e38f85915f
Relevant changes (commit 250b2ec):
* Fix a bug for ME6 Ignition images.
* Fix signature checking for ME11 and later.
* Add command line arguments.
* Add an option to relocate the FTPR partition to the top of the
ME region, recovering most of the ME region space.
* Print the image minimum size.
* Add write boundary checks, to prevent writes on other regions
in case of bugs.
The new changes have been tested on multiple platforms by the
me_cleaner users. They have been tested also on the author's
X220T with coreboot, where the ME region has been shrinked up to
84 kB without any issue.
Change-Id: I3bd6b4cba9f5eebc3cd4892dd9f188744a06c42b
Signed-off-by: Nicola Corna <nicola@corna.info>
Reviewed-on: https://review.coreboot.org/18473
Tested-by: build bot (Jenkins)
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
ME cleaner
A cleaner for Intel ME/TXE images.
This tools removes any unnecessary partition from an Intel ME/TXE firmware, reducing its size and its ability to interact with the system. It should work both with coreboot and with the factory firmware.
Currently this tool:
- Scans the FPT (partition table) and checks that everything is correct
- Removes any partition entry (except for FTPR) from FPT
- Removes any partition except for the fundamental one (FTPR)
- Removes the EFFS presence flag
- Corrects the FPT checksum
- Removes any non-essential LZMA or Huffman compressed module from the FTPR partition (pre-Skylake only)
- Relocates the remaining parts of the FTPR partition to the top of the ME region (pre-Skylake only)
- Checks the validity of the RSA signature of the FTPR partition
Don't forget to power cycle your PC after flashing the modified ME/TXE image (power off and power on, not just reboot).
See the current status or a more detailed description of me_cleaner.
Special thanks to Federico Amedeo Izzo for his help during the study of Intel ME.