diff options
| author | Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> | 2022-05-08 01:03:31 +0200 |
|---|---|---|
| committer | Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> | 2022-05-08 01:18:50 +0200 |
| commit | 98f89fb6211ed6bb4f866edc6b6977aaaee22f8a (patch) | |
| tree | c34ea9f08fa0801d78a86dfe5cd29cd993eae0bb /pcr | |
| parent | c9c928c960b5af6863b608e44b420017ade2cf00 (diff) | |
| download | abslibre-98f89fb6211ed6bb4f866edc6b6977aaaee22f8a.tar.gz abslibre-98f89fb6211ed6bb4f866edc6b6977aaaee22f8a.tar.bz2 abslibre-98f89fb6211ed6bb4f866edc6b6977aaaee22f8a.zip | |
libreboot-utils: Add me_cleaner
Recent (post 2006) Intel computers typically have a flash chip that
contains several partitions:
- A partition that contains a partition table, permission settings
for read/write access to these partitions. various configuration
settings like the flash chip speed, and so on.
- A partition for the BIOS that contains the BIOS, Coreboot, EFI,
Libreboot, UEFI, etc.
- A partition for the Management Engine firmware.
- A partition for some Gigabit Ethernet settings (the MAC address,
LEDs settings, etc).
- A partition named "Platform data" that probably contains some serial
numbers or other data on some computers.
The Management Engine firmware is signed, so its code cannot be
modified. However the Management Engine firmware also contains its own
partitioning scheme, and it's possible to remove some of its partitions
in a way that enable computers to still boot and function normally.
The me_cleaner utility can do that (so it still lives part of the
Management Engine code or Operating system).
The me_cleaner can also tell the Management Engine OS (with
--soft-disable), that once its booted, it should not try to load
additional applications.
In addition me_cleaner can also verify the Management Engine firmware
signatures.
Note that me_cleaner cannot be used to completely remove the
Management Engine firmware. To do that you need to use Libreboot
instead. Libreboot removes completely the Management Engine
firmware. However the method used by Libreboot only works with
computers with the Intel GM45 chipset.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Diffstat (limited to 'pcr')
| -rw-r--r-- | pcr/libreboot-utils/PKGBUILD | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/pcr/libreboot-utils/PKGBUILD b/pcr/libreboot-utils/PKGBUILD index 5482a7ef0..091263fa6 100644 --- a/pcr/libreboot-utils/PKGBUILD +++ b/pcr/libreboot-utils/PKGBUILD @@ -4,14 +4,14 @@ # Maintainers: Parabola hackers <dev@lists.parabola.nu> pkgname=libreboot-utils -pkgrel=10 +pkgrel=11 _upstream_ver=20211122 pkgver=4.15.libreboot${_upstream_ver} pkgdesc="Misc. Coreboot/Libreboot utils (bucts, cbfstool, ECtool, nvramtool, superiotool)" url="https://libreboot.org/" arch=('x86_64' 'i686' 'armv7h') license=('GPL2') -makedepends=('pciutils') +makedepends=('pciutils' 'python3') _mirror="https://mirrors.mit.edu/libreboot" # use a mirror per libreboot's request source=("${_mirror}/testing/${_upstream_ver}/libreboot-${_upstream_ver}_src.tar.xz"{,.sig} @@ -85,6 +85,11 @@ build() { # Build cbmem. make -C cbmem + # Build me_cleaner. + cd me_cleaner + python3 setup.py build + cd .. + # Build nvramtool. make -C nvramtool @@ -140,6 +145,11 @@ package() { # Install cbmem. make -C cbmem install DESTDIR="${pkgdir}" PREFIX=/usr + # Install me_cleaner. + cd me_cleaner + python3 setup.py install --root="$pkgdir/" --optimize=1 + cd .. + # Install nvramtool. make -C nvramtool install DESTDIR="${pkgdir}" PREFIX=/usr |