Leah Rowe
parent
fb428da88a
commit
c4d4e5c8f4
|
|
@ -1,3 +1,4 @@
|
|||
x201.md
|
||||
hp820g2.md
|
||||
audit4.md
|
||||
10.md
|
||||
|
|
|
|||
|
|
@ -0,0 +1,31 @@
|
|||
% ThinkPad X201 removed from Libreboot
|
||||
% Leah Rowe
|
||||
% 12 January 2024
|
||||
|
||||
Builds have also been removed from rsync, and build logic has been
|
||||
removed from lbmk. It was discovered that fan controls fail on this
|
||||
mainboard, when you use a neutered Intel ME image. This issue seems
|
||||
to only affect these older arrandale machines; the issue was discovered
|
||||
on X201 but probably affects the thinkpad T410, and other mobile
|
||||
arrandale machines.
|
||||
|
||||
This issue does *not* affect the newer platforms, only arrandale / ibex
|
||||
peak machines such as the ThinkPad X201.
|
||||
|
||||
You are advised *not* to use Libreboot, on this platform. Use of coreboot
|
||||
is still possible, but you must use the full Intel ME image on it. As
|
||||
such, we will therefore not support it in Libreboot anymore. It is the
|
||||
policy of the Libreboot project to *only* provide no-ME configuration,
|
||||
or *neutered* ME configuration
|
||||
using [me_cleaner](https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F).
|
||||
|
||||
You are advised to simply use another machine. The arrandale machines are now
|
||||
considered *broken* (in a coreboot context) by the Libreboot project, and
|
||||
they will not be supported by Libreboot - unless further testing is done,
|
||||
and this issue is fixed. This removal has been done urgently, out of concern
|
||||
for the safety of users.
|
||||
|
||||
The removal patch is here:
|
||||
<https://browse.libreboot.org/lbmk.git/commit/?id=09bed9a4c3257dbf9b4d59975db0071472ed67eb>
|
||||
|
||||
That is all.
|
||||
|
|
@ -1025,45 +1025,6 @@ See: <https://github.com/corna/me_cleaner/issues/3>
|
|||
It's a good reference, though far from complete. People post there saying
|
||||
whether their hardware works with `me_cleaner`.
|
||||
|
||||
Test thermal safety on Lenovo X201
|
||||
==================================
|
||||
|
||||
A user reported that the machines get quite hot. Could just be bad
|
||||
cooling, on the machines that the the user reported. Anyway, test it under
|
||||
these conditions:
|
||||
|
||||
* Coldboot on factory BIOS
|
||||
* S3 resume on factory BIOS
|
||||
* Cold boot on Libreboot
|
||||
* S3 resume on Libreboot
|
||||
|
||||
Test all of the above cases *with* the full Intel ME firmware, first. *Then*,
|
||||
re-run both tests (coldboot and S3 resume) on Libreboot, but with the neutered
|
||||
ME firmware. This will require a custom ROM with a non-truncated ME region, and
|
||||
the smaller BIOS region, because lbmk currently only provides the truncated
|
||||
setup. Truncation shouldn't affect anything, but a non-neutered ME will not be
|
||||
truncated.
|
||||
|
||||
Compare the results. Monitor temperatures. Do all of this during a stress
|
||||
test (`stress -c 2`) while monitoring temperatures in the `sensors` utility,
|
||||
or use xsensors. Check what the maximum temperature is.
|
||||
|
||||
Then: on each of the above tests, *disconnect* the fan, but leave the stress
|
||||
test running. With the fan no longer receiving power, the system temperature
|
||||
will continue rising. On any given system, an automatic shutoff will occur,
|
||||
turning the system *off* abruptly (there isn't even a shutdown sequence in
|
||||
the OS, the machine will just lose all power and turn *off* completely). *This*
|
||||
is what must be tested. We *must* confirm that this works, or remove the port.
|
||||
|
||||
No such reports have ever been made, on any other systems supported by
|
||||
Libreboot - only the ThinkPad X201, and only anecdotal. It has not yet been
|
||||
fully tested.
|
||||
|
||||
Also literally feel the machine, and look at it. According to some users, the
|
||||
machine gets hotter when a neutered ME is in use. Depending on the results, it
|
||||
may be wise to *remove* this port from lbmk, so as to not further encourage
|
||||
its use. My own one seemed fine in testing, however, when I added it to lbmk.
|
||||
|
||||
Overclocking
|
||||
============
|
||||
|
||||
|
|
@ -1721,18 +1682,6 @@ This looks interesting. It seems on some arrandale machines it's actually
|
|||
possible to completely disable the ME (remove it from the nor flash),
|
||||
with "almost no ill effects" according to the OP on that issue page.
|
||||
|
||||
me6updateparser
|
||||
===============
|
||||
|
||||
We have me7updateparser, imported from the Heads project. It is used to
|
||||
re-construct full intel ME firmware from the partial firmware update provided
|
||||
in Lenovo X220 update files.
|
||||
|
||||
We do not have ME auto-download on ThinkPad X201 (ME6). If we run it on those
|
||||
updates, it has the same problem: it is a partial ME update. We need to
|
||||
reconstruct the ME6 firmware, in the same way. The current me7updateparser is
|
||||
not suitable for ME6.
|
||||
|
||||
FAQ: cover USB fuzzing attacks
|
||||
==============================
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue