Re: [coreboot] Thinkpad SD card controller DMA
Sounds like disabling the PCIe port of the device is the safest solution. Will switching the value in the devicetree be enough or is that too uncertain? -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Thinkpad SD card controller DMA
That's what I'm thinking about, but I am not able to test a build with it removed from the devicetree to see if that does the trick, so I was wondering if anybody knows. -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Thinkpad SD card controller DMA
Thanks for your response and suggestions. Luckily I don’t need the SD card reader and would rather completely disable it to protect against any DMA attack before the kernel initializes IOMMU. The problem is that I don’t know how to prevent the controller from initializing at all, short of actually desoldering the chip from the mainboard, which is risky. Regarding the EC, are you aware of any working libre replacement for the EC on any Lenovo Thinkpad? -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
[coreboot] Thinkpad SD card controller DMA
Hello, I noticed that all Lenovo Thinkpads supported by coreboot have a SD card controller that is connected as a PCI device. I assume that the controller runs non-free firmware from its own ROM and because it is a PCI device it should have DMA, which seems like a security risk, right? If so, is there a way to prevent the SD card controller from turning on when the computer is booted, by changing some code in the source (maybe in devicetree.cb) or at least to stop the controller from having DMA? Thanks a lot, Thomas-- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
[coreboot] Booting live OS from encrypted LUKS partition in GRUB2
Hello, I have GRUB2 as a payload in coreboot and I am trying to have it load Trisquel 7.0 Live (Test Trisquel without installing) from an encrypted LUKS partition on a USB flash drive. I am able to decrypt the LUKS container and GRUB finds the Trisquel ISOLINUX menu, but fails to load the OS. When I try to manually boot it with commands (linux, initrd, boot) it starts loading the kernel, but then halts when it detects the USB flash drive and drops into BusyBox. Does anybody know how to overcome this problem and properly boot Trisquel in live mode from an encrypted LUKS partition in GRUB? Thanks.-- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Blobless coreboot on Sandy Bridge and Ivy Bridge?
Is it possible to find out which Sandy/Ivy board supports native ram/graphics init before buying one of them? For example, is there some list that shows compatibility? Thomas-- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
[coreboot] Blobless coreboot on Sandy Bridge and Ivy Bridge?
If one excludes any microcode and the VGA BIOS, is it possible to build a functioning, blobless coreboot for any Sandy Bridge or Ivy Bridge device supported? I'm referring here only to the BIOS region on the flash, not the ME region, IFD and GbE. If the FSP blob is needed, would that be the only blob required? Thanks-- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot