Introduce io386 to heads and use it to finalize chipset at runtime

[persmule]

On some newer platforms of intel (confirmed on nehalem, sandy/ivy
bridge), coreboot after commit 2ac149d294af795710eb4bb20f093e9920604abd
registers an SMI to lockdown some registers on the chipset, as well
as access to the SPI flash, optionally. The SMI will always be triggered
by coreboot during S3 resume, but can be triggered by either coreboot
or the payload during normal boot path.

Enabling lockdown access to SPI flash will effectly write-protect it,
but there is no runtime option for coreboot to control it, so letting
coreboot to trigger such SMI will leave the owner of the machine lost
any possibility to program the SPI flash with its own OS, and becomes
a nightmare if the machine is uneasy to disassemble, so a scheme could
be implement, in which the SMI to lockdown chipset and SPI flash is left
for a payload to trigger, and temporarily disabling such triggering in
order to program the SPI flash needs authentication.

I have implemented a passcode-protected runtime-disableable lockdown
with grub, described here. In order to implement a similar scheme for
Heads, I wrote io386.

With this commit, io386 will be called before entering boot routine
to trigger the SMI to finalize the chipset and write protect the SPI
flash at the same time. Entering recovery shell will leave the flash
writable.

(The authentication routine implemented in previous revisions has been
split as an independent commit.)

[osresearch]

This seems like a generally useful sort of tool. What do you think about merging the io386 and flashtools trees? They have some overlap (flashtools provides peek and poke to do raw memory, for instance), so adding inb/outb/ioperm etc seems like a natural extension of those tools.

[persmule]

I follow the Unix philosophy to do one thing and do it well. Your flashtools is a simplified flashrom, while hardenedlinux's io386 is a tool dedicated for I/O operations. I do not believe that they should be merged.

[merge]

Thanks for writing this! I guess we'll need something like this sooner or later. Could you link to datasheets or docs you used? Where does 0x2b and 0xcb come from? What exactly does coreboot's LOCK_SPI_FLASH_RO differently or not? thanks!

ps. IMO it would make sense to add io386 or something similar to the flashtools repo.

[persmule]

@merge

Could you link to datasheets or docs you used?

I did these by imitating what coreboot does.

Where does 0x2b and 0xcb come from?

They are inside src/include/cpu/x86/smm.h of coreboot source tree. You can see #define APM_CNT 0xb2 and #define APM_CNT_FINALIZE 0xcb, and know how coreboot uses these by grepping them.

What exactly does coreboot's LOCK_SPI_FLASH_RO differently or not?

Setting LOCK_SPI_FLASH_RO will lock the SPI flash BEFORE any payload is called, so one have no way even to disable the locking temporarily at runtime (but locking done with grub or heads can be disabled at runtime allowing the owner to (re) program the SPI flash in-system, and one can write codes for authentication to protect it from unauthorized access). On platforms whose SPI flash is hard to access (e.g. accessing the flash needs to tear down the whole machine), setting an SPI lock impossible to disable at runtime will be a nightmare to update their firmware.

[merge]

@merge

Could you link to datasheets or docs you used?

I did these by imitating what coreboot does.

Where does 0x2b and 0xcb come from?

They are inside src/include/cpu/x86/smm.h of coreboot source tree. You can see #define APM_CNT 0xb2 and #define APM_CNT_FINALIZE 0xcb, and know how coreboot uses these by grepping them.

good. thanks.

What exactly does coreboot's LOCK_SPI_FLASH_RO differently or not?

Setting LOCK_SPI_FLASH_RO will lock the SPI flash BEFORE any payload is called, so one have no way even to disable the locking temporarily at runtime (but locking done with grub or heads can be disabled at runtime allowing the owner to (re) program the SPI flash in-system, and one can write codes for authentication to protect it from unauthorized access).

what do you mean by "locking in heads (using io386?) can be disabled at runtime"? That seems different to what coreboot does(?). I guess what we need is a irrevesable one-time write-protection that is off at power-on. maybe I got you wrong though..

On platforms whose SPI flash is hard to access (e.g. accessing the flash needs to tear down the whole machine), setting an SPI lock impossible to disable at runtime will be a nightmare to update their firmware.

We configure coreboot not to "finalize"/"write-protect" the SPI flash and do it ourselves, (at least) just before we kexec away on disc. That way we have all our flashrom upgrade functions in Heads available, and no need to disassemble, right?

[persmule]

what do you mean by "locking in heads (using io386?) can be disabled at runtime"? That seems different to what coreboot does(?). I guess what we need is a irrevesable one-time write-protection that is off at power-on. maybe I got you wrong though..

