[coreboot] lenovo x220, tool to extract binary blobs from BIOS update
vibrysec at gmail.com
Thu Apr 26 22:17:00 CEST 2018
In the meantime I've decided to go in the following direction:
1. install intel microcode onto my ubuntu box
the result is:
x220$ $ dmesg | grep microcode
[ 0.000000] microcode: microcode updated early to revision 0x2d,
date = 2018-02-07
[ 0.881361] microcode: sig=0x206a7, pf=0x10, revision=0x2d
[ 0.881406] microcode: Microcode Update Driver: v2.2.
this version is exactly the same as the newest one from CPU microcodes.
2. shrink my current version of me.bin (year 2011) to 80kb + set disable
bit. There are newer me.bin, but I've decided not to use them.
3. update coreboot git repo and build it.
I experience some slight problem with it, but this does not affect qhestion
from this thread, tus I'll open a new one.
thank You for the help
On Thu, Apr 26, 2018 at 12:17 PM, diffusae via coreboot <
coreboot at coreboot.org> wrote:
> On 24.04.2018 21:27, Mat wrote:
> > I'd like to have system updated against spectre, and other possible
> vulnerabilities as much as possible.
> With the retpoline option in the Linux kernel, it should be usually safe
> (see attachment).
> "IBPB is considered as a good addition to retpoline for Variant 2
> mitigation, but your CPU microcode doesn't support it"
> > 1. If I neutralize me.bin, then maybe updating it does not make sense?
> > Otherwise, maybe I could use MEanalyzer + its database to get newest
> ME, then neutralize it?
> Maybe not, don't think that there is a new ME version availabe? Wasn't
> it version 9?
> > place where fixes are possible to appear is CPU microcode?
> See above. Did you found the matching microcode?
> > 3. flashdescriptor.bin - can it contain vulnerabilities? If yes, where
> to get it from?
> I guess, that's only possible, if you fetch it from the flashed vendor
> > 4. gbe.bin - the same questions here.
> Isn't that the firmware of the gigabit ethernet card? I think so.
> coreboot mailing list: coreboot at coreboot.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the coreboot