On Sun, Jan 26, 2020 at 9:44 AM Mogens Jensen via coreboot < [email protected]> wrote:
> When compiling coreboot for my Intense PC, I used binary blobs extracted > from stock firmware. The ME/TXE firmware version is 8.1.20.1336 and this > contains multiple security vulnerabilities. Unfortunately, running > me_cleaner on ME blob breaks SATA [1], so next best thing is updating to > latest ME blob released by CompuLab. However, this seems not so straight > forward. Have you considered different permutations of me_cleaner - for example using the AltMeDisable/HAP switch instead of the partition removal method? i tend to do both the partition removal and the altme/hap switch, but some motherboards simply dont like partitions removed.In those cases, ive used HAP/altMEdisable and ME has stayed inoperative. Theres a reason a certain three letter agency asked for that switch to be there for their high assurance platform. Id be surprised if the HAP switch setting didnt work - try the lowercase -s switch. Another area to consider would be whitelisting some FTPR modules when running me_cleaner and see if that resolves the issue with SATA, if you really have to run the partition removal method. Some of my mobos require --whitelist EFFS,FCRS > -- Kind Regards, Simon Newton E: [email protected]
_______________________________________________ coreboot mailing list -- [email protected] To unsubscribe send an email to [email protected]
