Hey everyone,
currently I working on a x220 to flash coreboot onto it. I notice that my x220 has a current BIOS version from 2011 (1.24 UEFI/BIOS and 1.13 ECP).
Within the change-log[0] variates updates and fixes are stated. Including changes to the ME engine. Within many documentation part of coreboot, it's stated, that the ME part can't be written. Here my question: Should I update the BIOS to the latest release before flashing coreboot onto it?
There is for example this note:
If the UEFI BIOS has been updated to version 1.43 or higher, it is no longer able to roll back to the version before 1.43 for security improvement.
Could this cause problems? For example the CVE-2017-5715 (Spectre) would be fixed. I expect them to run role out the microcode update from Intel... so might be no problem to coreboot, right?
best regards, akendo
On Thu, 7 Jun 2018 12:05:34 +0200 Akendo akendo@akendo.eu wrote:
Hey everyone,
currently I working on a x220 to flash coreboot onto it. I notice that my x220 has a current BIOS version from 2011 (1.24 UEFI/BIOS and 1.13 ECP).
Within the change-log[0] variates updates and fixes are stated. Including changes to the ME engine. Within many documentation part of coreboot, it's stated, that the ME part can't be written. Here my question: Should I update the BIOS to the latest release before flashing coreboot onto it?
A little hint: The BIOS update might also be updating the EC = Embedded Controller containing various fixes / improvements. E.g. on the X200 it is recommended to upgrade to the latest stock BIOS before flashing coreboot, which brings improvements in battery handling IIRC.
There is for example this note:
If the UEFI BIOS has been updated to version 1.43 or higher, it is no longer able to roll back to the version before 1.43 for security improvement.
Could this cause problems? For example the CVE-2017-5715 (Spectre) would be fixed. I expect them to run role out the microcode update from Intel... so might be no problem to coreboot, right?
best regards, akendo
Am 07.06.2018 18:46 schrieb Merlin Büge:
On Thu, 7 Jun 2018 12:05:34 +0200 Akendo akendo@akendo.eu wrote:
Hey everyone,
currently I working on a x220 to flash coreboot onto it. I notice that my x220 has a current BIOS version from 2011 (1.24 UEFI/BIOS and 1.13 ECP).
Within the change-log[0] variates updates and fixes are stated. Including changes to the ME engine. Within many documentation part of coreboot, it's stated, that the ME part can't be written. Here my question: Should I update the BIOS to the latest release before flashing coreboot onto it?
A little hint: The BIOS update might also be updating the EC = Embedded Controller containing various fixes / improvements. E.g. on the X200 it is recommended to upgrade to the latest stock BIOS before flashing coreboot, which brings improvements in battery handling IIRC.
Right. Not the ME, but the EC software is why I'd definitely upgrade in your case. Changing that after you've flashed coreboot is quite annoying.
I'm not sure how their support for the X220 (it's been targeting the x230) is, but may be worth having a look: This project downloads the official iso image, can apply a patch to the EC firmware to enable using unofficial 3rd-party batteries, and generate an iso or USB image: https://github.com/hamishcoleman/thinkpad-ec
Especially if you plan to apply me_cleaner to your image, all the rest doesn't really matter I guess.
martin