It is the same as what coreboot does, and locking in heads (using io386?) can indeed be disabled at runtime by not to call the io386 itself, as long as the wrapping scripts allows it.

We configure coreboot not to "finalize"/"write-protect" the SPI flash and do it ourselves, (at least) just before we kexec away on disc.

That at least is a way to make things easier.

That way we have all our flashrom upgrade functions in Heads available, and no need to disassemble, right?

It is a policy, not a mechanism, while leaving the flash temporarily unlocked is a mechanism. With it, the owner can choose to kexec into the OS ,or even chroot to the rootfs on disk to update the firmware, not limited to your "flashrom upgrade functions in Heads" stuff.

[merge]

thanks. yes, that's policy, and I think we can leave that an open issue in Heads. Denying anything else than Heads (still the user) to write, helps and is a good start.

TPM measurements won't succeed after changes in flash anyways, and we can come up with more, later.

[merge]

Did a first test of this by just calling lock_chip somewhere in the (gui) menu before I boot, but nothing really changed: I could reprogram the flash (flashrom -p internal) just like before. has anyone else tested this?

[persmule]

@merge
Please tell us on which hardware and software environment you did your first test.

[merge]

@merge
Please tell us on which hardware and software environment you did your first test.

on the X230. I run Heads' master branch ( a few commits back ) plus #568 which is only a coreboot bump from 4.8 to 4.11. How do you test this? thanks

[tlaurion]

@persmule ?

[persmule]

@merge
The SPI flash locking mechanism is rewritten in coreboot after 78feacc44057916161365d079ae92aa0baa679f8, in which "what to be locked" and "how to perform locking" should also be configured with flags defined in src/security/lockdown/Kconfig, otherwise none flash region is locked by default.

These settings does not take effect until the SMI is triggered via outb(0x2b, 0xcb), either by coreboot itself (if INTEL_CHIPSET_LOCKDOWN=y) or by later stages.

[ln2max]

@merge
The SPI flash locking mechanism is rewritten in coreboot after 78feacc44057916161365d079ae92aa0baa679f8, in which "what to be locked" and "how to perform locking" should also be configured with flags defined in src/security/lockdown/Kconfig, otherwise none flash region is locked by default.

Is this something which could be repurposed to add more general write-protect support to Flashrom?

[tlaurion]

@persmule @merge @osresearch

EDIT: tested and works!

Changes to streamline this PR (and make it effective into both generic-init and gui-init with reduced required changes and maintenance in future):

• Removal of changes in generic-init.
  • usb-init and kexec-select-boot and all other heads boot methods are at the end calling kexec-boot to kexec. So lockdown happens only there (removed other occurences under generic-init)
• Coreboot CONFIG_BOOTMEDIA_LOCK_CONTROLLER is set, while CONFIG_INTEL_CHIPSET_LOCKDOWN is not.
• x230-hotp-maximized board config adds the required config option CONFIG_IO386

Here is the patch on top of #1015 (will test later):

diff --git a/boards/x230-hotp-maximized/x230-hotp-maximized.config b/boards/x230-hotp-maximized/x230-hotp-maximized.config
index 7fe317d..2b60112 100644
--- a/boards/x230-hotp-maximized/x230-hotp-maximized.config
+++ b/boards/x230-hotp-maximized/x230-hotp-maximized.config
@@ -26,6 +26,7 @@ CONFIG_UTIL_LINUX=y
 CONFIG_LVM2=y
 CONFIG_MBEDTLS=y
 CONFIG_PCIUTILS=y
+CONFIG_IO386=y
 
 #Remote attestation support
 #TPM based requirements
diff --git a/config/coreboot-x230-hotp-maximized.config b/config/coreboot-x230-hotp-maximized.config
index e5f0e43..86417a5 100644
--- a/config/coreboot-x230-hotp-maximized.config
+++ b/config/coreboot-x230-hotp-maximized.config
@@ -9,11 +9,13 @@ CONFIG_HAVE_IFD_BIN=y
 CONFIG_BOARD_LENOVO_X230=y
 CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
 CONFIG_UART_PCI_ADDR=0
+# CONFIG_INTEL_CHIPSET_LOCKDOWN is not set
 CONFIG_HAVE_ME_BIN=y
 CONFIG_HAVE_GBE_BIN=y
 CONFIG_NO_GFX_INIT=y
 CONFIG_DRIVERS_PS2_KEYBOARD=y
 CONFIG_TPM_MEASURED_BOOT=y
+CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y
 CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000
 CONFIG_PAYLOAD_LINUX=y
 CONFIG_PAYLOAD_FILE="../../build/x230-hotp-maximized/bzImage"
diff --git a/initrd/bin/generic-init b/initrd/bin/generic-init
index 8471c9a..fa91642 100755
--- a/initrd/bin/generic-init
+++ b/initrd/bin/generic-init
@@ -40,18 +40,12 @@ while true; do
 	fi
 
