Emulation/switch-coreboot
1
0
Fork 0
mirror of https://github.com/fail0verflow/switch-coreboot.git synced 2025-05-04 01:39:18 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
switch-coreboot/util
History
Nicola Corna e3c2e05353 UPSTREAM: util: Add me_cleaner 
me_cleaner is a tool to strip down Intel ME/TXE images by removing all
the non-fundamental code, while keeping the ME/TXE image valid and
suitable for booting the system. The remaining code (ROMP and BUP
modules) is the one responsible for the very basic initialization of
the ME/TXE subsystem and can't be removed.

This tool exploits the fact that:
 * Each ME/TXE partition is signed individually and it is possible to
    remove both the partition and the signature.
 * The ME/TXE modules are not signed directly, instead they are hashed
    and the list of their hashes is hashed again and signed: this
    means that modifying a module doesn't invalidate the signature,
    but only the hash of that single module.
 * The modules hashes are checked only when the corresponding module
    needs to be executed.
 * The system can boot after the execution of the first module (BUP,
    inside the FTPR partition), even if the subsequent stages fail.

Currently me_cleaner works on every Intel platform with Intel ME or
Intel TXE with the following limitations:
 * Doesn't work when Intel Boot Guard is set in Verified Boot mode.
 * Doesn't fully work on Nehalem yet.
 * On Skylake and later generations, since the partitions' internal
    structure has changed, me_cleaner leaves intact the FTPR
    partition, removing all the the other partitions.

This tool has been tested on multiple platforms and architectures by
different users, and seems to be stable. The reports are available
here:
https://github.com/corna/me_cleaner/issues/3

A more in-depth description of me_cleaner is available here:
https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F

