@Insurgo Huge fan of your work. Your endeavors are really inspiring.
That is since documented from Heads wiki, specifically and practically
on
Upgrading Heads | Heads - Wiki
The Heads https://osresearch.net/ documentation updates are great.
In my case, having flashed Heads awhile ago without unlocking the IFD, I
needed to externally reflash (both top and bottom) with maximized roms.
Both Upgrading Heads | Heads - Wiki and
Step 1 - Downloading Heads | Heads - Wiki
should help anyone similarly situated. Thanks!
When you can spare a few moments, and since we’re in a x230 AEM thread,
maybe this a good place to ask what you envision for the future of
io386, recovery shell authentication, and write-protect wrt Heads?
I was surprised when I first read
[$400 Bounty] Add write-protect support (half-working patch included) · Issue #185 · flashrom/flashrom · GitHub and
SPI flash BP3-0 bits are not set · Issue #12 · linuxboot/heads · GitHub
but excited by the prospect of
Introduce io386 to heads and use it to finalize chipset at runtime by persmule · Pull Request #326 · linuxboot/heads · GitHub with Disk Unlock Key as
fallback for GPG User PIN. Sounds to me, like a real security
improvement and differentiator for xx30. What do you think?
In
(incredibly helpful post btw) you wrote:
Long story short, as of today, current best coreboot native init
platform and user ownable, without FSP ME, that is those old 2012-2013
manufactured Ivy bridges are not yet exposing microcode-only fixable
vulnerabilities.
Really appreciate your research and analysis there. Just concerned if it
might indicate you’ve soured on the kgpe-d16’s prospects, but that’s
probably off topic. Last question, any news on the missing AR5BHB116 info?
Best regards…