corna / me_cleaner

Tool for partial deblobbing of Intel ME/TXE firmware images

GNU General Public License v3.0

4.49k stars 278 forks source link

Fix flash descriptor permissions #155

Closed c0d3z3r0 closed 6 years ago

c0d3z3r0 commented 6 years ago

ME read access on the flash descriptor is (at least on some systems) needed to complete boot process.

(Please check byte order for ME<v11. Not sure if it is correct...)

154

corna commented 6 years ago

ME < 11 works well with the current permissions, no need to relax them Good job finding and fixing the bug

c0d3z3r0 commented 6 years ago

is there any "documentation" about required permissions you know or was it just trial&error?

corna commented 6 years ago

Trial & error. The only reference I have is the "SPI programming guide (7 series)", where Intel recommends to give ME read access to descriptor, ME and GbE and write access to ME and GbE (but that's for Panther Point). That set of permissions (for ME < 11) is in me_cleaner since the beginnings, so it has been widely tested.

c0d3z3r0 commented 6 years ago

Ok, my patch now only changes ME11 permissions

platomav commented 6 years ago

Intel recommended values for Engine region:

CSME 11: W 0x004, R 0x00D
CSTXE 3: W 0x024, R 0x027
Pre-CSE: W 0x0C, R 0x0D

corna commented 6 years ago

Thanks!