[coreboot] [PATCH] nb/intel/nehalem/raminit.c: Add timeouts when waiting for heci.

Denis 'GNUtoo' Carikli GNUtoo at no-log.org
Tue Mar 28 14:14:56 CEST 2017


On Mon, 27 Mar 2017 14:33:23 -0700
Andrey Petrov <andrey.petrov at intel.com> wrote:

> Hi,
> 
> On 03/27/2017 01:05 PM, Denis 'GNUtoo' Carikli wrote:
> > Since until now, the code running on the management engine is:
> > - Signed by its manufacturer
> > - Proprietary software, without corresponding source code
> > It can desirable to run the least ammount possible of such
> > code, which is what me_cleaner[1] enables.
> >
> > It does it by removing partitions of the management engine
> > firmwares, however when doing so, the HECI interface might
> > not be present anymore.
> >
> > So it is desirable not to have the RAM initialisation code
> > wait forever for the HECI interface to appear.  
> 
> I do not know how ME cleaner operates but I believe security engine
> may be going into "recovery mode".
That is my understanding too. If I understood correctly, the only
partitions left contain code meant to intialize the management engine
just enough to be able to boot the computer and reflash the boot flash.

> This means it may never indicate 
> readyness status. However the fact it is in recovery mode can be
> figured out programmatically as one of FWSTS registers.
> 
> So you can try checking if security engine is in recovery and just skip waiting
> altogether. Try looking at "Current state" bits or "OP mode" bits. I
> suspect either of them will change after ME cleaner. FWSTS sits in ME
> PCI device config space and should be easily accessible. Typically
> FWSTS registers they sit in offset 0x40,0x48,0x60 and so on. Please
> try to compare them before and after ME cleaner.
Thanks, I might try to do it if I can find the time.

Denis.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20170328/005ff30f/attachment.sig>


More information about the coreboot mailing list