 	if [ "$totp_confirm" = "u" ]; then
-		if [ "$CONFIG_IO386" = y ]; then
-			lock_chip
-		fi
 		exec /bin/usb-init
 		continue
 	fi
 
 	if [ "$totp_confirm" = "m" ]; then
 		# Try to select a kernel from the menu
-		if [ "$CONFIG_IO386" = y ]; then
-			lock_chip
-		fi
 		mount_boot
 		kexec-select-boot -m -b /boot -c "grub.cfg"
 		continue
@@ -59,9 +53,6 @@ while true; do
 
 	if [ "$totp_confirm" = "y" -o -n "$totp_confirm" ]; then
 		# Try to boot the default
-		if [ "$CONFIG_IO386" = y ]; then
-			lock_chip
-		fi
 		mount_boot
 		kexec-select-boot -b /boot -c "grub.cfg" \
 		|| recovery "Failed default boot"
diff --git a/initrd/bin/kexec-boot b/initrd/bin/kexec-boot
index fb9e9ed..ccd6be1 100755
--- a/initrd/bin/kexec-boot
+++ b/initrd/bin/kexec-boot
@@ -127,6 +127,10 @@ fi
 
 if [ "$dryrun" = "y" ]; then exit 0; fi
 
+if [ "$CONFIG_IO386" = y ]; then
+	lock_chip
+fi
+
 echo "Loading the new kernel:"
 echo "$kexeccmd"
 eval "$kexeccmd" \

@MrChromebox : this was one of the blocker to #836, which if combined with a proper authentication prior of accessing recovery shell, could be merged.

tlaurion@3343f8d PoC for x230-hotp-maximized shows that only Heads would be able to flash ROM.

The other one being a proper recovery shell authentication mechanism #881's implementation, which #361 implements correctly but leaves the user locked out if his public key expired. Discussion: #881 (comment)

[MrChromebox]

@tlaurion I like where this is going, and a quick perusal of coreboot's code seems to indicate this should work properly on newer platforms as well. So we just need to figure out the Recovery Shell piece

[tlaurion]

@MrChromebox tagged you under #881

[MrChromebox]

@tlaurion CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y will have coreboot lock things down in ramstage, before Heads loads, preventing Heads from updating itself, saving config/keys, etc

[tlaurion]

@MrChromebox
CONFIG_INTEL_CHIPSET_LOCKDOWN=y would lock in coreboot. Having it undefined makes the payload responsible to finish lockdown, which is what io386 does here.

You can test functionality easily from recovery by:
flash-gui.sh
(Flash rom. Success)

. /etc/functions
lock_chip
flash-gui.sh
(Flash rom. Fails)

Having it undefined lets the payload responsible to lock it, which is what io386 does here.

Unless you say that the behavior changed in coreboot 4.14+ from your tests?

[MrChromebox]

I'm saying you don't want CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y as that will lock the chip in ramstage regardless of CONFIG_INTEL_CHIPSET_LOCKDOWN being set or not

[tlaurion]

@MrChromebox so basically, just having lockdown not set should do it. 4.15 locks it by default. Will retest

[tlaurion]

@MrChromebox: rempoving CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y and calling

. /etc/functions
lock_chip
flash.sh new.rom

succeeds.

On 4.13 CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y is required.
Adding it doesn't lock platform in in ramstage nor romstage.

Calling lock_chip is locking it.

