 Intel Corporation Sunrise Point-LP Thermal > >> subsystem [8086:9d31] > >> +-15.0 Intel Corporation Sunrise Point-LP Serial IO > >> I2C > >> Controller [8086:9d60] > >> +-15.1 Intel Corporation Sunrise Point-LP Serial IO > >> I2C > >> Controller [8086:9d61] > >> +-16.0 Intel Corporation Sunrise Point-LP CSME HECI > >> [8086:9d3a] > >> +-1c.0-[01]----00.0 NVIDIA Corporation GM107M
[GeForce
> >> GTX > >> 960M] [10de:139b] > >> +-1c.4-[02]----00.0 Samsung Electronics Co Ltd NVMe > >> SSD > >> Controller [144d:a802] > >> +-1c.6-[03]----00.0 Qualcomm Atheros Killer E2400 > >> Gigabit > >> Ethernet Controller [1969:e0a1] > >> +-1c.7-[04]----00.0 Qualcomm Atheros QCA6174
802.11ac
> >> Wireless Network Adapter [168c:003e] > >> +-1d.0-[05]----00.0 Samsung Electronics Co Ltd NVMe > >> SSD > >> Controller [144d:a802] > >> +-1d.2-[06-3e]-- > >> +-1f.0 Intel Corporation Sunrise Point-LP LPC > >> Controller > >> [8086:9d48] > >> +-1f.2 Intel Corporation Sunrise Point-LP PMC > >> [8086:9d21] > >> +-1f.3 Intel Corporation Sunrise Point-LP HD Audio > >> [8086:9d70] > >> -1f.4 Intel Corporation Sunrise Point-LP SMBus > >> [8086:9d23] > >> > >> The crash log was attached! I'm not sure if intelmetool support > >> Skylake as well. One tiny feature of PaX/Grsecurity prevent the > >> ioperm > >> for killing the potential threats in case which > >> the adversary re-flash the SPI ROM once they get the root priv.
It
> >> does affect flashrom but intelmetool. I also ran intelmetool on > >> the > >> distro( Mint 18) kernel and got the same result. > >> > >> > >> -- > >> GNU powered it... > >> GPL protect it... > >> God blessing it... > >> > >> regards > >> Shawn > >> > >> -- > >> coreboot mailing list: coreboot@coreboot.org > >> https://www.coreboot.org/mailman/listinfo/coreboot > > > > > > > > -- > GNU powered it... > GPL protect it... > God blessing it... > > regards > Shawn
-- GNU powered it... GPL protect it... God blessing it...
regards Shawn
-- GNU powered it... GPL protect it... God blessing it...
regards Shawn
-- GNU powered it... GPL protect it... God blessing it...
regards Shawn