[coreboot] Re: Coreboot on newer laptops

Fri, 17 Sep 2021 10:58:14 -0700 


> it's not going to be a setting in the vendor firmware.
> 
> `intelmetool -b` should report the status properly

intelmetool reports Bootguard is not activated, so looks like I am in
the clear, though there was a memory read error for some reason.

MEI found: [8086:2e0] Device 02e0

ME Status   : 0xa0000245
ME Status 2 : 0x6f10506

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : YES
ME: Manufacturing Mode      : NO
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Normal
ME: Current Operation State : M0 with UMA
ME: Current Operation Mode  : Normal
ME: Error Code              : No Error
ME: Progress Phase          : ROM Phase
ME: Power Management Event  : Pseudo-global reset
ME: Progress Phase State    : (null)

ME: Extend SHA-256:
05045e8332f6cd294b001985eef893ac5c9fb1c58666459731b3fc0eeff07ad2

Error mapping physical memory 0x0000000001101824 [0x2000] ERRNO=1
Operation not permitted Could not map ME setup memory.
Do you have kernel cmdline argument 'iomem=relaxed' set ?
BootGuard MSR Output : 0x0
Your system isn't BootGuard ready.
You can flash other firmware!


Not sure why the memory error since I included iomem=relaxed in the
grub.cfg

 linux  /boot/vmlinuz-4.19.0-10-amd64
 root=UUID=b889fd33-7705-4b9c-9c33-c304bbe7a6e5 ro iomem=relaxed quiet
 linux  /boot/vmlinuz-4.19.0-10-amd64
 root=UUID=b889fd33-7705-4b9c-9c33-c304bbe7a6e5 ro iomem=relaxed quiet
 linux  /boot/vmlinuz-4.19.0-10-amd64
 root=UUID=b889fd33-7705-4b9c-9c33-c304bbe7a6e5 ro single iomem=relaxed

> nope, you'll need `inteltool -g` as well

inteltool -g is one of the ones that doesn't work on this board.

Error mapping SBREG_BAR: Operation not permitted
CPU: ID 0x806ec, Processor Type 0x0, Family 0x6, Model 0x8e, Stepping
0xc Northbridge: 8086:9b61 (10th generation (Comet Lake family) Core
Processor (Mobile)) Southbridge: 8086:0284 (Comet Point-LP U
Premium/Cometlake) IGD: 8086:9b41 (Intel(R) UHD Graphics)
SBREG_BAR = 0xfd000000 (MEM)

Error mapping physical memory 0xfd000000[0x1000000]

> me_cleaner doesn't support anything newer than 6th/7th-gen SoCs/CPUs.
> The best you can do on Cometlake currently is to set the HAP bit in
> the IFD.

I suppose the HAP bit will have to do then.

So, I guess the question at this point is how feasible would it be to
install coreboot on this board? I'd rather not sink a lot of time into
it if it's only going to lead to a dead end and using the board with
vendor firmware is not an option for me because in addition to the
Intel ME there is also Computrace which can't be disabled. I can't
trust any PC with spyware built in.

Andreas suggested I use the intel reference board setup in debug mode
and use that to try to configure a working system. I see there is an
intel reference board for Cometlake, but I don't know if I have the
needed information to successfully configure the board properly, given
the inteltool -g doesn't work and there may be problems finding the
correct GPIO settings. I do have the pinout for the W25Q128JV chip
which holds the BIOS. Not sure if that helps with the GPIO or not. What
do the coreboot developers think about this situation? Is there a way
forward and if so what would it involve?
_______________________________________________
coreboot mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to