user@heads-x230:~/heads$ git diff tlaurion-github/maximized_boards-coreboot-4_13
diff --git a/Makefile b/Makefile
index 4073aa1..9e51476 100644
--- a/Makefile
+++ b/Makefile
@@ -500,6 +500,7 @@ bin_modules-$(CONFIG_LVM2) += lvm2
 bin_modules-$(CONFIG_DROPBEAR) += dropbear
 bin_modules-$(CONFIG_FLASHTOOLS) += flashtools
 bin_modules-$(CONFIG_NEWT) += newt
+bin_modules-$(CONFIG_IO386) += io386
 bin_modules-$(CONFIG_CAIRO) += cairo
 bin_modules-$(CONFIG_FBWHIPTAIL) += fbwhiptail
 bin_modules-$(CONFIG_HOTPKEY) += hotp-verification
diff --git a/boards/x230-hotp-maximized/x230-hotp-maximized.config b/boards/x230-hotp-maximized/x230-hotp-maximized.config
index 7fe317d..2b60112 100644
--- a/boards/x230-hotp-maximized/x230-hotp-maximized.config
+++ b/boards/x230-hotp-maximized/x230-hotp-maximized.config
@@ -26,6 +26,7 @@ CONFIG_UTIL_LINUX=y
 CONFIG_LVM2=y
 CONFIG_MBEDTLS=y
 CONFIG_PCIUTILS=y
+CONFIG_IO386=y
 
 #Remote attestation support
 #TPM based requirements
diff --git a/config/coreboot-x230-hotp-maximized.config b/config/coreboot-x230-hotp-maximized.config
index e5f0e43..86417a5 100644
--- a/config/coreboot-x230-hotp-maximized.config
+++ b/config/coreboot-x230-hotp-maximized.config
@@ -9,11 +9,13 @@ CONFIG_HAVE_IFD_BIN=y
 CONFIG_BOARD_LENOVO_X230=y
 CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
 CONFIG_UART_PCI_ADDR=0
+# CONFIG_INTEL_CHIPSET_LOCKDOWN is not set
 CONFIG_HAVE_ME_BIN=y
 CONFIG_HAVE_GBE_BIN=y
 CONFIG_NO_GFX_INIT=y
 CONFIG_DRIVERS_PS2_KEYBOARD=y
 CONFIG_TPM_MEASURED_BOOT=y
+CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y
 CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000
 CONFIG_PAYLOAD_LINUX=y
 CONFIG_PAYLOAD_FILE="../../build/x230-hotp-maximized/bzImage"
diff --git a/initrd/bin/generic-init b/initrd/bin/generic-init
index b63b0a0..fa91642 100755
--- a/initrd/bin/generic-init
+++ b/initrd/bin/generic-init
@@ -58,6 +58,8 @@ while true; do
                || recovery "Failed default boot"
        fi
 
+
+
 done
 
 recovery "Something failed during boot"
diff --git a/initrd/bin/kexec-boot b/initrd/bin/kexec-boot
index fb9e9ed..ccd6be1 100755
--- a/initrd/bin/kexec-boot
+++ b/initrd/bin/kexec-boot
@@ -127,6 +127,10 @@ fi
 
 if [ "$dryrun" = "y" ]; then exit 0; fi
 
+if [ "$CONFIG_IO386" = y ]; then
+       lock_chip
+fi
+
 echo "Loading the new kernel:"
 echo "$kexeccmd"
 eval "$kexeccmd" \
diff --git a/initrd/etc/functions b/initrd/etc/functions
index bc84840..7deab64 100755
--- a/initrd/etc/functions
+++ b/initrd/etc/functions
@@ -10,6 +10,13 @@ warn() {
        echo >&2 "$*";
 }
 
+lock_chip() {
+       APM_CNT=0xb2
+       FIN_CODE=0xcb
+       echo "Finalizing chipset"
+       io386 -o b -b x $APM_CNT $FIN_CODE
+}
+
 CONFIG_LVM2=y
 CONFIG_MBEDTLS=y
 CONFIG_PCIUTILS=y
+CONFIG_IO386=y
 
 #Remote attestation support
 #TPM based requirements
diff --git a/config/coreboot-x230-hotp-maximized.config b/config/coreboot-x230-hotp-maximized.config
index e5f0e43..86417a5 100644
--- a/config/coreboot-x230-hotp-maximized.config
+++ b/config/coreboot-x230-hotp-maximized.config
@@ -9,11 +9,13 @@ CONFIG_HAVE_IFD_BIN=y
 CONFIG_BOARD_LENOVO_X230=y
 CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
 CONFIG_UART_PCI_ADDR=0
+# CONFIG_INTEL_CHIPSET_LOCKDOWN is not set
 CONFIG_HAVE_ME_BIN=y
 CONFIG_HAVE_GBE_BIN=y
 CONFIG_NO_GFX_INIT=y
 CONFIG_DRIVERS_PS2_KEYBOARD=y
 CONFIG_TPM_MEASURED_BOOT=y
+CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y
 CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000
 CONFIG_PAYLOAD_LINUX=y
 CONFIG_PAYLOAD_FILE="../../build/x230-hotp-maximized/bzImage"
diff --git a/initrd/bin/generic-init b/initrd/bin/generic-init
index b63b0a0..fa91642 100755
--- a/initrd/bin/generic-init
+++ b/initrd/bin/generic-init
@@ -58,6 +58,8 @@ while true; do
                || recovery "Failed default boot"
        fi
 
+
+
 done

Can try to test newer coreboot versions....

