On Mon, 27 Mar 2017 14:33:23 -0700 Andrey Petrov <andrey.pet...@intel.com> wrote:
> Hi, > > On 03/27/2017 01:05 PM, Denis 'GNUtoo' Carikli wrote: > > Since until now, the code running on the management engine is: > > - Signed by its manufacturer > > - Proprietary software, without corresponding source code > > It can desirable to run the least ammount possible of such > > code, which is what me_cleaner[1] enables. > > > > It does it by removing partitions of the management engine > > firmwares, however when doing so, the HECI interface might > > not be present anymore. > > > > So it is desirable not to have the RAM initialisation code > > wait forever for the HECI interface to appear. > > I do not know how ME cleaner operates but I believe security engine > may be going into "recovery mode". That is my understanding too. If I understood correctly, the only partitions left contain code meant to intialize the management engine just enough to be able to boot the computer and reflash the boot flash. > This means it may never indicate > readyness status. However the fact it is in recovery mode can be > figured out programmatically as one of FWSTS registers. > > So you can try checking if security engine is in recovery and just skip > waiting > altogether. Try looking at "Current state" bits or "OP mode" bits. I > suspect either of them will change after ME cleaner. FWSTS sits in ME > PCI device config space and should be easily accessible. Typically > FWSTS registers they sit in offset 0x40,0x48,0x60 and so on. Please > try to compare them before and after ME cleaner. Thanks, I might try to do it if I can find the time. Denis.
pgpcx3_ghnrIO.pgp
Description: OpenPGP digital signature
-- coreboot mailing list: coreboot@coreboot.org https://www.coreboot.org/mailman/listinfo/coreboot