Re: [coreboot] Disabling Intel ME 11 via undocumented mode

On Fri, 8 Dec 2017 21:34:57 +0100 (CET) eche...@free.fr wrote: > For those who are interested in the Intel ME, the slides and white > papers > from the Black Hat Europe are public. > >

Re: [coreboot] Can't disable CONFIG_ENABLE_FSP_FAST_BOOT flag on Intel Baytrail platform

Nico, I faced this same thing earlier I believe. The reason I disabled it was to stop coreboot from writing to the flash chip. I was advised to turn off CONFIG_ENABLE_FSP_FAST_BOOT and this worked for the flash but had this side affect. Garrett, Are you disabling it for the same reason?

Re: [coreboot] Lenovo G505s AMD Hardware Virtualization

Congratulations for following through on the investigation :D I am not sure how to do a commit, but I hope you are able to find out as you will have helped a lot of people. I am pleased with myself for noticing that the lack of microcode updates was the issue - as the CPU is similar to a

Re: [coreboot] Is Goryachy's JTAG hack a chance for free firmware ?

On Wed, 29 Nov 2017 23:39:27 +0100 "Enrico Weigelt, metux IT consult" wrote: > Hi folks, > > i'm curios whether Goryachy's JTAG hack is a chance for > getting rid of all proprietary ME/UEFI firmware. > > If i'm correct, the ME firmware (or parts of it) is signed, and > the CPU

Re: [coreboot] Hardware vendors offering systems with Intel ME disabled

On Thu, 07 Dec 2017 16:22:48 -0600 Timothy Pearson wrote: > While dell has not gone into detail on this offering, from what has > been described it is highly likely that they were setting the HAP bit. I would guess that too, especially since Dell was already part

Re: [coreboot] Hardware vendors offering systems with Intel ME disabled

Hi, On Thu, 7 Dec 2017 22:29:44 +0100 (CET) eche...@free.fr wrote: > [...] to this new initiative of Dell or System76?.. For Intel devices with chipsets more recent than the GM45, so far I know only the following manufacturers that "disables" the Management Engine: - Puri.sm which enables the HAP

Re: [coreboot] Disabling Intel ME 11 via undocumented mode

On 12/12/2017 12:11 PM, Denis 'GNUtoo' Carikli wrote: As I understand, this by itself isn't sufficient yet to boot a post-GM45 Intel with free software, however it gives a lot of insight on how things work and enables all researchers to understand better the Management Engine and recent Intel

Re: [coreboot] Disabling Intel ME 11 via undocumented mode

Hi, >From the PT article you linked to, after the stage 5 of BUP execution : "It is at this stage that we find HAP processing; in this mode, BUP hangs instead of executing InitScript. This means that the remaining sequence of actions in normal mode has nothing to do with HAP and will not be

Re: [coreboot] Disabling Intel ME 11 via undocumented mode

> I guess I still disagree with the use of the word "disabled". If the ME > wasn't required for boot, and was actually disabled within a few cycles > of its CPU starting, the remaining attack surface simply wouldn't exist. > This is not what happens though, and AFAIK even the ME kernel continues

[coreboot] coreboot support for Minnowboard Turbot E3845

Hey, I've bought a Minnowboard Turbot (quad core / E3845) to start developing on the Atom's. I was hopping that it has support like the Minnowboard Max but it get stuck right after FspInitApi(); in coreboot/src/drivers/intel/fsp1_0/fsp_util.c. The last output i can see is "POST: 0x92" which

Re: [coreboot] Disabling Intel ME 11 via undocumented mode

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 According to Positive Technologies, on Skylake and higher (like the Purism machines) the kernel loads the BUP, and the HAP bit only disables the normal userspace processes [1]. What proof do you have that the kernel itself is halted? [1]

Re: [coreboot] coreboot support for Minnowboard Turbot E3845

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 12/13/2017 07:29 PM, Michael Graichen wrote: > Hey, Hi Michael, > > I've bought a Minnowboard Turbot (quad core / E3845) to start > developing on the Atom's. > > I was hopping that it has support like the Minnowboard Max but it > get stuck