[coreboot-gerrit] Patch set updated for coreboot: sb/intel/common: Hook up me_cleaner
Nicola Corna (nicola@corna.info)
gerrit at coreboot.org
Sun Jan 29 11:59:51 CET 2017
Nicola Corna (nicola at corna.info) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/18206
-gerrit
commit 3618b27a3a2248d126c5d767b47244dd3a670319
Author: Nicola Corna <nicola at corna.info>
Date: Mon Jan 23 15:29:03 2017 +0100
sb/intel/common: Hook up me_cleaner
The me_cleaner option is available on multiple platforms:
* Sandy and Ivy Bridge (well tested by multiple users).
* Skylake and Braswell (tested).
* Haswell, Broadwell and Bay Trail (untested).
The untested platforms have been included anyways because all the
firmwares are very similar and Intel ME/TXE probably behaves in the
same way.
Change-Id: I46f461a1a7e058d57259f313142b00146f0196aa
Signed-off-by: Nicola Corna <nicola at corna.info>
---
src/southbridge/intel/common/firmware/Kconfig | 31 ++++++++++++++++++++++
src/southbridge/intel/common/firmware/Makefile.inc | 5 ++++
2 files changed, 36 insertions(+)
diff --git a/src/southbridge/intel/common/firmware/Kconfig b/src/southbridge/intel/common/firmware/Kconfig
index c36b235..af26b2d 100644
--- a/src/southbridge/intel/common/firmware/Kconfig
+++ b/src/southbridge/intel/common/firmware/Kconfig
@@ -58,6 +58,37 @@ config ME_BIN_PATH
default "3rdparty/blobs/mainboard/$(MAINBOARDDIR)/me.bin"
depends on HAVE_ME_BIN
+config USE_ME_CLEANER
+ bool "Strip down the Intel ME/TXE firmware"
+ depends on HAVE_ME_BIN && (NORTHBRIDGE_INTEL_SANDYBRIDGE || \
+ NORTHBRIDGE_INTEL_IVYBRIDGE || NORTHBRIDGE_INTEL_HASWELL || \
+ SOC_INTEL_BROADWELL || SOC_INTEL_SKYLAKE || \
+ SOC_INTEL_BAYTRAIL || SOC_INTEL_BRASWELL)
+ help
+ Use me_cleaner to remove all the non-fundamental code from the Intel
+ ME/TXE firmware.
+ The resulting Intel ME/TXE firmware will have only the code
+ responsible for the very basic hardware initialization, leaving the
+ ME/TXE subsystem essentially in a disabled state.
+
+ Don't flash a modified ME/TXE firmware and a new coreboot image at the
+ same time, test them in two different steps.
+
+ WARNING: this tool isn't based on any official Intel documentation but
+ only on reverse engineering and trial & error.
+
+ See the project's page
+ https://github.com/corna/me_cleaner
+ or the wiki
+ https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F
+ https://github.com/corna/me_cleaner/wiki/me_cleaner-status
+ for more info about this tool
+
+ If unsure, say N.
+
+comment "Please test the modified ME/TXE firmware and coreboot in two steps"
+ depends on USE_ME_CLEANER
+
config HAVE_GBE_BIN
bool "Add gigabit ethernet firmware"
depends on HAVE_IFD_BIN
diff --git a/src/southbridge/intel/common/firmware/Makefile.inc b/src/southbridge/intel/common/firmware/Makefile.inc
index 17e53b5..98a36d3 100644
--- a/src/southbridge/intel/common/firmware/Makefile.inc
+++ b/src/southbridge/intel/common/firmware/Makefile.inc
@@ -58,6 +58,11 @@ ifeq ($(CONFIG_HAVE_ME_BIN),y)
$(obj)/coreboot.pre
mv $(obj)/coreboot.pre.new $(obj)/coreboot.pre
endif
+ifeq ($(CONFIG_USE_ME_CLEANER),y)
+ printf " ME_CLEANER coreboot.pre\n"
+ util/me_cleaner/me_cleaner.py $(obj)/coreboot.pre > \
+ $(obj)/me_cleaner.log
+endif
ifeq ($(CONFIG_HAVE_GBE_BIN),y)
printf " IFDTOOL gbe.bin -> coreboot.pre\n"
$(objutil)/ifdtool/ifdtool \
More information about the coreboot-gerrit
mailing list