summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorNicola Corna <nicola@corna.info>2017-01-23 15:29:03 +0100
committerMartin Roth <martinroth@google.com>2017-02-04 23:02:39 +0100
commit92e95cab9622b78791adc851ec0e07c3a9e52e53 (patch)
tree6db517e8731c0cbf2fde0c38a534c0c8432b6887 /src
parentbb1af99622e7e4a303f49618a4ecbb02606d1cba (diff)
sb/intel/common: Hook up me_cleaner
The me_cleaner option is available on multiple platforms: * Sandy and Ivy Bridge (well tested by multiple users). * Skylake and Braswell (tested). * Haswell, Broadwell and Bay Trail (untested). The untested platforms have been included anyways because all the firmwares are very similar and Intel ME/TXE probably behaves in the same way. Change-Id: I46f461a1a7e058d57259f313142b00146f0196aa Signed-off-by: Nicola Corna <nicola@corna.info> Reviewed-on: https://review.coreboot.org/18206 Tested-by: build bot (Jenkins) Reviewed-by: Martin Roth <martinroth@google.com>
Diffstat (limited to 'src')
-rw-r--r--src/southbridge/intel/common/firmware/Kconfig31
-rw-r--r--src/southbridge/intel/common/firmware/Makefile.inc5
2 files changed, 36 insertions, 0 deletions
diff --git a/src/southbridge/intel/common/firmware/Kconfig b/src/southbridge/intel/common/firmware/Kconfig
index c36b235cad..af26b2de2a 100644
--- a/src/southbridge/intel/common/firmware/Kconfig
+++ b/src/southbridge/intel/common/firmware/Kconfig
@@ -58,6 +58,37 @@ config ME_BIN_PATH
default "3rdparty/blobs/mainboard/$(MAINBOARDDIR)/me.bin"
depends on HAVE_ME_BIN
+config USE_ME_CLEANER
+ bool "Strip down the Intel ME/TXE firmware"
+ depends on HAVE_ME_BIN && (NORTHBRIDGE_INTEL_SANDYBRIDGE || \
+ NORTHBRIDGE_INTEL_IVYBRIDGE || NORTHBRIDGE_INTEL_HASWELL || \
+ SOC_INTEL_BROADWELL || SOC_INTEL_SKYLAKE || \
+ SOC_INTEL_BAYTRAIL || SOC_INTEL_BRASWELL)
+ help
+ Use me_cleaner to remove all the non-fundamental code from the Intel
+ ME/TXE firmware.
+ The resulting Intel ME/TXE firmware will have only the code
+ responsible for the very basic hardware initialization, leaving the
+ ME/TXE subsystem essentially in a disabled state.
+
+ Don't flash a modified ME/TXE firmware and a new coreboot image at the
+ same time, test them in two different steps.
+
+ WARNING: this tool isn't based on any official Intel documentation but
+ only on reverse engineering and trial & error.
+
+ See the project's page
+ https://github.com/corna/me_cleaner
+ or the wiki
+ https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F
+ https://github.com/corna/me_cleaner/wiki/me_cleaner-status
+ for more info about this tool
+
+ If unsure, say N.
+
+comment "Please test the modified ME/TXE firmware and coreboot in two steps"
+ depends on USE_ME_CLEANER
+
config HAVE_GBE_BIN
bool "Add gigabit ethernet firmware"
depends on HAVE_IFD_BIN
diff --git a/src/southbridge/intel/common/firmware/Makefile.inc b/src/southbridge/intel/common/firmware/Makefile.inc
index 17e53b55e6..98a36d3b81 100644
--- a/src/southbridge/intel/common/firmware/Makefile.inc
+++ b/src/southbridge/intel/common/firmware/Makefile.inc
@@ -58,6 +58,11 @@ ifeq ($(CONFIG_HAVE_ME_BIN),y)
$(obj)/coreboot.pre
mv $(obj)/coreboot.pre.new $(obj)/coreboot.pre
endif
+ifeq ($(CONFIG_USE_ME_CLEANER),y)
+ printf " ME_CLEANER coreboot.pre\n"
+ util/me_cleaner/me_cleaner.py $(obj)/coreboot.pre > \
+ $(obj)/me_cleaner.log
+endif
ifeq ($(CONFIG_HAVE_GBE_BIN),y)
printf " IFDTOOL gbe.bin -> coreboot.pre\n"
$(objutil)/ifdtool/ifdtool \