This is fantastic! I hope you can write this up for the coreboot wiki ...
ron On Thu, Sep 15, 2016 at 12:24 PM Trammell Hudson <[email protected]> wrote: > On Mon, Sep 12, 2016 at 09:27:18PM +0000, Peter Stuge wrote: > > Trammell Hudson wrote: > > > I've experimented with clearing additional bits, from 0x3000 to 0x10000 > > > with the same results. If I were really motivated I might binary > search > > > how much of the firmware it needs... > > > > That would be interesting. > > After a fairly brief binary search, I have determined a significantly > reduced chunk of code required to have the Intel Management Engine bring > up the hardware and then stay in the "ROM Phase". This also allowed > me to adjust the flash descriptor to give an extra 3 MB of storage to > coreboot for my payload, as well as removed some of the problematic > ME applications. > > The only piece that must be present for my x230 to function is the 512 KB > FTPR partition at offset 0x183000, which contains these compressed > modules (some Huffman, some LZMA): > > 'UPDATE' 000001BE > 'ROMP' 0000070A > 'BUP' 0000E064 > 'KERNEL' 00021B62 > 'POLICY' 00016AE2 > 'HOSTCOMM' 00006DDB > 'RSA' 00005255 > 'CLS' 00005791 > 'TDT' 000066E5 > 'FTCS' 00004680 > 'ClsPriv' 000003E1 > 'SESSMGR' 0000E909 > > This means that the ME no longer has any network stack (stored in the > NFTP partition that has been removed), nor the protected video path > or JCOM modules from the MDMV parition. I do not know if the various > anti-theft and timeout measures are also now neutralized. > > If I leave the firmware partition table at offset 0x3000 in place, > the ME faults after bringup (but the system continues to function). > Without the partition table it stays in the ROM phase. I'm not sure if > one outcome is preferable to the other. > > Relocating the FTPR partition did not work unfortunately, so there is > some wasted space. > > -- > Trammell > > > -- > coreboot mailing list: [email protected] > https://www.coreboot.org/mailman/listinfo/coreboot >
-- coreboot mailing list: [email protected] https://www.coreboot.org/mailman/listinfo/coreboot
