not sure what you are looking for, but I guess this is
what you need,
(microcode updates are publicly available and gfx init
I'd like to have system updated against spectre, and other possible
vulnerabilities as much as possible.
If lenovo (or any other vendor) releases updates, which in this case
address spectre vulnerability,
then I'd need to get binary blobs from this update, compare them
against previous BIOS version blobs
and in case they differ, bundle them into coreboot BIOS, then save
coreboot onto x220. The extra step I do is intel ME neutralization.
That's why I (believe I) need the blobs from the newest update. Is the
reasoning correct, or I could do it more wise?
blobs I've initially taken are:
1. If I neutralize me.bin, then maybe updating it does not make sense?
Otherwise, maybe I could use MEanalyzer + its database to get
newest ME, then neutralize it?
2. as I know spectre fixes reside in CPU microcodes. If so, then maybe
coreboot can be compiled with
newest CPU microcode for given CPUID (I've found one on
CPUmicrocodes @ github). Or maybe the only
place where fixes are possible to appear is CPU microcode?
3. flashdescriptor.bin - can it contain vulnerabilities? If yes, where
to get it from?
4. gbe.bin - the same questions here.