[coreboot] Does CHIPSET_LOCKDOWN_COREBOOT still work?

y locks out there: https://twitter.com/citypw/status/1580541897604751361 Is this a bug or a feature that intends not to allow users to disable BIOS lock (others as well) via Intel' public FSP binary blobs? Thanks, regards Shawn [1] FSP-S Issues https://review.coreboot.org/plugins/giti

[coreboot] Re: Servers?

ng for something with a higher core density > and overall availability. I know supply issues is a problem for everyone. > > Any more info on the hosts you manufactured? > > Thanks! > > > > > > On Tuesday, Jul 12, 2022 at 10:17 PM, Shawn C > > wrote: > &g

[coreboot] Re: Servers?

n Building Blocks x86 server. We used a assembly factory in Shenzhen. Sure you can find similar vendors in other region (Vietnam/Mexico?). regards Shawn On Tuesday, July 12th, 2022 at 11:01 PM, Jeremy Hansen via coreboot wrote: > I’ve looked at the list of hardware vendors. I see System76 li

[coreboot] Re: Security notice: SMM can be hijacked by the OS on APs

Nice hunt, Arthur! The attack surface in coreboot is lesser than UEFI but the misconfig during the setup will lead to serious issue. This one is neat and worth a CVE. Please use CVE-2022-29264 as record: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29264 regards Shawn

[coreboot] Re: how intel ME is connected to the internet ?

rdenedvault.net/2021/07/16/ciso-seceng_csme.html regards Shawn ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org

[coreboot] Re: What should we do about freenode IRC services?

OFTC respect more of user privacy but seems nobody are willing to use. Then Matrix is a good option. Thanks. regards Shawn ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org

[coreboot] Re: Asan/Ubsan for further testing

uesday, January 5, 2021 4:11 PM, Harshit Sharma wrote: > Hi Shawn, > > I am glad that you found these sanitizers useful. Presently, Ubsan is > available in ramstage on all platforms whereas ASan is only available on x86 > platforms. You can refer to this page to learn more abo

[coreboot] Asan/Ubsan for further testing

t. It would be better if we add those debug features by default during the development which could possibly kill more bugs in the coreboot and the sanitizers themselves. Any ideas? regards Shawn C___ coreboot mailing list -- coreboot@coreboot.o

[coreboot] AMDFlaws

... regards Shawn ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org

[coreboot] Re: [linux-mei] intelmetool crashed mei_me driver

) from the drivers so I guess on 4.20 it won't > crash, but still this cannot work. > Thanks > Tomas -- GNU powered it... GPL protect it... God blessing it... regards Shawn ___ coreboot mailing list -- coreboot@coreboot.org To uns

[coreboot] Re: [linux-mei] intelmetool crashed mei_me driver

om [mailto:linux-mei- > > requ...@eclists.intel.com] On Behalf Of Shawn > > Sent: Tuesday, January 22, 2019 10:30 > > To: linux-...@linux.intel.com; coreboot > > Subject: [linux-mei] intelmetool crashed mei_me driver > > > > Hi, >

[coreboot] intelmetool crashed mei_me driver

crash log was attached! -- GNU powered it... GPL protect it... God blessing it... regards Shawn Jan 22 16:18:34 hardenedlinux-test kernel: [ 121.932672] mei_me :00:16.0: FW not ready: resetting. Jan 22 16:18:34 hardenedlinux-test kernel: [ 121.932695] mei_me :00:16.0: unexpected

[coreboot] intelmetool doesn't work on SPS

VERSION message failed host.buffer_depth and host.buffer_write_ptr having the same values( 0xff) caused it into dark. Seems SPS and ME has some differences here. Any idea how to fix it? -- GNU powered it... GPL protect it... God blessing it... regar

[coreboot] L1TF

ssing it... regards Shawn -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] RISC-V HiFive Unleashed board added to coreboot - has PCI-e slots via exp board

On Mon, Jun 25, 2018 at 11:39 PM, ron minnich wrote: > > > On Mon, Jun 25, 2018 at 12:55 AM Shawn wrote: >> >> Hi Ron, >> >> >> IIRC, Machine mode in RISC-V is just looking similar to SMM in x86. >> But it can do more than what SMM does. > > &

Re: [coreboot] RISC-V HiFive Unleashed board added to coreboot - has PCI-e slots via exp board

