[coreboot] coreboot community meeting minutes for May 11, 2017

These are the minutes from today's coreboot community meeting. Information about the next meeting is at the bottom. ### Thursday, May 11, 2017 General coreboot news & discussions * The coreboot 4.6 release is done. -

Re: [coreboot] Help with i915

Hi Nico, Please see my inline response below. On Thu, May 11, 2017 at 4:57 PM, Nico Huber wrote: > On 11.05.2017 22:43, Joshua Pincus wrote: > > Hey Folks, > > > > > > I've been smacking my head against the wall for 2 weeks. I can't smack > it > > anymore. There's not much

Re: [coreboot] : AMT bug

On Thu, May 11, 2017 at 10:08:12PM +0200, Igor Skochinsky wrote: > TH> On Thu, May 11, 2017 at 10:30:48AM -0500, Allen Krell wrote: > >> [...] There are multiple keys > >> > >> ME - public/private key pair - Fused in by Intel and checked by Intel > >> silicon - Probably different across models >

Re: [coreboot] Help with i915

On 11.05.2017 22:43, Joshua Pincus wrote: > Hey Folks, > > > I've been smacking my head against the wall for 2 weeks. I can't smack it > anymore. There's not much brain left at this point. Here's my issue: > > > I have a Broadwell system with HD Video/Audio support. When Windows 10 > runs

Re: [coreboot] What is the KGPE-D16 PCI audio device for?

On 05/10/2017 02:01 PM, Timothy Pearson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/10/2017 05:23 AM, taii...@gmx.com wrote: On 05/10/2017 02:40 AM, BogDan Vatra wrote: Hi, I'm looking to buy a sound card, does anyone know if the Asus MIO-892 sound card works on linux?

[coreboot] Help with i915

Hey Folks, I've been smacking my head against the wall for 2 weeks. I can't smack it anymore. There's not much brain left at this point. Here's my issue: I have a Broadwell system with HD Video/Audio support. When Windows 10 runs native (without a Hypervisor), Windows correctly finds the

Re: [coreboot] Request for reviewing Coreboot/VBT

On 11.05.2017 11:29, Zoran Stojsavljevic wrote: > Hello Community, > > Here is the request for reviewing the latest and greatest WIKI Coreboot/VBT: > https://en.wikipedia.org/wiki/Coreboot/VBT Sigh, as you describe ongoing development details, some place like the coreboot wiki [1] might be a

Re: [coreboot] : AMT bug

Hello Trammell, Thursday, May 11, 2017, 5:42:38 PM, you wrote: TH> On Thu, May 11, 2017 at 10:30:48AM -0500, Allen Krell wrote: >> [...] There are multiple keys >> >> ME - public/private key pair - Fused in by Intel and checked by Intel >> silicon - Probably different across models It's a

Re: [coreboot] coreboot Digest, Vol 147, Issue 17

Hi Allen, Thursday, May 11, 2017, 2:01:47 PM, you wrote: AK> One thing I am still confused about is the relationship between AK> Intel Boot Guard and the regions of flash. My understanding is AK> that Boot Guard only applies to the legacy BIOS region of flash, AK> not the ME/AMT region. Is that

Re: [coreboot] AMT bug

On 10.05.2017 00:25, taii...@gmx.com wrote: > On 05/09/2017 05:26 PM, taii...@gmx.com wrote: > >> On 05/08/2017 12:40 AM, ron minnich wrote: >> >>> >>> I am long past believing one can build secure platforms on any x86 >>> chipset. >>> This mess only strengthens that conviction. But there are

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

> The text on those pages does say that the BIOS is "not yet freed" and that it depends on the FSP, and the comparison tables > do specifically say that the BIOS is not yet free (it says "almost" because Todd thought it was almost done, but due to the > issues with coreboot contributors I

[coreboot] Platform / Chip removals after upcoming releases

Along with the latest coreboot release, coreboot announced some standards for removing platforms after upcoming releases. Summary: * After the 4.7 release platforms that do not support cbmem in romstage will be removed. Please see the list of platforms to be removed if no work is done to update

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

Thanks Peter, well said! I enjoyed that little graphic too :) @Taiidan, I hadn't thought of PAVP, but the idea is to remove/neutralize the ME entirely, not to intercept its messages. If we take control of the ME, we'll probably just call 'halt' to make sure that core is disabled. I don't see how

