diff options
author | Nicola Corna <nicola@corna.info> | 2018-03-31 18:24:44 +0200 |
---|---|---|
committer | Patrick Georgi <pgeorgi@google.com> | 2018-06-13 14:49:00 +0000 |
commit | 364f2e10cb9dd6ee4bd6c0efae53cb7367dcd0a0 (patch) | |
tree | 27afac0369f78ae58166790e866915a291b59c5e /src/security | |
parent | de39fc71604eb49ee652d68085595d2f151d8a28 (diff) |
sb/intel/common/firmware: Use the -S flag of me_cleaner
The -S flag of me_cleaner, in addition to the standard code removal,
sets the the AltMeDisable bit (ME 6.x-10.x) or the HAP bit (ME 11.x),
which asks Intel ME to stop the execution after the hardware
initialization.
This should bring some advantages:
* The state of Intel ME can be easily obtained by reading the Current
Operation Mode register to trigger specific adjustments in the
raminit (as already done in bd82x6x)
* Intel ME falls into a more defined state, instead of being in a
generic "Image Failure"
* Hopefully, less code is run by Intel ME, as the execution should
stop before even trying to load additional modules
Tested on:
* Nehalem, Sandy Bridge and Ivy Bridge (Nicola Corna)
* Broadwell, Skylake and Kabylake (Youness Alaoui)
If needed, the -S flag can be removed or integrated with other
board-specific options by overriding CONFIG_ME_CLEANER_ARGS.
Change-Id: I2c12d09124dcc39924d1dc4eaf53a2dc1f69a2ac
Signed-off-by: Nicola Corna <nicola@corna.info>
Reviewed-on: https://review.coreboot.org/25508
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Youness Alaoui <snifikino@gmail.com>
Diffstat (limited to 'src/security')
0 files changed, 0 insertions, 0 deletions