On Tue, Jun 26, 2018 at 12:01 AM, Nico Huber wrote: > On 25.06.2018 09:55, Shawn wrote:> Hi Ron, >> On Sun, Jun 24, 2018 at 12:55 AM, ron minnich wrote: >>> On Wed, Jun 20, 2018 at 11:03 PM taii...@gmx.com wrote: >>>> Whats the deal with SMM? What a shame they

Re: [coreboot] RISC-V HiFive Unleashed board added to coreboot - has PCI-e slots via exp board

3] Keystone: https://keystone-enclave.org/ -- GNU powered it... GPL protect it... God blessing it... regards Shawn -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] RISC-V HiFive Unleashed board added to coreboot - has PCI-e slots via exp board

unleashed/1334/3) > Thanks, seems our only option is to reversing. -- GNU powered it... GPL protect it... God blessing it... regards Shawn -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] RISC-V HiFive Unleashed board added to coreboot - has PCI-e slots via exp board

On Fri, Jun 22, 2018 at 7:01 PM, Jonathan Neuschäfer wrote: > On Fri, Jun 22, 2018 at 03:04:06PM +0800, Shawn wrote: >> Hi Jonathan, >> >> On Thu, Jun 21, 2018 at 7:48 PM, Jonathan Neuschäfer > [...] >> > With the unfinished coreboot port, I want it to look li

Re: [coreboot] RISC-V HiFive Unleashed board added to coreboot - has PCI-e slots via exp board

not > actively working on that, for a few months): > > MSEL (ROM0) -> ZSBL (ROM1) -> coreboot (+bbl?) -> Linux, or > MSEL (ROM0) -> coreboot (+bbl?) -> Linux > > ZSBL can be skipped, so you don't need to run closed source ROM code, at > least as far as the h

[coreboot] Intel ME Security keys Genealogy, Obfuscation and other Magic

https://github.com/ptresearch/IntelME-Crypto/blob/master/Intel%20ME%20Security%20keys%20Genealogy%2C%20Obfuscation%20and%20other%20Magic.pdf -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Embedded Controller (EC)

t; >> From: rspang...@google.com [mailto:rspang...@google.com] On Behalf Of >> Randall Spangler >> Sent: Friday, December 01, 2017 7:02 PM >> To: Vadim Bendebury >> Cc: Аладышев Константин; Coreboot; Shawn N >> Subject: Re: [coreboot] Embedded Controller (EC) >

Re: [coreboot] [kernel-hardening] ME and PSP

Hi Ron, On Thu, Sep 7, 2017 at 12:30 PM, ron minnich wrote: > > > On Wed, Sep 6, 2017 at 8:07 PM Shawn wrote: >> >> >> IMOHO, RISC-V will be the long-term solution in the future;-) >> > > people need to stop saying that. It's not that simple. And,

Re: [coreboot] [kernel-hardening] ME and PSP

l-hardening( I could be wrong if it weren't). Or feel free to ask question on coreboot's mailinglist: coreboot@coreboot.org -- GNU powered it... GPL protect it... God blessing it... regards Shawn -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Question about finalization of SMM

files/blob/master/scripts/harbian_fw/fw_hardening_runtime.py -- GNU powered it... GPL protect it... God blessing it... regards Shawn -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot

[coreboot] Digging Into The Core of Boot

https://github.com/hardenedlinux/Debian-GNU-Linux-Profiles/blob/master/docs/harbian_fw/harbian_chipsec.md#hardening-the-coreboot Have fun! -- GNU powered it... GPL protect it... God blessing it... regards Shawn -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman

Re: [coreboot] Intel ME The Way of the Static Analysis

unME11 is released by the speaker: https://github.com/ptresearch/unME11 On Tue, Apr 25, 2017 at 10:38 PM, Shawn wrote: > slide: > https://www.troopers.de/downloads/troopers17/TR17_ME11_Static.pdf > > video: > https://www.youtube.com/watch?v=2_aokrfcoUk -- GNU powered it...

[coreboot] Reverse-engineering the Intel Management Engine’s ROMP module

file: https://github.com/hardenedlinux/firmware-anatomy/blob/master/hack_ME/me_info.md -- GNU powered it... GPL protect it... God blessing it... regards Shawn -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot

[coreboot] Remote security exploit in all 2008+ Intel platforms

https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/ -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot

[coreboot] Intel ME The Way of the Static Analysis

slide: https://www.troopers.de/downloads/troopers17/TR17_ME11_Static.pdf video: https://www.youtube.com/watch?v=2_aokrfcoUk -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] How does intelmetool's support for Skylake?

