Modify misleading ACM doc section of the wiki

Question

Modify misleading ACM doc section of the wiki

Closed this issue 2 years ago · 1 comments

https://matrix.to/#/!pAlHOfxQNPXOgFGTmo:matrix.org/$UAIdfkhhtYR47KGUz0bN-rnN6RmKmsAHLS-8ajHqF2k?via=matrix.org&via=nitro.chat&via=fairydust.space

https://osresearch.net/Keys/#management-engine-and-bootguard-acm-fuses states:

The x230 Thinkpads do not support bootguard and only the Librem laptops ship with unfused keys.

This misleading and untrue.

TXT is supported on Heads supported ThinkPads.
But ACM blobs are non-redistributable and would require xx30 and xx20 blobs-extract scripts to extract those blobs from proprietary firmware and then reinject them in the ROM after build time.

Reality is that no such documentation existed at the moment of writing that page, and lack of personal interest didn't lead me to them.

But that could change with community contributions, with boards that of course would not be CI built, and without roms being redistributable, unless proven otherwise.

Answer 1 · 2022-06-23T13:06:47.000Z

The x230 Thinkpads do not support bootguard and only the Librem laptops ship with unfused keys.

Is actually true.

Broadwell and up support TXT for SRTM (IBB measurement into PCR0 from BIOS ACM).

So the T440p being Haswell could have SRTM following blob extraction from CI, and Ivy and Haswell could have TXT, enabled by Sinit and BIOS ACMs.