morris / abslibre

Forked from abslibre 2 years ago
Clone

98f89fb libreboot-utils: Add me_cleaner

Authored and Committed by Denis 'GNUtoo' Carikli 2 years ago
    libreboot-utils: Add me_cleaner
    
    Recent (post 2006) Intel computers typically have a flash chip that
    contains several partitions:
    - A partition that contains a partition table, permission settings
      for read/write access to these partitions. various configuration
      settings like the flash chip speed, and so on.
    
    - A partition for the BIOS that contains the BIOS, Coreboot, EFI,
      Libreboot, UEFI, etc.
    
    - A partition for the Management Engine firmware.
    
    - A partition for some Gigabit Ethernet settings (the MAC address,
      LEDs settings, etc).
    
    - A partition named "Platform data" that probably contains some serial
      numbers or other data on some computers.
    
    The Management Engine firmware is signed, so its code cannot be
    modified. However the Management Engine firmware also contains its own
    partitioning scheme, and it's possible to remove some of its partitions
    in a way that enable computers to still boot and function normally.
    
    The me_cleaner utility can do that (so it still lives part of the
    Management Engine code or Operating system).
    
    The me_cleaner can also tell the Management Engine OS (with
    --soft-disable), that once its booted, it should not try to load
    additional applications.
    
    In addition me_cleaner can also verify the Management Engine firmware
    signatures.
    
    Note that me_cleaner cannot be used to completely remove the
    Management Engine firmware. To do that you need to use Libreboot
    instead. Libreboot removes completely the Management Engine
    firmware. However the method used by Libreboot only works with
    computers with the Intel GM45 chipset.
    
    Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
    
        
file modified
+12 -2