diff options
author | Nicola Corna <nicola@corna.info> | 2017-01-23 15:29:03 +0100 |
---|---|---|
committer | Martin Roth <martinroth@google.com> | 2017-02-04 23:02:39 +0100 |
commit | 92e95cab9622b78791adc851ec0e07c3a9e52e53 (patch) | |
tree | 6db517e8731c0cbf2fde0c38a534c0c8432b6887 /src/southbridge | |
parent | bb1af99622e7e4a303f49618a4ecbb02606d1cba (diff) |
sb/intel/common: Hook up me_cleaner
The me_cleaner option is available on multiple platforms:
* Sandy and Ivy Bridge (well tested by multiple users).
* Skylake and Braswell (tested).
* Haswell, Broadwell and Bay Trail (untested).
The untested platforms have been included anyways because all the
firmwares are very similar and Intel ME/TXE probably behaves in the
same way.
Change-Id: I46f461a1a7e058d57259f313142b00146f0196aa
Signed-off-by: Nicola Corna <nicola@corna.info>
Reviewed-on: https://review.coreboot.org/18206
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
Diffstat (limited to 'src/southbridge')
-rw-r--r-- | src/southbridge/intel/common/firmware/Kconfig | 31 | ||||
-rw-r--r-- | src/southbridge/intel/common/firmware/Makefile.inc | 5 |
2 files changed, 36 insertions, 0 deletions
diff --git a/src/southbridge/intel/common/firmware/Kconfig b/src/southbridge/intel/common/firmware/Kconfig index c36b235cad..af26b2de2a 100644 --- a/src/southbridge/intel/common/firmware/Kconfig +++ b/src/southbridge/intel/common/firmware/Kconfig @@ -58,6 +58,37 @@ config ME_BIN_PATH default "3rdparty/blobs/mainboard/$(MAINBOARDDIR)/me.bin" depends on HAVE_ME_BIN +config USE_ME_CLEANER + bool "Strip down the Intel ME/TXE firmware" + depends on HAVE_ME_BIN && (NORTHBRIDGE_INTEL_SANDYBRIDGE || \ + NORTHBRIDGE_INTEL_IVYBRIDGE || NORTHBRIDGE_INTEL_HASWELL || \ + SOC_INTEL_BROADWELL || SOC_INTEL_SKYLAKE || \ + SOC_INTEL_BAYTRAIL || SOC_INTEL_BRASWELL) + help + Use me_cleaner to remove all the non-fundamental code from the Intel + ME/TXE firmware. + The resulting Intel ME/TXE firmware will have only the code + responsible for the very basic hardware initialization, leaving the + ME/TXE subsystem essentially in a disabled state. + + Don't flash a modified ME/TXE firmware and a new coreboot image at the + same time, test them in two different steps. + + WARNING: this tool isn't based on any official Intel documentation but + only on reverse engineering and trial & error. + + See the project's page + https://github.com/corna/me_cleaner + or the wiki + https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F + https://github.com/corna/me_cleaner/wiki/me_cleaner-status + for more info about this tool + + If unsure, say N. + +comment "Please test the modified ME/TXE firmware and coreboot in two steps" + depends on USE_ME_CLEANER + config HAVE_GBE_BIN bool "Add gigabit ethernet firmware" depends on HAVE_IFD_BIN diff --git a/src/southbridge/intel/common/firmware/Makefile.inc b/src/southbridge/intel/common/firmware/Makefile.inc index 17e53b55e6..98a36d3b81 100644 --- a/src/southbridge/intel/common/firmware/Makefile.inc +++ b/src/southbridge/intel/common/firmware/Makefile.inc @@ -58,6 +58,11 @@ ifeq ($(CONFIG_HAVE_ME_BIN),y) $(obj)/coreboot.pre mv $(obj)/coreboot.pre.new $(obj)/coreboot.pre endif +ifeq ($(CONFIG_USE_ME_CLEANER),y) + printf " ME_CLEANER coreboot.pre\n" + util/me_cleaner/me_cleaner.py $(obj)/coreboot.pre > \ + $(obj)/me_cleaner.log +endif ifeq ($(CONFIG_HAVE_GBE_BIN),y) printf " IFDTOOL gbe.bin -> coreboot.pre\n" $(objutil)/ifdtool/ifdtool \ |