[coreboot] Server systems shipped with coreboot

thierry.laurion at gmail.com thierry.laurion at gmail.com
Sun Mar 25 17:21:08 CEST 2018 

On 03/23/2018 05:22 PM, Taiidan at gmx.com wrote:
> Please also keep in mind that it is impossible to disable ME.
That is not a binary yes/no fact.

Depending of the ME version, it is possible to deactivate it.
The following x230 is not a server, but an example for older ME versions.

The resulting ME is 98304 bytes, containing the ROMP and BUP modules only.
The booting system complains about ME, tries to initialize it for 3
seconds and then gives up.

I know that the story is different for newer versions of ME/Servers. But
that statement of saying that disabling ME is impossible is not
empowering at all and not completely true.

Thierry

user at build-x230:~/Downloads/me_cleaner$
~/Downloads/me_cleaner/me_cleaner.py -O
~/Documents/Firmwares/ME/x230t/2.65/clean_flash.rom
~/Documents/Firmwares/originals/x230t/2.65/spi2_MX25L6405D_8192.rom -S
-r -t -M ~/Documents/Firmwares/ME/x230t/2.65/extracted_me
Full image detected
The ME/TXE region goes from 0x3000 to 0x500000
Found FPT header at 0x3010
Found 23 partition(s)
Found FTPR header: FTPR partition spans from 0x180000 to 0x24a000
ME/TXE firmware version 8.1.30.1350
Public key match: Intel ME, firmware versions 7.x.x.x, 8.x.x.x
Reading partitions list...
 ???? (0x000003c0 - 0x000000400, 0x00000040 total bytes): removed
 FOVD (0x00000400 - 0x000001000, 0x00000c00 total bytes): removed
 MDES (0x00001000 - 0x000002000, 0x00001000 total bytes): removed
 FCRS (0x00002000 - 0x000003000, 0x00001000 total bytes): removed
 EFFS (0x00003000 - 0x0000df000, 0x000dc000 total bytes): removed
 BIAL (NVRAM partition, no data, 0x0000add0 total bytes): nothing to remove
 BIEL (NVRAM partition, no data, 0x00003000 total bytes): nothing to remove
 BIIS (NVRAM partition, no data, 0x00036000 total bytes): nothing to remove
 NVCL (NVRAM partition, no data, 0x00010511 total bytes): nothing to remove
 NVCM (NVRAM partition, no data, 0x0000493f total bytes): nothing to remove
 NVCP (NVRAM partition, no data, 0x0000a553 total bytes): nothing to remove
 NVJC (NVRAM partition, no data, 0x00004000 total bytes): nothing to remove
 NVKR (NVRAM partition, no data, 0x0001257d total bytes): nothing to remove
 NVOS (NVRAM partition, no data, 0x00034af5 total bytes): nothing to remove
 NVSH (NVRAM partition, no data, 0x00007609 total bytes): nothing to remove
 NVTD (NVRAM partition, no data, 0x00001eac total bytes): nothing to remove
 PLDM (NVRAM partition, no data, 0x0000a000 total bytes): nothing to remove
 GLUT (0x000df000 - 0x0000e3000, 0x00004000 total bytes): removed
 LOCL (0x000e3000 - 0x0000e7000, 0x00004000 total bytes): removed
 WCOD (0x000e7000 - 0x000140000, 0x00059000 total bytes): removed
 MDMV (0x00140000 - 0x000180000, 0x00040000 total bytes): removed
 FTPR (0x00180000 - 0x00024a000, 0x000ca000 total bytes): NOT removed
 NFTP (0x0024a000 - 0x0004a4000, 0x0025a000 total bytes): removed
Removing partition entries in FPT...
Removing EFFS presence flag...
Correcting checksum (0x7b)...
Reading FTPR modules list...
 UPDATE           (LZMA   , 0x1cc4f2 - 0x1cc6b0       ): removed
 ROMP             (Huffman, fragmented data, ~2 KiB   ): NOT removed,
essential
 BUP              (Huffman, fragmented data, ~56 KiB  ): NOT removed,
essential
 KERNEL           (Huffman, fragmented data, ~135 KiB ): removed
 POLICY           (Huffman, fragmented data, ~91 KiB  ): removed
 HOSTCOMM         (LZMA   , 0x1cc6b0 - 0x1d348b       ): removed
 RSA              (LZMA   , 0x1d348b - 0x1d86e0       ): removed
 CLS              (LZMA   , 0x1d86e0 - 0x1dde71       ): removed
 TDT              (LZMA   , 0x1dde71 - 0x1e4556       ): removed
 FTCS             (Huffman, fragmented data, ~18 KiB  ): removed
 ClsPriv          (LZMA   , 0x1e4556 - 0x1e4937       ): removed
 SESSMGR          (LZMA   , 0x1e4937 - 0x1f3240       ): removed
Relocating FTPR from 0x180000 - 0x24a000 to 0xd00 - 0xcad00...
 Adjusting FPT entry...
 Adjusting LUT start offset...
 Adjusting Huffman start offset...
 Adjusting chunks offsets...
 Moving data...
The ME minimum size should be 98304 bytes (0x18000 bytes)
The ME region can be reduced up to:
 00003000:0001afff me
Setting the AltMeDisable bit in PCHSTRP10 to disable Intel ME...
Extracting and truncating the ME image to
"/home/user/Documents/Firmwares/ME/x230t/2.65/extracted_me"...
Checking the FTPR RSA signature of the extracted ME image... VALID
Checking the FTPR RSA signature... VALID
Done! Good luck!

>
> *I am not a lawyer*
> In america the first sale law means you are allowed to do as you please
> with a device you purchased as long as you are not violating any EULA
> but if you somehow did the impossible and figured out how to execute
> code on the ME core you would be breaking the law as it is also a DRM
> mechanism (PAVP, HDCP, intel insider etc) which is illegal to bypass.
>

More information about the coreboot mailing list