On Thu, Sep 16, 2021 at 9:36 AM Brian Milliron <[email protected]> wrote: > > > > Using a hardware flasher isn't a workaround, the signature check is > > done in hardware by the ACM using keys fused into the ME. If Bootguard > > enabled and keys fused, nothing can be done unfortunately. > > I checked the BIOS. There was nothing specifically listed as > "Bootguard" but all the BIOS protection options were turned off, > including one listed as "Checked boot block on every boot". I'm > guessing that means Bootguard is installed but not enabled. Is there > another place to look to get a more accurate/detailed read on this?
it's not going to be a setting in the vendor firmware. `intelmetool -b` should report the status properly > > > You can build a large chunk of the board profile using inteltool (if > > platform supported), dumping ACPI, etc. But there are plenty of bits > > that aren't currently documented. And getting the EC to cooperate can > > be a real chore. > > I dumped what inteltool was able to read, but I got a lot of "platform > not supported" errors. I've attached the output to the end of this > message. Do you think this information would be enough to create a > bootable board profile? nope, you'll need `inteltool -g` as well > > > the IFD and ME aren't needed strictly speaking, unless you need to > > modify them in some way. But you would extract those using ifdtool. > > Definitely don't want to use a non-board-specific ME downloaded from > > win-raid (eg) as the soft straps and clock mappings will not be > > correct for your board. > > I intend on using me_cleaner to wipe all but a stub of the ME code, so > having a working copy isn't something I'm too worried about as long as > it passes the signature checks. me_cleaner doesn't support anything newer than 6th/7th-gen SoCs/CPUs. The best you can do on Cometlake currently is to set the HAP bit in the IFD. > > > FSP (which contains both the MRC and PCH refcode) also does video > > init, and VBIOS isn't used on modern platforms. coreboot's native > > display init (libgfxinit) is preferred if available. The only bit you > > will likely need is the VBT, which you can get from Linux (or dump > > from vendor firmware, but often contains multiple copies). > > How would I get hold of this? I don't have the method handy, I usually just extract it from the vendor firmware using UEFITool > > > ###Inteltool output### > > CPU: ID 0x806ec, Processor Type 0x0, Family 0x6, Model 0x8e, Stepping > 0xc Northbridge: 8086:9b61 (10th generation (Comet Lake family) Core > Processor (Mobile)) Southbridge: 8086:0284 (Comet Point-LP U > Premium/Cometlake) IGD: 8086:9b41 (Intel(R) UHD Graphics) > SBREG_BAR = 0xfd000000 (MEM) > > Error mapping physical memory 0xfd000000[0x1000000] > CPU: ID 0x806ec, Processor Type 0x0, Family 0x6, Model 0x8e, Stepping > 0xc Northbridge: 8086:9b61 (10th generation (Comet Lake family) Core > Processor (Mobile)) Southbridge: 8086:0284 (Comet Point-LP U > Premium/Cometlake) IGD: 8086:9b41 (Intel(R) UHD Graphics) > > ========== LPC/eSPI ========= > > Error: Dumping LPC/eSPI on this southbridge is not (yet) supported. > > > CPU: ID 0x806ec, Processor Type 0x0, Family 0x6, Model 0x8e, Stepping > 0xc Northbridge: 8086:9b61 (10th generation (Comet Lake family) Core > Processor (Mobile)) Southbridge: 8086:0284 (Comet Point-LP U > Premium/Cometlake) IGD: 8086:9b41 (Intel(R) UHD Graphics) > > > CPU: ID 0x806ec, Processor Type 0x0, Family 0x6, Model 0x8e, Stepping > 0xc Northbridge: 8086:9b61 (10th generation (Comet Lake family) Core > Processor (Mobile)) Southbridge: 8086:0284 (Comet Point-LP U > Premium/Cometlake) IGD: 8086:9b41 (Intel(R) UHD Graphics) > > ============= AHCI Registers ============== > > > ============= AHCI Configuration Registers ============== > > > ============= SATA Initialization Registers ============== > > > ============= ABAR ============== > > ABAR = 0xf1215000 (MEM) > > Error mapping physical memory 0xf1215000[0x400] > CPU: ID 0x806ec, Processor Type 0x0, Family 0x6, Model 0x8e, Stepping > 0xc Northbridge: 8086:9b61 (10th generation (Comet Lake family) Core > Processor (Mobile)) Southbridge: 8086:0284 (Comet Point-LP U > Premium/Cometlake) IGD: 8086:9b41 (Intel(R) UHD Graphics) > > ============= Dumping INTEL SGX status ============= > Number of CPUs = 8 > ------------- CPU 0 ---------------- > SGX supported : YES > SGX enabled : YES > Feature Control locked : YES > ------------- CPU 1 ---------------- > SGX supported : YES > SGX enabled : YES > Feature Control locked : YES > ------------- CPU 2 ---------------- > SGX supported : YES > SGX enabled : YES > Feature Control locked : YES > ------------- CPU 3 ---------------- > SGX supported : YES > SGX enabled : YES > Feature Control locked : YES > ------------- CPU 4 ---------------- > SGX supported : YES > SGX enabled : YES > Feature Control locked : YES > ------------- CPU 5 ---------------- > SGX supported : YES > SGX enabled : YES > Feature Control locked : YES > ------------- CPU 6 ---------------- > SGX supported : YES > SGX enabled : YES > Feature Control locked : YES > ------------- CPU 7 ---------------- > SGX supported : YES > SGX enabled : YES > Feature Control locked : YES > ==================================================== > CPU: ID 0x806ec, Processor Type 0x0, Family 0x6, Model 0x8e, Stepping > 0xc Northbridge: 8086:9b61 (10th generation (Comet Lake family) Core > Processor (Mobile)) Southbridge: 8086:0284 (Comet Point-LP U > Premium/Cometlake) IGD: 8086:9b41 (Intel(R) UHD Graphics) > > ============= Dumping INTEL TME status ============= > TME supported : NO > ==================================================== _______________________________________________ coreboot mailing list -- [email protected] To unsubscribe send an email to [email protected]
