[coreboot] Gigabyte Brix

Igor Skochinsky skochinsky at mail.ru
Sun Jan 21 17:16:39 CET 2018


Hello Konrad,

Sunday, January 21, 2018, 3:12:07 PM, you wrote:

KE> You can probably set the DCI enable bit in the PCH softstraps in the
KE> descriptor, no need to mess with the BIOS editing.  It seems to be bit 17
KE> in strap 0, right next to the HAP bit:

KE> <LayoutEntry name="PchStrapDciEnabled" type="bitfield32" 
KE> value="0x1" offset="0x0"  bitfield_high="17" bitfield_low="17" />
KE> <LayoutEntry name="reserve_hap" type="bitfield32"  value="0x0"
KE> offset="0x0"  bitfield_high="16" bitfield_low="16" />

KE> (xml from the Intel Flash Image Tool).



KE> Interesting. Where can I read about this xml definition of the 
KE> softstrap. Which tool can I use to modify the PCH softstrap 
KE> section? Do I need to Intel Flash Image Tool for that, and where can 
KE> I download that one?  I guess there are crcs and  I cannot 
KE> just poke around?

XMLs are stored in compressed format (as Qt resource) inside the FIT
binary. You can find one approach of extracting them in Positive
Technologies blog:

http://blog.ptsecurity.com/2017/04/intel-me-way-of-static-analysis.html

You can indeed use FIT for setting the strap but you'll have to find it yourself :) Or you
can just edit the descriptor directly - it's not protected by any
checksums or signatures. Check e.g. how me_cleaner sets the HAP bit:

    print("Setting the HAP bit in PCHSTRP0 to disable Intel ME...")
    fdf.seek(fpsba)
    pchstrp0 = unpack("<I", fdf.read(4))[0]
    pchstrp0 |= (1 << 16)
    fdf.write_to(fpsba, pack("<I", pchstrp0))



KE> I wonder weather DCI is left enabled when the BIOS start
KE> initializing and probably I also need a softstrap bit for the
KE> Debug Interface enable if I want to connect with DAL later?

This depends on the specific BIOS implementation. I guess it's
possible that they turn off DCI if it's not explicitly enabled in settings,
but maybe you can intercept this with the debugger.

KE> Why is this stuff so complicated?

It's not complicated to firmware engineers who are familiar with
low-level details of the platform and have access to the Intel
docs/tools and support... If this is complicated for you, maybe you
are looking at the wrong thing.


-- 
WBR,
 Igor                            mailto:skochinsky at mail.ru




More information about the coreboot mailing list