[coreboot-gerrit] Change in coreboot[master]: sb/intel/common/firmware: Keep CHECK_ME disabled by default
Nicola Corna (Code Review)
gerrit at coreboot.org
Mon May 1 11:24:01 CEST 2017
Nicola Corna has posted comments on this change. ( https://review.coreboot.org/19257 )
Change subject: sb/intel/common/firmware: Keep CHECK_ME disabled by default
......................................................................
Patch Set 1:
(1 comment)
https://review.coreboot.org/#/c/19257/1//COMMIT_MSG
Commit Message:
PS1, Line 9: Keeping CHECK_ME unset by default.
> IMO this option is only useful if people are messing with their ME binary.
with the -c flag the ME binary is opened in read-only mode, and it just checks the presence of the fundamental parts of the ME image
https://github.com/corna/me_cleaner/blob/master/me_cleaner.py#L310
The checks are performed by the tool designed for the deblobbing because it's the only tool able to look inside the ME images, and most of the checks are in common.
If this is raising suspects, I can split me_cleaner in two.
--
To view, visit https://review.coreboot.org/19257
To unsubscribe, visit https://review.coreboot.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Ib3186498c8da307b686c06c3828e24acbc7f2d17
Gerrit-PatchSet: 1
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Owner: Naresh Solanki <naresh.solanki at intel.com>
Gerrit-Reviewer: Aaron Durbin <adurbin at chromium.org>
Gerrit-Reviewer: Balaji Manigandan <balaji.manigandan at intel.com>
Gerrit-Reviewer: Duncan Laurie <dlaurie at chromium.org>
Gerrit-Reviewer: Furquan Shaikh <furquan at google.com>
Gerrit-Reviewer: Martin Roth <martinroth at google.com>
Gerrit-Reviewer: Naresh Solanki <naresh.solanki at intel.com>
Gerrit-Reviewer: Nicola Corna <nicola at corna.info>
Gerrit-Reviewer: Paul Menzel <paulepanter at users.sourceforge.net>
Gerrit-Reviewer: Rizwan Qureshi <rizwan.qureshi at intel.com>
Gerrit-Reviewer: build bot (Jenkins)
Gerrit-HasComments: Yes
More information about the coreboot-gerrit
mailing list