No. I set both ENABLE_VMX and SET_VMX_LOCK_BIT. And there is no weird reports from kvm.
Persmule 在 2017年04月16日 20:27, Marek Behun 写道: > Hello persmule, > I am now using coreboot master with ME cleaned to 96 KiB, as you said. > There is only one thing: sometimes when booting the kernel prints > > kvm: disable TXT in the BIOS or activate TXT before enabling KVM > kvm: disabled by bios > > I have ENABLE_VMX without SET_VMX_LOCK_BIT, but am using 4.9 kernel > (which Paul said has some regressions). Do you also have this problem? > > Marek > > > > On Sat, 15 Apr 2017 22:56:31 +0800 > persmule <[email protected]> wrote: > >> The ethernet controller DOES work. Everything is fine, except the 3~5 >> minutes first boot, as well as those I reported in the initial email >> yesterday. >> >> >> 在 2017年04月15日 22:52, Marek Behun 写道: >>> Will the ethernet controller work? >>> >>> On Sat, 15 Apr 2017 21:55:52 +0800 >>> persmule <[email protected]> wrote: >>> >>>> Hi Marek, >>>> >>>> You should use the latest me_cleaner. The 96 KiB ME actually works, >>>> but just costs about 3~5 minutes to training the memory controller >>>> and write MRC cache during the first boot after flashing, and costs >>>> less than one second during later boots. >>>> >>>> The only ME modules needed left should be BUP nad ROMP, all other >>>> modules are free to cleanse. >>>> >>>> Try again, please, for your own freedom and security, and report >>>> your results on https://github.com/corna/me_cleaner/issues/3 >>>> >>>> Persmule. >>>> >>>> 在 2017年04月15日 20:13, Marek Behun 写道: >>>>> I have just now managed to flash my X230 with ME truncated to 828 >>>>> KiB. I used an older version of me_cleaner (commit d1abbca2). This >>>>> is because the current version of me_cleaner (which truncates ME >>>>> to 96 KiB) does not work for me (X230 won't boot). >>>>> >>>>> The currently active modules in my ME are (listed with unhuffme): >>>>> BUP CLS ClsPriv FTCS HOSTCOMM KERNEL POLICY ROMP RSA SESSMGR TDT >>>>> UPDATE >>>>> >>>>> Note that originally ME contained all this modules: >>>>> admin_cm BOP BUP CLS ClsPriv CONF_STACK eac FTCS HOSTCOMM ICC >>>>> JOM KERNEL krb LOCL_GER MPC NET_SERVICES NET_STACK NFC Pavp PLDM >>>>> POLICY ROMP RSA sal secio SESSMGR TDT tls UPDATE utilities >>>>> WCOD_PUMA wlan >>>>> >>>>> So the remove modules are: >>>>> admin_cm BUP CONF_STACK eac ICC JOM krb LOCL_GER MPC >>>>> NET_SERVICES NET_STACK NFC Pavp PLDM sal secio tls utilities >>>>> WCOD_PUMA wlan >>>>> >>>>> I do not know what all can the modules that I left there do, but >>>>> my e1000e is working. >>>>> >>>>> The current layout of the flash is: >>>>> >>>>> 00000000:00000fff fd >>>>> 000d2000:00bfffff bios >>>>> 00003000:000d1fff me >>>>> 00001000:00002fff gbe >>>>> >>>>> This left me with 10.85 MiB for the payload. >>>>> >>>>> I am attaching my current descriptor.bin and me.bin, if someone >>>>> wants to try. >>>>> >>>>> Marek >>>> >>>> >> -- coreboot mailing list: [email protected] https://mail.coreboot.org/mailman/listinfo/coreboot
