sravan/system76-firmware-open
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs: Move Intel ME note to separate file

Browse Source
This commit is contained in:
Tim Crawford
2020-08-07 12:47:39 -06:00
committed by Jeremy Soller
parent 43af66c388
commit aa482271fd
3 changed files with 16 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@@ -50,16 +50,6 @@ source ~/.cargo/env
./scripts/qemu.sh
```
## Intel Management Engine
The IME is present, but disabled. This is accomplished by [sending a HECI
command on boot][heci_disable], before RAM is initalized. This puts the IME in
a state similar to setting the HAP bit on earlier platforms. [me_cleaner] is
not used as it does not support IME version 14.0.
[heci_disable]: https://github.com/system76/coreboot/blob/f3ba5937e778105cb7e75de9a1d4adf54ea825e5/src/soc/intel/cannonlake/me.c#L186
[me_cleaner]:https://github.com/corna/me_cleaner
## Contents
- [apps](./apps) - Applications

10
README.md.in
View File

@@ -49,13 +49,3 @@ source ~/.cargo/env
```
./scripts/qemu.sh
```
## Intel Management Engine
The IME is present, but disabled. This is accomplished by [sending a HECI
command on boot][heci_disable], before RAM is initalized. This puts the IME in
a state similar to setting the HAP bit on earlier platforms. [me_cleaner] is
not used as it does not support IME version 14.0.
[heci_disable]: https://github.com/system76/coreboot/blob/f3ba5937e778105cb7e75de9a1d4adf54ea825e5/src/soc/intel/cannonlake/me.c#L186
[me_cleaner]:https://github.com/corna/me_cleaner

16
docs/intel-me.md Normal file
View File

@@ -0,0 +1,16 @@
# Intel Management Engine
Intel-based machines by System76 come with the [Intel Management Engine][wiki]
disabled. It is a proprietary, mostly undocumented, system that provides many
extraneous features that are generally not usable or useful to our users, with
multiple known vulnerabilities that compromise the entire system.
The Intel ME is _required_ (since Nehalem, 2008), so cannot be removed. The
[me\_cleaner] project is able to remove non-essential components, but currently
does not support the ME version used on many of our systems. Instead, we [send
a HECI command][heci_disable] to tell the Intel ME to disable runtime
components during early boot.
[wiki]: https://en.wikipedia.org/wiki/Intel_Management_Engine
[me\_cleaner]: https://github.com/corna/me_cleaner
[heci_disable]: https://github.com/system76/coreboot/blob/011439cb9196d6a71d394ead8c98dfd8ead325d4/src/soc/intel/cannonlake/me.c#L186