search

corna / me_cleaner

Tool for partial deblobbing of Intel ME/TXE firmware images
GNU General Public License v3.0
4.43k stars 275 forks source link

A few questions about linux kernel config #316

Open morfikov opened 4 years ago

morfikov commented 4 years ago

I own a 10y laptop, which has a P6100 processor. I haven't done anything to it because I don't get a few things.

Here's the output of intelmetool tool :

# ./intelmetool --me
Bad news, you have a `HM55 Chipset LPC Interface Controller` so you have ME hardware on board and you can't control or disable it, continuing...

MEI found: [8086:3b64] 5 Series/3400 Series Chipset HECI Controller

ME Status   : 0x245
ME Status 2 : 0x69000000

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : YES
ME: Manufacturing Mode      : NO
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Normal
ME: Current Operation State : M0 with UMA
ME: Current Operation Mode  : Normal
ME: Error Code              : No Error
ME: Progress Phase          : Host Communication
ME: Power Management Event  : Non-power cycle reset
ME: Progress Phase State    : Host communication established

ME: Extend SHA-256: 7c2166aa0f3c77f5b6f722166200effd9981c5dd607449de8d16e31847fe2559

ME: timeout waiting for data: expected 8, available 0
ME: GET FW VERSION message failed

It says that the machine has HM55 Chipset LPC Interface Controller and that MEI found: [8086:3b64] 5 Series/3400 Series Chipset HECI Controller .

According to the lscpi output, it's:

00:16.0 Communication controller: Intel Corporation 5 Series/3400 Series Chipset HECI Controller (rev 06)
    Subsystem: Hewlett-Packard Company 5 Series/3400 Series Chipset HECI Controller
    Flags: bus master, fast devsel, latency 0, IRQ 29
    Memory at b4404000 (64-bit, non-prefetchable) [size=16]
    Capabilities: [50] Power Management version 3
    Capabilities: [8c] MSI: Enable+ Count=1/1 Maskable- 64bit+
    Kernel driver in use: mei_me
    Kernel modules: mei_me

and:

00:1f.0 ISA bridge: Intel Corporation HM55 Chipset LPC Interface Controller (rev 05)
    Subsystem: Hewlett-Packard Company HM55 Chipset LPC Interface Controller
    Flags: bus master, medium devsel, latency 0
    Capabilities: [e0] Vendor Specific Information: Len=10 <?>
    Kernel driver in use: lpc_ich
    Kernel modules: lpc_ich

So the hardware use lpc_ich and mei_me kernel modules. and here's the first question -- what would happen if I removed the modules from the kernel? I've built the kernel with the following options unset: 

CONFIG_INTEL_MEI
CONFIG_INTEL_MEI_ME
CONFIG_INTEL_MEI_TXE
CONFIG_LPC_ICH

I don't have any /dev/mei device, and I don't think the hardware use any kernel modules now. So here's the second question: is there any security/privacy benefit from preventing the modules to be loaded? So far it looks like the machine works well. I also haven't seen any errors during boot.

The next question is about the last lines in intelmetool output, which was:

ME: timeout waiting for data: expected 8, available 0
ME: GET FW VERSION message failed

When I booted my system without iomem=relaxed, it said to do it. When I booted it with this parameter set, I got what you see above. What does it mean? Should there be some other info? Is it bad? Is there a way to get what it should print?

And the last question concerns the flashrom tool. The flashrom -L command should "list the flash chips, chipsets, mainboards, and external programmers (including PCI, USB, parallel port, and serial port based devices) supported by flashrom.", but when I check whether the chip in question is supported, I get the following line:

# flashrom -L | grep -i HM55
Intel    HM55                           8086:3b09  Config-dependent

So how to interpret this line? Also the numbers are slightly different (8086:3b64).