[coreboot] Disabling ME >= 6.0 < 11 via the AltMeDisable bit
Denis 'GNUtoo' Carikli
GNUtoo at no-log.org
Sun Dec 31 18:42:27 CET 2017
Hi,
As I understand it:
- For ME < 6.0, the ME firmware can be removed totally, and still have
a functional computer.
- For ME >= 6.0 (Nehalem) to ME < 11 (Broadwell), the All ME firmware
can't be totally removed: the BUP module is required to have a
functional computer. For such Firmware/Hardware versions the BUP does
"Bringup (hardware initialization/configuration)"[1]
- For ME 11, the following modules are required to have a functional
computer: RBE, BUP, kernel and syslib. For such generation, setting
the HAP bit only tells the firmware not to load extra code (At that
point the kernel is already loaded).
I've some questions regarding the above:
- Is there more details than "Bringup (hardware
initialization/configuration)" for what the BUP partition does for
the ME >= 6.0 and < 11.
- With the ME >= 6.0 and < 11, what does the AltMeDisable bit really
do? Do we have some insights that tend to show that the execution is
stopped, or not stopped?
References:
-----------
[1]https://recon.cx/2014/slides/Recon%202014%20Skochinsky.pdf
Denis.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20171231/e6a43150/attachment.sig>
More information about the coreboot
mailing list