[coreboot] ThinkPad X230 with working truncated ME and 11 MB space for payload

persmule persmule at gmail.com
Sun Apr 16 14:34:03 CEST 2017 

No. I set both ENABLE_VMX and SET_VMX_LOCK_BIT.

And there is no weird reports from kvm.

Persmule

在 2017年04月16日 20:27, Marek Behun 写道:
> Hello persmule,
> I am now using coreboot master with ME cleaned to 96 KiB, as you said.
> There is only one thing: sometimes when booting the kernel prints
>
>   kvm: disable TXT in the BIOS or activate TXT before enabling KVM
>   kvm: disabled by bios
>
> I have ENABLE_VMX without SET_VMX_LOCK_BIT, but am using 4.9 kernel
> (which Paul said has some regressions). Do you also have this problem?
>
> Marek
>
>
>
> On Sat, 15 Apr 2017 22:56:31 +0800
> persmule <persmule at gmail.com> wrote:
>
>> The ethernet controller DOES work. Everything is fine, except the 3~5
>> minutes first boot, as well as those I reported in the initial email
>> yesterday.
>>
>>
>> 在 2017年04月15日 22:52, Marek Behun 写道:
>>> Will the ethernet controller work?
>>>
>>> On Sat, 15 Apr 2017 21:55:52 +0800
>>> persmule <persmule at gmail.com> wrote:
>>>  
>>>> Hi Marek,
>>>>
>>>> You should use the latest me_cleaner. The 96 KiB ME actually works,
>>>> but just costs about 3~5 minutes to training the memory controller
>>>> and write MRC cache during the first boot after flashing, and costs
>>>> less than one second during later boots.
>>>>
>>>> The only ME modules needed left should be BUP nad ROMP, all other
>>>> modules are free to cleanse.
>>>>
>>>> Try again, please, for your own freedom and security, and report
>>>> your results on https://github.com/corna/me_cleaner/issues/3
>>>>
>>>> Persmule.
>>>>
>>>> 在 2017年04月15日 20:13, Marek Behun 写道:  
>>>>> I have just now managed to flash my X230 with ME truncated to 828
>>>>> KiB. I used an older version of me_cleaner (commit d1abbca2). This
>>>>> is because the current version of me_cleaner (which truncates ME
>>>>> to 96 KiB) does not work for me (X230 won't boot).
>>>>>
>>>>> The currently active modules in my ME are (listed with unhuffme):
>>>>>   BUP CLS ClsPriv FTCS HOSTCOMM KERNEL POLICY ROMP RSA SESSMGR TDT
>>>>>   UPDATE
>>>>>
>>>>> Note that originally ME contained all this modules:
>>>>>   admin_cm BOP BUP CLS ClsPriv CONF_STACK eac FTCS HOSTCOMM ICC
>>>>> JOM KERNEL krb LOCL_GER MPC NET_SERVICES NET_STACK NFC Pavp PLDM
>>>>> POLICY ROMP RSA sal secio SESSMGR TDT tls UPDATE utilities
>>>>> WCOD_PUMA wlan
>>>>>
>>>>> So the remove modules are:
>>>>>   admin_cm BUP CONF_STACK eac ICC JOM krb LOCL_GER MPC
>>>>> NET_SERVICES NET_STACK NFC Pavp PLDM sal secio tls utilities
>>>>> WCOD_PUMA wlan
>>>>>
>>>>> I do not know what all can the modules that I left there do, but
>>>>> my e1000e is working.
>>>>>
>>>>> The current layout of the flash is:
>>>>>
>>>>> 00000000:00000fff fd
>>>>> 000d2000:00bfffff bios
>>>>> 00003000:000d1fff me
>>>>> 00001000:00002fff gbe
>>>>>
>>>>> This left me with 10.85 MiB for the payload.
>>>>>
>>>>> I am attaching my current descriptor.bin and me.bin, if someone
>>>>> wants to try.
>>>>>
>>>>> Marek    
>>>>
>>>>  
>>

More information about the coreboot mailing list