Re: [coreboot] : AMT bug

This is sounding like a very good talk for the denver or dusseldorf coreboot conferences, would one of you who really understands this well be up for it? On Thu, May 11, 2017 at 8:43 AM Trammell Hudson wrote: > On Thu, May 11, 2017 at 10:30:48AM -0500, Allen Krell wrote: > >

Re: [coreboot] : AMT bug

On Thu, May 11, 2017 at 10:30:48AM -0500, Allen Krell wrote: > [...] There are multiple keys > > ME - public/private key pair - Fused in by Intel and checked by Intel > silicon - Probably different across models > > BIOS_ACM - public/private key pair - Fused in by Intel and checked by Intel >

Re: [coreboot] New on blogs.coreboot.org: Announcing coreboot 4.6

2017-05-09 18:14 GMT-03:00 taii...@gmx.com : > It would be great if there was a ME blob hash database, I am paranoid of > getting a bogus one when I buy stuff off ebay. As a reference, MAME is a 20+ year old project that has a good track record of documenting arcade/old-computer

Re: [coreboot] : AMT bug

On Thu, May 11, 2017 at 9:56 AM, Trammell Hudson wrote: > On Thu, May 11, 2017 at 07:01:47AM -0500, Allen Krell wrote: > > One thing I am still confused about is the relationship between Intel > Boot > > Guard and the regions of flash. My understanding is that Boot Guard only >

Re: [coreboot] Testing code out of Gerrit and old repo code

taii...@gmx.com wrote: > There should be an easier way for people to test stuff, I myself haven't > bothered to do it yet as you need an openid, then a gerrit account, It is unfortunately completely unsustainable to operate a publically accessible read+write service without authentication and/or

[coreboot] Request for reviewing Coreboot/VBT

Hello Community, Here is the request for reviewing the latest and greatest WIKI Coreboot/VBT: https://en.wikipedia.org/wiki/Coreboot/VBT I would like to thank you in advance! Zoran Stojsavljevic -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] coreboot Digest, Vol 147, Issue 17

On Thu, May 11, 2017 at 07:01:47AM -0500, Allen Krell wrote: > One thing I am still confused about is the relationship between Intel Boot > Guard and the regions of flash. My understanding is that Boot Guard only > applies to the legacy BIOS region of flash, not the ME/AMT region. It seems to be

Re: [coreboot] New on blogs.coreboot.org: Announcing coreboot 4.6

On Tue, May 9, 2017 at 2:14 PM, taii...@gmx.com wrote: > To further clean things up, starting with the 4.8 release, any platform >> that >> does not have a successful boot logged in the board_status repo in the >> previous >> year (that is, within the previous two releases) will

Re: [coreboot] coreboot Digest, Vol 147, Issue 17

On Thu, May 11, 2017 at 5:00 AM, wrote: > > > Message: 2 > Date: Tue, 9 May 2017 17:26:18 -0400 > From: "taii...@gmx.com" > To: ron minnich , coreboot > Subject: Re: [coreboot] AMT bug > Message-ID:

[coreboot] [ANN] coreboot community meeting today, Thursday, May 11th, 2017

Dear coreboot folks, Please don’t miss the coreboot community meeting [1] today on Thursday, May 11th, 2017. Please add your topics to the pad [2]. To the corporate developers subscribed to the list, it’d be great if you forwarded this to your colleagues. Thanks, Paul PS: I won’t be able

Re: [coreboot] What is the KGPE-D16 PCI audio device for?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/10/2017 05:23 AM, taii...@gmx.com wrote: > On 05/10/2017 02:40 AM, BogDan Vatra wrote: > >> Hi, >> >> I'm looking to buy a sound card, does anyone know if the Asus MIO-892 >> sound card works on linux? >> >> Cheers, >> BogDan. > Yeah it does,

Re: [coreboot] kernel payload

Thanks Trammel, that sounds like just what I'm looking for! Sent with [ProtonMail](https://protonmail.com) Secure Email. The Heads Linux runtime can mount lvm encrypted drives (along with lots of other features) and needs 7 MB for coreboot, the kernel and initrd. If you drop suport for