ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-03-15 00:36:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
heads/blobs/xx80
History
Thierry Laurion e6d6001e97
Merge remote-tracking branch 'gaspar-ilom/t480' into poc_t480 
Resolve conflicts, enable TPM2 support into board configs that was missing sorry
- remove blobs/kabylake/fetch_split_fsp.sh since unneeded if depending on full FSP from tree
  - removed fsp.fd files placed in blobs and references to it in @gaspar-ilom branch
  - removed blobs/kabylake/* altogether since unneeded
- remove patches/coreboot-24.02.01/* since we use another fork (currently modules/coreboot: t480, might be renamed to coreboot release to be reused later)
- t480 boards depend on targets/xx80_me_blobs.mk now, next commit will cleanup prior work artifacts not needed; @gaspar-ilom approach cleaner

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2025-02-12 12:46:14 -05:00
..
.gitignore
add t480 board
2025-02-12 00:56:17 +01:00
download_clean_deguard_me.sh
add t480 board
2025-02-12 00:56:17 +01:00
gbe.bin
add t480 board
2025-02-12 00:56:17 +01:00
hashes.txt
Merge remote-tracking branch 'gaspar-ilom/t480' into poc_t480
2025-02-12 12:46:14 -05:00
ifd.bin
add t480 board
2025-02-12 00:56:17 +01:00
README
add t480 board
2025-02-12 00:56:17 +01:00

README 

The ME blobs dumped in this directory come from the following link: https://dl.dell.com/FOLDER04573471M/1/Inspiron_5468_1.3.0.exe

This provides ME version 11.6.0.1126. In this version CVE-2017-5705 has not yet been fixed.
See https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00086.html
Therefore, Bootguard can be disabled by deguard with a patched ME.

1.0.0:Automatically extract, neuter and deguard me.bin
download_clean_me.sh : Downloads vulnerable ME from Dell verify checksum, extract ME, neuters ME, relocate and trim it, then apply deguard patch and place it into me.bin

sha256sum:
1990b42df67ba70292f4f6e2660efb909917452dcb9bd4b65ea2f86402cfa16b  me.bin

1.0.1: Extract blobs from original rom:
extract.sh: takes backup, unlocks ifd, apply me_cleaner to neuter, relocate, trim and deguard it, modify BIOS and ME region of IFD and place output files into this dir.

sha256sum: will vary depending of IFD and ME extracted where IFD regions of BIOS and ME should be consistent.

1.1: More blobs
--------------------
ifd.bin was extracted from a T480 from an external flashrom backup.

sha256sum:
f2f6d5fb0a5e02964b494862032fd93f1f88e2febd9904b936083600645c7fdf  ifd.bin

sha256sum:
6b7f3912995fb87ae62956e009470b35b72b5b9a4bfd7bed48da429af9804866  gbe.bin
------------------------

Notes: as specified in first link, this ME can be deployed to:
    T480 and T480s