Sunrise Point-H & Sunrise Point-LP can be supported by intelmetool: https://github.com/zamaudio/intelmetool Tested it on Alienware 13R2 & P10S-M WS and it's working perfectly. On Thu, Jan 5, 2017 at 3:20 PM, Zoran Stojsavljevic wrote: > Hello Shawn, > > Happy New Year

Re: [coreboot] [Resend] Tapping into the core (33C3)

semble the > laptop without being noticed. > [2] The laptop could be on, off, or in suspend-to-ram. > If the laptop is on or suspended, the attacker might have better > chances trying to bypass the screensaver for instance. > > Denis. > > -- > coreboot mailing list: coreboot@coreboot.org > https://www.coreboot.org/mailman/listinfo/coreboot -- GNU powered it... GPL protect it... God blessing it... regards Shawn -- coreboot mailing list: coreboot@coreboot.org https://www.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] How does intelmetool's support for Skylake?

coreboot supported mainboards on neutralizing ME( I'm afarid your hardware isn't on the list-_-): https://github.com/hardenedlinux/hardenedlinux_profiles/tree/master/coreboot On Wed, Jan 4, 2017 at 8:28 PM, Zoran Stojsavljevic wrote: > Hello Shawn, > > I am late, I apologize... Ne

Re: [coreboot] How does intelmetool's support for Skylake?

LAN (VLAN) : ON ME Capability: TLS: OFF ME Capability: Wireless LAN (WLAN): OFF exiting On Fri, Dec 30, 2016 at 11:04 AM, Shawn wrote: > Hi Zoran, > > Thanks for the info. I added my Device ID into the i

Re: [coreboot] How does intelmetool's support for Skylake?

t is NOT supported (look into latest coreboot's > coreboot/util/intelmetool/intelmetool.h). You can try to add it (as Device > ID), manually, peek around the C code, and see if this can help you. > > Zoran > > On Wed, Dec 28, 2016 at 5:26 PM, Zoran Stojsavljevic >

Re: [coreboot] How does intelmetool's support for Skylake?

g this file, but you can check your Linux distro > / tree with the following paths to find hwdb.bin: > > /etc/systemd/hwdb/hwdb.bin > /etc/udev/hwdb.bin<<=== In my Fedora rawhide VM > (future Fedora 26) I have here hwdb.bin === > /usr/lib/systemd/hwdb/

[coreboot] How does intelmetool's support for Skylake?

ersary re-flash the SPI ROM once they get the root priv. It does affect flashrom but intelmetool. I also ran intelmetool on the distro( Mint 18) kernel and got the same result. -- GNU powered it... GPL protect it... God blessing it... regards Shawn execve("./intelmetool", ["./in

[coreboot] desktop debacle

haps one of you kind souls could pick the essential parts for me on that site, with me adding some specs and guidelines, and I'd compensate for your time. I've checked around many places to see if a tech could build something for me and mostly I am met with silence, no one seems to know what

[coreboot] desktop build w/ coreboot

Just curious if anybody could put me in touch with someone in the USA who would be willing to build me a desktop pc with coreboot, upon which I could install my own Linux OS? Thanks, Sean -- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot

[coreboot] (no subject)

http://homeschoolwedo.com/wp-admin/css/xkijzcks.php -- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] unifying `acpi_tables.c`

Hi,folks,   I searched for 'acpi_tables.c' in directory 'mainboard', and 49 entries come.They are as follows, but not all listed here,just for your reference. coreboot\src\mainboard\advansus\a785e-i\acpi_tables.ccoreboot\src\mainboard\amd\bimini_fam10\acpi_tables.ccoreboot\src\mainboard\amd\dbm69

Re: [coreboot] Is there anything I can do to make coreboot better?

: <1305787073.4377.7.camel@mattotaupa> > Content-Type: text/plain; charset="utf-8" > > Dear Shawn, > > > Am Donnerstag, den 19.05.2011, 03:45 + schrieb shawn Bai: > > Hello, guys, > > ? and girls. > > > I am very pleased to have the ch

[coreboot] Is there anything I can do to make coreboot better?

Hello, guys, I am very pleased to have the chance to talk with you. I hope I do not bother you. My name is Shawn Bai, and you can call me Shawn, it's OK. I am very interested both in the low-level in embedded system, and in BIOS level in desktop computer or server.