heads/targets/xx80_me_blobs.mk

# Targets for downloading xx80 ME blob, neutering it and deactivating ME.
# This also uses the deguard tool to bypass Intel Boot Guard exploiting CVE-2017-5705.
# See https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00086.html

# xx80-*-maximized boards require of you initially call one of the
#  following to have gbe.bin ifd.bin and me.bin
#  - blobs/xx80/download_clean_me_and_deguard.sh
#     To download Lenovo original ME binary, neuter+deactivate ME, produce
#      reduced IFD ME region and expanded BIOS IFD region.
#  - blobs/xx80/extract_and_deguard.sh
#     To extract ME binary, GBE and IFD blobs and apply the deguard exploit to the the ME binary.

# Make the Coreboot build depend on the following 3rd party blobs:
$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \
    $(pwd)/blobs/xx80/me.bin	

$(pwd)/blobs/xx80/me.bin:
	COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \
		$(pwd)/blobs/xx80/download_clean_deguard_me.sh $(pwd)/blobs/xx80
add t480 board Signed-off-by: gaspar-ilom <gasparilom@riseup.net> 2025-01-14 13:20:05 +01:00			`# Targets for downloading xx80 ME blob, neutering it and deactivating ME.`
			`# This also uses the deguard tool to bypass Intel Boot Guard exploiting CVE-2017-5705.`
			`# See https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00086.html`

			`# xx80-*-maximized boards require of you initially call one of the`
			`# following to have gbe.bin ifd.bin and me.bin`
			`# - blobs/xx80/download_clean_me_and_deguard.sh`
			`# To download Lenovo original ME binary, neuter+deactivate ME, produce`
			`# reduced IFD ME region and expanded BIOS IFD region.`
			`# - blobs/xx80/extract_and_deguard.sh`
			`# To extract ME binary, GBE and IFD blobs and apply the deguard exploit to the the ME binary.`

			`# Make the Coreboot build depend on the following 3rd party blobs:`
			`$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \`
Merge remote-tracking branch 'gaspar-ilom/t480' into poc_t480 Resolve conflicts, enable TPM2 support into board configs that was missing sorry - remove blobs/kabylake/fetch_split_fsp.sh since unneeded if depending on full FSP from tree - removed fsp.fd files placed in blobs and references to it in @gaspar-ilom branch - removed blobs/kabylake/* altogether since unneeded - remove patches/coreboot-24.02.01/* since we use another fork (currently modules/coreboot: t480, might be renamed to coreboot release to be reused later) - t480 boards depend on targets/xx80_me_blobs.mk now, next commit will cleanup prior work artifacts not needed; @gaspar-ilom approach cleaner Signed-off-by: Thierry Laurion <insurgo@riseup.net> 2025-02-12 12:26:28 -05:00			`$(pwd)/blobs/xx80/me.bin`
add t480 board Signed-off-by: gaspar-ilom <gasparilom@riseup.net> 2025-01-14 13:20:05 +01:00
			`$(pwd)/blobs/xx80/me.bin:`
			`COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \`
Merge remote-tracking branch 'gaspar-ilom/t480' into poc_t480 Resolve conflicts, enable TPM2 support into board configs that was missing sorry - remove blobs/kabylake/fetch_split_fsp.sh since unneeded if depending on full FSP from tree - removed fsp.fd files placed in blobs and references to it in @gaspar-ilom branch - removed blobs/kabylake/* altogether since unneeded - remove patches/coreboot-24.02.01/* since we use another fork (currently modules/coreboot: t480, might be renamed to coreboot release to be reused later) - t480 boards depend on targets/xx80_me_blobs.mk now, next commit will cleanup prior work artifacts not needed; @gaspar-ilom approach cleaner Signed-off-by: Thierry Laurion <insurgo@riseup.net> 2025-02-12 12:26:28 -05:00			`$(pwd)/blobs/xx80/download_clean_deguard_me.sh $(pwd)/blobs/xx80`