From 98f89fb6211ed6bb4f866edc6b6977aaaee22f8a Mon Sep 17 00:00:00 2001 From: Denis 'GNUtoo' Carikli Date: May 07 2022 23:18:50 +0000 Subject: libreboot-utils: Add me_cleaner Recent (post 2006) Intel computers typically have a flash chip that contains several partitions: - A partition that contains a partition table, permission settings for read/write access to these partitions. various configuration settings like the flash chip speed, and so on. - A partition for the BIOS that contains the BIOS, Coreboot, EFI, Libreboot, UEFI, etc. - A partition for the Management Engine firmware. - A partition for some Gigabit Ethernet settings (the MAC address, LEDs settings, etc). - A partition named "Platform data" that probably contains some serial numbers or other data on some computers. The Management Engine firmware is signed, so its code cannot be modified. However the Management Engine firmware also contains its own partitioning scheme, and it's possible to remove some of its partitions in a way that enable computers to still boot and function normally. The me_cleaner utility can do that (so it still lives part of the Management Engine code or Operating system). The me_cleaner can also tell the Management Engine OS (with --soft-disable), that once its booted, it should not try to load additional applications. In addition me_cleaner can also verify the Management Engine firmware signatures. Note that me_cleaner cannot be used to completely remove the Management Engine firmware. To do that you need to use Libreboot instead. Libreboot removes completely the Management Engine firmware. However the method used by Libreboot only works with computers with the Intel GM45 chipset. Signed-off-by: Denis 'GNUtoo' Carikli --- diff --git a/pcr/libreboot-utils/PKGBUILD b/pcr/libreboot-utils/PKGBUILD index 5482a7e..091263f 100644 --- a/pcr/libreboot-utils/PKGBUILD +++ b/pcr/libreboot-utils/PKGBUILD @@ -4,14 +4,14 @@ # Maintainers: Parabola hackers pkgname=libreboot-utils -pkgrel=10 +pkgrel=11 _upstream_ver=20211122 pkgver=4.15.libreboot${_upstream_ver} pkgdesc="Misc. Coreboot/Libreboot utils (bucts, cbfstool, ECtool, nvramtool, superiotool)" url="https://libreboot.org/" arch=('x86_64' 'i686' 'armv7h') license=('GPL2') -makedepends=('pciutils') +makedepends=('pciutils' 'python3') _mirror="https://mirrors.mit.edu/libreboot" # use a mirror per libreboot's request source=("${_mirror}/testing/${_upstream_ver}/libreboot-${_upstream_ver}_src.tar.xz"{,.sig} @@ -85,6 +85,11 @@ build() { # Build cbmem. make -C cbmem + # Build me_cleaner. + cd me_cleaner + python3 setup.py build + cd .. + # Build nvramtool. make -C nvramtool @@ -140,6 +145,11 @@ package() { # Install cbmem. make -C cbmem install DESTDIR="${pkgdir}" PREFIX=/usr + # Install me_cleaner. + cd me_cleaner + python3 setup.py install --root="$pkgdir/" --optimize=1 + cd .. + # Install nvramtool. make -C nvramtool install DESTDIR="${pkgdir}" PREFIX=/usr