-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thank you for the detailed response; I figured there had to be some basic miscommunication somewhere. :-) So I assume we now agree that the ME on Sylake + is not disabled, merely limited?
On 12/14/2017 01:20 AM, Youness Alaoui wrote: > Hi, > > From the PT article you linked to, after the stage 5 of BUP execution : > "It is at this stage that we find HAP processing; in this mode, BUP > hangs instead of executing InitScript. This means that the remaining > sequence of actions in normal mode has nothing to do with HAP and will > not be considered. The main thing we would like to note is that in HAP > mode, BUP initializes the entire platform (ICC, Boot Guard) but does > not start the main ME processes." > > As for the kernel, that's my mistake, I remembered that prior to ME > 11.x, the KERNEL module was removed by me_cleaner, and BUP was the > first process loaded. I hadn't realized that the execution order > changed in ME 11.x, and that explains why the KERNEL module cannot be > removed by me_cleaner in ME 11.x. > On ME 10.x and lower, the BUP module was the first executed, and it > would then load the KERNEL, so if BUP is halted before it did that, > then the kernel doesn't run. In ME 11.x however, they changed the > order, the KERNEL module is first to be loaded, but it only starts the > BUP process : > "The first process that the kernel creates is BUP, which runs in its > own address space in ring-3. The kernel does not launch any other > processes itself; this is done by BUP itself" > So, you are right, on Skylake+ (ME 11.x), the kernel would be running > but the BUP process is the one halted and no other processes get > launched, but on ME 10.x and lower, the kernel wouldn't be running > since BUP is loaded first (this is true for me_cleaned ME 10.x, and > I'm not sure what exactly the MeAltDisable flag does, which is the > equivalent of HAP on previous versions, but there wasn't any specific > research done on that). > > I hadn't realized that until now when researching an error-free > response to you, so thanks for helping me notice that mistake in my > understanding. > > Youness. > - -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 (direct line) +1 (512) 690-0200 (switchboard) https://www.raptorengineering.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJaMqOoAAoJEK+E3vEXDOFb/mEH/3Wm0Zgt1xuZA1pvpeOC8+WG kTwczb/18V6fGLHK0SoGX7ynA4+siU+dRHwVX+uharkxED5/d4VCWnb7tUWsiT2s 7EYfYoySXgC1IDJwTZ6UxtDfh+zc5EFlm7ZLdOBXkLq07CSffqRrrbaQuJTj6QwQ wijT5Y9xhx0xVkDTDRO+unG4evAHUamrUOvIF+qranZiKbhFwI5nE+1LU8jcluQ4 2AxkxUqj0hhvEBn2Zkg+LnJbcwnTr3tpmpp5A/bWOZoYZo/Z4vE52RXs9f5ReiWM ZwQH6YH6cHZpnThgTM2wUEJszjSJLr2tvXGXqFXvwFAlQjegGo3pCM7NE7bk9Hg= =8p+9 -----END PGP SIGNATURE----- -- coreboot mailing list: [email protected] https://mail.coreboot.org/mailman/listinfo/coreboot
