[coreboot] ThinkPad X230 with working truncated ME and 11 MB space for payload

Marek Behun kabel at blackhole.sk
Sun Apr 16 14:27:57 CEST 2017 

Hello persmule,
I am now using coreboot master with ME cleaned to 96 KiB, as you said.
There is only one thing: sometimes when booting the kernel prints

  kvm: disable TXT in the BIOS or activate TXT before enabling KVM
  kvm: disabled by bios

I have ENABLE_VMX without SET_VMX_LOCK_BIT, but am using 4.9 kernel
(which Paul said has some regressions). Do you also have this problem?

Marek



On Sat, 15 Apr 2017 22:56:31 +0800
persmule <persmule at gmail.com> wrote:

> The ethernet controller DOES work. Everything is fine, except the 3~5
> minutes first boot, as well as those I reported in the initial email
> yesterday.
> 
> 
> 在 2017年04月15日 22:52, Marek Behun 写道:
> > Will the ethernet controller work?
> >
> > On Sat, 15 Apr 2017 21:55:52 +0800
> > persmule <persmule at gmail.com> wrote:
> >  
> >> Hi Marek,
> >>
> >> You should use the latest me_cleaner. The 96 KiB ME actually works,
> >> but just costs about 3~5 minutes to training the memory controller
> >> and write MRC cache during the first boot after flashing, and costs
> >> less than one second during later boots.
> >>
> >> The only ME modules needed left should be BUP nad ROMP, all other
> >> modules are free to cleanse.
> >>
> >> Try again, please, for your own freedom and security, and report
> >> your results on https://github.com/corna/me_cleaner/issues/3
> >>
> >> Persmule.
> >>
> >> 在 2017年04月15日 20:13, Marek Behun 写道:  
> >>> I have just now managed to flash my X230 with ME truncated to 828
> >>> KiB. I used an older version of me_cleaner (commit d1abbca2). This
> >>> is because the current version of me_cleaner (which truncates ME
> >>> to 96 KiB) does not work for me (X230 won't boot).
> >>>
> >>> The currently active modules in my ME are (listed with unhuffme):
> >>>   BUP CLS ClsPriv FTCS HOSTCOMM KERNEL POLICY ROMP RSA SESSMGR TDT
> >>>   UPDATE
> >>>
> >>> Note that originally ME contained all this modules:
> >>>   admin_cm BOP BUP CLS ClsPriv CONF_STACK eac FTCS HOSTCOMM ICC
> >>> JOM KERNEL krb LOCL_GER MPC NET_SERVICES NET_STACK NFC Pavp PLDM
> >>> POLICY ROMP RSA sal secio SESSMGR TDT tls UPDATE utilities
> >>> WCOD_PUMA wlan
> >>>
> >>> So the remove modules are:
> >>>   admin_cm BUP CONF_STACK eac ICC JOM krb LOCL_GER MPC
> >>> NET_SERVICES NET_STACK NFC Pavp PLDM sal secio tls utilities
> >>> WCOD_PUMA wlan
> >>>
> >>> I do not know what all can the modules that I left there do, but
> >>> my e1000e is working.
> >>>
> >>> The current layout of the flash is:
> >>>
> >>> 00000000:00000fff fd
> >>> 000d2000:00bfffff bios
> >>> 00003000:000d1fff me
> >>> 00001000:00002fff gbe
> >>>
> >>> This left me with 10.85 MiB for the payload.
> >>>
> >>> I am attaching my current descriptor.bin and me.bin, if someone
> >>> wants to try.
> >>>
> >>> Marek    
> >>
> >>
> >>  
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 829 bytes
Desc: OpenPGP digital signature
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20170416/5b3135f1/attachment.sig>

More information about the coreboot mailing list