Re: [coreboot] lenovo x220, tool to extract binary blobs from BIOS update

On 26.04.2018 11:44, diffusae via coreboot wrote: Do you think, that integrate the microcode updates into the coreboot image should be enough? To be safe in case of CVE-2017-5715? No, AFAIK, these updates do nothing on its own. They only add control capabilities that your OS has to use (or be

Re: [coreboot] lenovo x220, tool to extract binary blobs from BIOS update

In the meantime I've decided to go in the following direction: 1. install intel microcode onto my ubuntu box the result is: x220$ $ dmesg | grep microcode [0.00] microcode: microcode updated early to revision 0x2d, date = 2018-02-07 [0.881361] microcode: sig=0x206a7,

Re: [coreboot] lenovo x220, tool to extract binary blobs from BIOS update

Thank You On Thu, Apr 26, 2018 at 5:09 PM, Matt DeVillier wrote: > On Thu, Apr 26, 2018 at 10:05 AM diffusae via coreboot < > coreboot@coreboot.org> wrote: > >> >> Don't know, if gbe.bin or ifd.bin is vulnerable. >> > > they are configuration "blobs" not binary blobs,

Re: [coreboot] lenovo x220, tool to extract binary blobs from BIOS update

On Thu, Apr 26, 2018 at 10:05 AM diffusae via coreboot < coreboot@coreboot.org> wrote: > > Don't know, if gbe.bin or ifd.bin is vulnerable. > they are configuration "blobs" not binary blobs, no executable code -- coreboot mailing list: coreboot@coreboot.org

Re: [coreboot] lenovo x220, tool to extract binary blobs from BIOS update

Hello! On 24.04.2018 21:27, Mat wrote: > That's why I (believe I) need the blobs from the newest update. Is the > reasoning correct, or I could do it more wise? AFAIK: You only really need the microcode update from Intel. Don't know, if gbe.bin or ifd.bin is vulnerable. If you apply the

Re: [coreboot] lenovo x220, tool to extract binary blobs from BIOS update

Hi! On 24.04.2018 21:27, Mat wrote: > I'd like to have system updated against spectre, and other possible > vulnerabilities as much as possible. With the retpoline option in the Linux kernel, it should be usually safe (see attachment). "IBPB is considered as a good addition to retpoline for

Re: [coreboot] lenovo x220, tool to extract binary blobs from BIOS update

Hi Nico, On 24.04.2018 19:38, Nico Huber wrote: > not sure what you are looking for, but I guess this is what you need, > because I only was testing the image with the different extracting tools. >> Error: Unable to detect BIOS Image type. I guess, if you flash the vendor bios and then reread

Re: [coreboot] lenovo x220, tool to extract binary blobs from BIOS update

> not sure what you are looking for, but I guess this is what you need, > (microcode updates are publicly available and gfx init is > open source) I'd like to have system updated against spectre, and other possible vulnerabilities as much as possible. If lenovo (or any other vendor) releases

Re: [coreboot] lenovo x220, tool to extract binary blobs from BIOS update

Hello Reiner, On 24.04.2018 18:43, diffusae via coreboot wrote: > ./ifdtool -x ~/8DET74WW/bios.bin > File /8DET74WW/bios.bin is 8523776 bytes > No Flash Descriptor found in this image not sure what you are looking for, but I guess this is what you need, because > > ./bios_extract

Re: [coreboot] lenovo x220, tool to extract binary blobs from BIOS update

Hi! On 24.04.2018 16:50, Peter Stuge wrote: > Can you show a directory listing which includes file sizes? > > One idea is to try the bios_extract and/or uefi_extract utils. @x220:~/8DET74WW⟫ ll total 25000 drwxrwxr-x 2 4096 Apr 24 18:33 ./ drwxrwxr-x 3 4096 Apr 24 18:23 ../ -rw-rw-r--

Re: [coreboot] lenovo x220, tool to extract binary blobs from BIOS update

Mat wrote: > I was able to extract *.exe file with innoextract, but then running > ifdtool to each file from extracted directory does not bring any > success. Can you show a directory listing which includes file sizes? One idea is to try the bios_extract and/or uefi_extract utils. //Peter --

[coreboot] lenovo x220, tool to extract binary blobs from BIOS update

I have coreboot running on my x220. lately lenovo released firmware update (8duj29us.exe from https://support.lenovo.com/pl/en/downloads/ds018805) and I'd like to update coreboot with new blobs from that BIOS. Unfortunatelly I have difficulties with extracting binary blobs from it and need help.