cb/kabylake: don't hardcode power_on_after_fail

I realised that the Dell OptiPlex 3050 Micro has NVRAM available. Use that backend, and hardcode power_on_after_fail to Disable, which is already done in cmos.default. The Lenovo ThinkPad T480 currently has no option table in coreboot, besides the CBFS one. For this, the CBFS option table has been enabled, and the build system has been modified to insert a relevant config for power_on_after_fail. Nicholas Chin informs me that Kabylake generally has legacy NVRAM, so enabling it for the T480/T480s should work, but we'll need to use it in the future anyway; better to just use CBFS now. I *could* use the CBFS backend on 3050micro as well. Signed-off-by: Leah Rowe <leah@libreboot.org>
author: Leah Rowe <leah@libreboot.org> 2025-10-06 02:28:24 +0100
committer: Leah Rowe <leah@libreboot.org> 2025-10-06 04:03:36 +0100
commit: c716341c130b3746c0994af780f407f4fbd75004 (patch)
tree: a02abf7c5b7d69c16ddba67db591d289028ec2ab /config/coreboot/default/patches/0037-Subject-PATCH-1-1-Add-a-p-option-skip-FPTR-checks.patch
parent: b5ad829ffe9dfb9f5a32f4ac95159a35d2662877 (diff)
1 files changed, 76 insertions, 0 deletions
diff --git a/config/coreboot/default/patches/0037-Subject-PATCH-1-1-Add-a-p-option-skip-FPTR-checks.patch b/config/coreboot/default/patches/0037-Subject-PATCH-1-1-Add-a-p-option-skip-FPTR-checks.patch
new file mode 100644
index 00000000..8cff0c56
--- /dev/null
+++ b/config/coreboot/default/patches/0037-Subject-PATCH-1-1-Add-a-p-option-skip-FPTR-checks.patch
@@ -0,0 +1,76 @@
+From 8ab86ffd25fc013790c260e564c8b770c13a5342 Mon Sep 17 00:00:00 2001
+From: Leah Rowe <leah@libreboot.org>
+Date: Sun, 28 Sep 2025 03:17:50 +0100
+Subject: [PATCH 37/40] Subject: [PATCH 1/1] Add a -p option (skip FPTR checks)
+
+if you pass -k (keep fptr modules), don't use -r, don't
+use -t, you can essentially just use me_cleaner to
+extract a ME image without changing it. this is useful
+when for example, you just want to set the HAP bit.
+
+however, me_cleaner still performs a FPTR check.
+
+on some newer ME versions, it's always invalid according
+to me_cleaner, because for example it doesn't handle
+ME16 very well yet.
+
+this patch adds an option to override the FPTR check
+
+either pass -p or --pass-fptr
+
+NOTE: we probably won't use this on coreboot's me_cleaner,
+which is the corna version. we only need it on the newer
+me_cleaner versions for e.g. ME16, on certain setups.
+still, it's best to have the patch here too, just in case.
+
+Signed-off-by: Leah Rowe <leah@libreboot.org>
+---
+ util/me_cleaner/me_cleaner.py | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/util/me_cleaner/me_cleaner.py b/util/me_cleaner/me_cleaner.py
+index fae5e56732..228bac899f 100755
+--- a/util/me_cleaner/me_cleaner.py
++++ b/util/me_cleaner/me_cleaner.py
+@@ -246,8 +246,10 @@ def check_partition_signature(f, offset):
+     return "{:#x}".format(decrypted_sig).endswith(sha256.hexdigest())   # FIXME
+ 
+ 
+-def print_check_partition_signature(f, offset):
+-    if check_partition_signature(f, offset):
++def print_check_partition_signature(f, offset, pass_fptr):
++    if pass_fptr:
++        print("Skipping FPTR checks because the user told us to")
++    elif check_partition_signature(f, offset):
+         print("VALID")
+     else:
+         print("INVALID!!")
+@@ -486,6 +488,8 @@ if __name__ == "__main__":
+                         "--extract-me)", action="store_true")
+     parser.add_argument("-k", "--keep-modules", help="don't remove the FTPR "
+                         "modules, even when possible", action="store_true")
++    parser.add_argument("-p", "--pass-fptr", help="skip FTPR signature checks"
++                        "regardless of other operations", action="store_true")
+     bw_list.add_argument("-w", "--whitelist", metavar="whitelist",
+                          help="Comma separated list of additional partitions "
+                          "to keep in the final image. This can be used to "
+@@ -871,12 +875,14 @@ if __name__ == "__main__":
+             print("Checking the FTPR RSA signature of the extracted ME "
+                   "image... ", end="")
+             print_check_partition_signature(mef_copy,
+-                                            ftpr_offset + ftpr_mn2_offset)
++                                            ftpr_offset + ftpr_mn2_offset,
++                                                args.pass_fptr)
+         mef_copy.close()
+ 
+     if not me6_ignition:
+         print("Checking the FTPR RSA signature... ", end="")
+-        print_check_partition_signature(mef, ftpr_offset + ftpr_mn2_offset)
++        print_check_partition_signature(mef, ftpr_offset + ftpr_mn2_offset,
++                                                args.pass_fptr)
+ 
+     f.close()
+ 
+-- 
+2.47.3
+
author	Leah Rowe <leah@libreboot.org>	2025-10-06 02:28:24 +0100
committer	Leah Rowe <leah@libreboot.org>	2025-10-06 04:03:36 +0100
commit	c716341c130b3746c0994af780f407f4fbd75004 (patch)
tree	a02abf7c5b7d69c16ddba67db591d289028ec2ab /config/coreboot/default/patches/0037-Subject-PATCH-1-1-Add-a-p-option-skip-FPTR-checks.patch
parent	b5ad829ffe9dfb9f5a32f4ac95159a35d2662877 (diff)