-
-
Notifications
You must be signed in to change notification settings - Fork 187
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix X220 and T420 CBFS sizes #693
Conversation
Add some room in the CBFS to actually save GPG keys, as well as have room to add libremkey support.
@SebastianMcMillan @eganonoa #568 (comment) Once again. Most recent Lenovo BIOS update(which one) needs to be applied (and documented), providing consistent original Intel ME, needs to present to extract consistent blobs and offer the same IFD/CBFS defined regions. The guideline referred here in link is in goal of having consistent upgradeable CBFS regions (required to flash internally, which means only reflashing the BIOS section determined by coreboot in CBFS configuration section of coreboot config which needs to match IFD descriptor in blob). If we go with a first, required, externally flashed Heads build, containing well carved and consistent CBFS region, containing modified IFD description (expended) and neutered+deactivated ME (reduced maximally), then Heads provided board flash command could be modified in next ROM upgrade to flash whole ROM images, not only --ifd --image bios region. That would permit maximal available and usable space for all Heads needs for a specific board, in a reproducible manner (through #307 acceptance of plan.) We need to figure out a way out of this: Leave generic boards alone which not require external reflashing and create new ones requiring more space and requiring external reflashing and coument actual boards properly, stating that they fit not modified IFD/ME? I personally think this is the way to go. Else we leave users having followed past users having followed actual blobs/platforms/scripts foobar, since they will try to flash a CBFS region that won't have enough space to fit newer Heads versions, to address @merge concern here. Else, we are stuck at using original boards consistent CBFS sizes that match ifd original descriptor size without ME neutered, requiring CBFS regions to match non-neutered ME. Hope I made this point clear this time. This same situation will be valid for all Ivy/Sandy bridges without mrc, fsp and fully neutered Intel ME (no syslib, no kernel in ME), while to a wider extent, to all existing and future coreboot Intel board inclusion (and probably AMD too, we'll see) in Heads with less freeable space in ME and less available space in Coreboot since relying on more required blobs to be present for initialization of hardware. All those concerns should probably be in another ticket. I'll cherrypick those later on. |
@tlaurion Re the bios, I was using a modified version of UEFI 1.46 and ECP 1.24. 1.46 is the latest Bios for the x220 (27 Jun 2018) and will have no further updates and the modified bios simply unlocks the advanced menu. This is surely not all that different to folks on the x230 updating to the latest no-rollback bios and then applying the Hamish Coleman modifications that get rid of battery and keyboard whitelists (https://github.com/hamishcoleman/thinkpad-ec). Indeed doings this is recommended in the original OS Research guide as I understand it. So I think you can comfortably move forward with the understanding that the latest Bios is the one to use.
@SebastianMcMillan I can confirm that with 0x750000 CBFS size the GPG keys save in non-Libremkey mode and the Libremkey builds and works perfectly in the Libremkey mode with the GPG keys saving. Again, I initially extracted and built off of the modified version of the latest Bios for the x220, which unlocks the advanced menu.
|
@SebastianMcMillan @eganonoa : See #690 (comment) |
@tlaurion you able to review this and merge the changes? My X220 and T420 were both on latest stock firmwares and this the size in this PR are as high as they can go for now. Further work will need to be done to maximize the space of these systems, but that'll be a ways away, and as of right now they don't even function in master, so this is better than nothing. |
Add some room in the CBFS to actually save GPG keys, as well as have room to add libremkey support on libremkey-enabled builds. As of right now, they cannot save GPG keys due to the lack of space. Addresses #690.
We cannot simply revert the sizes due to the 50 second delay being seemingly related to the CBFS size being too large.
The values provided here do work on my T420 and X220, do not cause said delay, and will enable GPG keys being saved as well as libremkey support presumably working on libremkey-enabled builds (someone with one needs to test to confirm it, I get all the prompts and such, I just don't have a libremkey to test if behavior is as expected).