<div dir="ltr">To Whom It May Concern!<div><br></div><div>I sincerely hope that Google designers, reading this thread, and are involved in the R&D of multi-core silicon ARM server, with Coreboot designers, will NOT replicate/copy such an opaque design as INTEL did (and why, really???), and they'll get rid of ME entity overall/completely, making simpler lookalike (hopefully Coreboot based) BIOS containing all the components from INTEL BIOS + INTEL ME functionalities/features in one (in other words migrate all ME functionalities in Google "BIOS", whatever this will be).</div><div><br></div><div>The benefits of this design are obvious, aren't they? ;-)</div><div><br></div><div>Thank you,</div><div>Zoran</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Nov 5, 2016 at 3:33 PM, Trammell Hudson <span dir="ltr"><<a href="mailto:hudson@trmm.net" target="_blank">hudson@trmm.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Fri, Nov 04, 2016 at 09:20:24PM +0000, Nicola Corna wrote:<br>
> [...]<br>
<span class="">> * Sandy Bridge accepts an Intel ME firmware with just the FTPR partition, both<br>
> with and without a valid FPT (the partition table of the Intel ME image).<br>
> The system doesn't power off after 30 minutes, and the ME reports a<br>
> successful initialization (see attached cbmem).<br>
<br>
</span>I'm really glad to hear that you've been able to replicate my results<br>
and have similar results on slightly different hardware. Since my original<br>
post I've also replicated the results on a Skylake mobile CPU, which has<br>
a very different ME architecture, although with a similar set of partitions.<br>
<span class=""><br>
> * Sandy Bridge boots successfully without a good FPT (but with a valid FTPR),<br>
> so it probably has a "backup" on-chip FPT. The system boots fine and doesn't<br>
> power itself off after 30 minutes, even if the cbmem entry "ME: FW<br>
> Partition Table" has the value "BAD" (that, we suppose, means: "I found a<br>
> broken partition table, I'm using the fallback one").<br>
<br>
</span>My guess is that it either has a fallback, a hard coded address or scans<br>
looking for the $FTPR string.<br>
<span class=""><br>
> * According to Trammell Hudson's tests, this behaviour is the same in Ivy<br>
> Bridge (the thread's subject says "Sandy Bridge" but his cbmem confirms that<br>
> his device is actually an Ivy Bridge)<br>
<br>
</span>Right. I was confused since the coreboot architecture directory for the<br>
x230 is named sandybridge.<br>
<br>
> [...]<br>
> * We couldn't remove in any way the FTPR partition on Sandy Bridge: [...]<br>
<span class="">> * Relocating the FTPR image doesn't work, even if the FPT entry points to the<br>
> new location.<br>
<br>
</span>Likewise. I also tried relocating it, but was not able to do so.<br>
<span class=""><br>
> * Shrinking the "reduced" ME partition in IFD to the minimum size allowed (FTPR<br>
> offset + FTPR size + 4 kB alignment) bricks the device too (but we're not<br>
> sure about this, maybe we made a mistake during the image creation).<br>
<br>
</span>I was able to reduce it to cover 0x3000 to 1 MB. There appears to be some<br>
data being written into part of the SPI flash by the ME on each boot,<br>
logging someting about the startup?, so the IFD must include that portion.<br>
I did change the IFD to allow the CPU to read the ME region so that I can<br>
include it in my TPM measurements.<br>
<span class=""><br>
> * We haven't understood yet how to remove the unneeded modules from the FTPR<br>
> partition, any help is appreciated.<br>
<br>
</span>Any of the LZMA compressed files in the FTPR partitoin can be replaced<br>
with 0xFF. The Huffman ones seem to share a common table, so I wasn't<br>
able to replace any of them individually.<br>
<br>
Again, I'm really glad to see that this has started additional research<br>
into this area.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Trammell<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
--<br>
coreboot mailing list: <a href="mailto:coreboot@coreboot.org">coreboot@coreboot.org</a><br>
<a href="https://www.coreboot.org/mailman/listinfo/coreboot" rel="noreferrer" target="_blank">https://www.coreboot.org/<wbr>mailman/listinfo/coreboot</a><br>
</div></div></blockquote></div><br></div>