Hello Angel, Thank you for your reply! Sadly, Boot Guard is enabled in Verified Boot mode. I’ll ask if Qotom can spin up a batch without any public key burned into the CPU, or perhaps share the private key. (which is obviously unlikely — but one can try)
Regards, John > On 28 Aug 2018, at 23:49, Angel Pons <[email protected]> wrote: > > Hello John, > > Silly but crucial question: is Intel Boot Guard enabled on this board? If it > is enabled in Verified Mode, I am afraid replacing the firmware with coreboot > is impossible and proceeding any further is futile. > To make sure, you can check Intel Boot Guard's status with > coreboot/util/intelmetool. IIRC, another way to check would to change the > reset vector (last 16 bytes of the firmware image) on the vendor firmware > without changing what it actually does. The reset vector usually (if not > always) contains a JMP instruction, if you change what comes after it the > board should boot fine. > > Please check this before doing anything else to avoid wasting time. > > Best regards, > > Angel Pons
-- coreboot mailing list: [email protected] https://mail.coreboot.org/mailman/listinfo/coreboot
