Hi,
On 03/27/2017 01:05 PM, Denis 'GNUtoo' Carikli wrote:
Since until now, the code running on the management engine is:
- Signed by its manufacturer
- Proprietary software, without corresponding source code
It can desirable to run the least ammount possible of such
code, which is what me_cleaner[1] enables.
It does it by removing partitions of the management engine
firmwares, however when doing so, the HECI interface might
not be present anymore.
So it is desirable not to have the RAM initialisation code
wait forever for the HECI interface to appear.
I do not know how ME cleaner operates but I believe security engine may
be going into "recovery mode". This means it may never indicate
readyness status. However the fact it is in recovery mode can be figured
out programmatically as one of FWSTS registers. So you can try checking
if security engine is in recovery and just skip waiting altogether. Try
looking at "Current state" bits or "OP mode" bits. I suspect either of
them will change after ME cleaner. FWSTS sits in ME PCI device config
space and should be easily accessible. Typically FWSTS registers they
sit in offset 0x40,0x48,0x60 and so on. Please try to compare them
before and after ME cleaner.
Best,
Andrey
--
coreboot mailing list: [email protected]
https://www.coreboot.org/mailman/listinfo/coreboot