BUG=none
BRANCH=none
TEST=none

Change-Id: I4d697041a6d9df503d17a0e30fef4713120dddb7
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: 9bcc002f1e
Original-Change-Id: I9013799e9adea0dea0775b9afe718de5fc4ca748
Original-Signed-off-by: Nicola Corna <nicola@corna.info>
Original-Reviewed-on: https://review.coreboot.org/18203
Original-Tested-by: build bot (Jenkins)
Original-Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Original-Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-on: https://chromium-review.googlesource.com/432759
2017-01-27 07:48:59 -08:00
..
abuild UPSTREAM: util/abuild: Print list of failed boards at the end of the abuild 2017-01-13 15:21:55 -08:00
acpi tree: drop last paragraph of GPL copyright header 2015-10-31 21:37:39 +01:00
amdfwtool UPSTREAM: util/amdfwtool: Wrap long lines, excluding comments 2016-11-29 17:38:12 -08:00
amdtools Remove empty lines at end of file 2015-06-08 00:55:07 +02:00
archive archive: build archive tool with HOSTCC 2016-03-08 17:40:05 +01:00
arm_boot_tools/mksunxiboot arm_boot_tools: Add 'b' to fopen flags for Windows compatibility 2014-12-19 18:55:34 +01:00
autoport UPSTREAM: util/autoport: Fix gfx dump of log_maker 2017-01-13 15:21:53 -08:00
bimgtool codebase: Change makefile $(shell pwd) commands to $(CURDIR) 2016-03-11 18:48:06 +01:00
board_status UPSTREAM: board_status: Abort early if the coreboot image doesn't exist 2016-05-26 03:21:20 -07:00
broadcom UPSTREAM: util/broadcom: Check for successful file access 2016-12-19 09:54:20 -08:00
cbfstool UPSTREAM: cbfs-compression-tool: catch compression failures 2017-01-24 07:14:50 -08:00
cbmem UPSTREAM: cbmem: Exit with an errorlevel of 0 after printing help 2016-09-15 13:41:18 -07:00
checklist UPSTREAM: util/checklist: Place tables in proper boot order 2016-08-11 03:14:32 -07:00
chromeos UPSTREAM: util/chromeos: Make scripts executable 2016-08-04 23:36:47 -07:00
crossgcc UPSTREAM: buildgcc: try curl if wget is not present 2017-01-13 15:22:02 -08:00
docker UPSTREAM: util/docker: Add a makefile for common docker tasks 2016-12-13 17:49:38 -08:00
dtd_parser util: Look for python2 binary instead of python 2016-01-26 00:25:19 +01:00
ectool ectool: fix NetBSD compilation 2016-01-27 17:15:56 +01:00
exynos util: Look for python2 binary instead of python 2016-01-26 00:25:19 +01:00
futility UPSTREAM: Rename VB_SOURCE to VBOOT_SOURCE for increased clarity 2016-07-28 22:56:11 -07:00
fuzz-tests tree: drop last paragraph of GPL copyright header 2015-10-31 21:37:39 +01:00
genbuild_h genbuild_h: Fix numeric comparison to remove error 2016-03-14 23:37:12 +01:00
genprof util/genprof: improve handling of command line arguments 2014-08-12 09:02:44 +02:00
gitconfig UPSTREAM: Rename and move util/gitconfig/rebase.sh 2016-10-25 14:46:55 -07:00
ifdfake UPSTREAM: util/ifdfake: Add number of regions 2016-12-16 07:51:49 -08:00
ifdtool UPSTREAM: ifdtool: Add option to specify platform (-p) quirks 2016-11-08 23:24:23 -08:00
intelmetool UPSTREAM: util/intelmetool: Try to activate the ME before scanning PCIe for it 2017-01-22 05:03:18 -08:00
inteltool UPSTREAM: util/inteltool: Add ICH6-10 to BIOS_CNTL list 2017-01-05 11:01:06 -08:00
intelvbttool UPSTREAM: intelvbttool: cope with errors in open() 2016-08-04 23:37:52 -07:00
ipqheader util: ipq40xx: Scripts to combine SBL and Coreboot ELFs 2016-05-09 09:36:27 +02:00
k8resdump tree: drop last paragraph of GPL copyright header 2015-10-31 21:37:39 +01:00
kconfig UPSTREAM: Kconfig: Change symbol override from warning to notice 2016-12-13 17:49:40 -08:00
lint UPSTREAM: util/lint: Add a tool to verify a single newline at the end of files 2017-01-20 08:47:59 -08:00
marvell util/marvell: Add Marvell doimage utility and dependency in relevant Makefile 2016-02-11 14:16:08 +01:00
me_cleaner UPSTREAM: util: Add me_cleaner 2017-01-27 07:48:59 -08:00
mma util/mma: changing BOOT_STUB to COREBOOT region and few more things 2016-05-10 22:59:36 +02:00
msrtool UPSTREAM: util/msrtool: Use tabs for indents 2016-10-19 14:06:44 -07:00
mtkheader util: Look for python2 binary instead of python 2016-01-26 00:25:19 +01:00
nvidia Make upstream tree CrOS SDK friendly 2016-05-12 15:42:17 -06:00
nvramtool UPSTREAM: nvramtool: Don't consider reserved regions to be "out of range" 2016-08-04 23:37:39 -07:00
optionlist optionslist: Don't add a timestamp 2016-02-21 01:46:15 +01:00
post util: Add a very simple utility to test POST cards. 2016-02-26 07:00:33 +01:00
release UPSTREAM: util/release/build-release: Update tar command 2016-10-11 14:31:59 -07:00
riscvtools UPSTREAM: RISCV: change make-spike-elf to use the coreboot toolchain. 2016-10-18 22:14:47 -07:00
rockchip rockchip: update make_idb.py 2016-03-16 15:24:10 +01:00
romcc UPSTREAM: util/romcc: avoid shifting more than the variable's width 2017-01-09 23:46:53 -08:00
sconfig UPSTREAM: sconfig: Reformat C code 2016-08-13 20:28:32 -07:00
scripts UPSTREAM: util/scripts: extend cross-repo-cherrypick 2017-01-19 06:11:09 -08:00
showdevicetree tree: drop last paragraph of GPL copyright header 2015-10-31 21:37:39 +01:00
spkmodem_recv tree: drop last paragraph of GPL copyright header 2015-10-31 21:37:39 +01:00
superiotool UPSTREAM: superiotool: Add support for HWM registers on W83627EHG 2017-01-05 11:00:56 -08:00
uio_usbdebug tree: drop last paragraph of GPL copyright header 2015-10-31 21:37:39 +01:00
vgabios UPSTREAM: Remove extra newlines from the end of all coreboot files. 2016-08-04 23:36:56 -07:00
viatool UPSTREAM: viatool/quirks: Add newline to end of file 2016-08-02 14:29:22 -07:00
xcompile UPSTREAM: util/xcompile/xcompile: Add a space before && 2016-10-29 15:16:47 -07:00