[MrChromebox]

@tlaurion what version of coreboot are you testing against? in 4.14+, BOOTMEDIA_LOCK_CONTROLLER is used in boot_device_security_lockdown() in lockdown.c, which is called not by SMM, but before resource assignment in ramstage

edit: this looks to be the case for 4.13 too. So I'm not sure how you're able to enable this and still update via Heads, because it will already have been locked. the lock_chip() function is making an SMM call, that's completely separate

[tlaurion]

@MrChromebox this was on top #1015 (coreboot 4.13)

[tlaurion]

@MrChromebox :
So this branch: https://github.com/tlaurion/heads/tree/maximized_boards-coreboot-4_13-io386_lockdown
This commit: tlaurion@3343f8d

Having both chipset_lockdown unset and boot_media_lock_controller set:

Without calling lock_chip, Flashing ROM

Calling lock_chip, then reflashing the same ROM (notice warning of locked regions)

Then attempting to flash new ROM, which fails

[tlaurion]

Having chipset_lockdown unset but without boot_media_lock_controller set

lock_chip does nothing and permit flashing prior and after the call.

[MrChromebox]

@tlaurion then this is a highly platform-specific solution then, likely only works on Sandy/Ivy. On the L14, if BOOTMEDIA_LOCK_CONTROLLER is set, then nothing is flashable regardless if lock_chip has been called or not. I had to externally flash to clear it

[tlaurion]

Hmmm.
Ok. Tested on coreboot 4.14 on x230. Same behavior.

CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y
# CONFIG_INTEL_CHIPSET_LOCKDOWN is not set

When removing CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y and keeping # CONFIG_INTEL_CHIPSET_LOCKDOWN is not set; calling lock_chip does absolutely nothing.

[MrChromebox]

then I need to take a closer look at the SNB/IVB code to see why it's different there vs SKL and newer

[tlaurion]

@MrChromebox any input here on how it is supposed to be for other platforms?

[MrChromebox]

@tlaurion it's simply not going to work on newer platforms where FSP locks those registers regardless of any coreboot settings. They simply can't be set by the payload, even in SMM.

CONFIG_INTEL_CHIPSET_LOCKDOWN has no effect on Skylake and newer.
CONFIG_BOOTMEDIA_LOCK_CONTROLLER, I don't understand how it's not locking things prior to the payload execution on older platforms. I'd want to see a cbmem log from an x230 (eg) with SMM logging enabled to try and make sense of it

[tlaurion]

@MrChromebox here are the changes applied on top of 3343f8d with make savedfeconfig for coreboot config with SMI debug on:

diff --git a/boards/x230-hotp-maximized/x230-hotp-maximized.config b/boards/x230-hotp-maximized/x230-hotp-maximized.config
index 2b60112..ccfef36 100644
--- a/boards/x230-hotp-maximized/x230-hotp-maximized.config
+++ b/boards/x230-hotp-maximized/x230-hotp-maximized.config
@@ -7,7 +7,7 @@
 #
 # - Includes: Nitrokey/Librem Key HOTP Security dongle remote attestation (in addition to TOTP remote attestation through Qr Code)
 export CONFIG_COREBOOT=y
-export CONFIG_COREBOOT_VERSION=4.13
+export CONFIG_COREBOOT_VERSION=4.14
 export CONFIG_LINUX_VERSION=4.14.62
 
 CONFIG_COREBOOT_CONFIG=config/coreboot-x230-hotp-maximized.config
diff --git a/config/coreboot-x230-hotp-maximized.config b/config/coreboot-x230-hotp-maximized.config
index 86417a5..a5e0cde 100644
--- a/config/coreboot-x230-hotp-maximized.config
+++ b/config/coreboot-x230-hotp-maximized.config
@@ -20,3 +20,4 @@ CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000
 CONFIG_PAYLOAD_LINUX=y
 CONFIG_PAYLOAD_FILE="../../build/x230-hotp-maximized/bzImage"
 CONFIG_LINUX_INITRD="../../build/x230-hotp-maximized/initrd.cpio.xz"
+CONFIG_DEBUG_SMI=y
diff --git a/modules/coreboot b/modules/coreboot
index 845f1a0..2b9d3f0 100644
--- a/modules/coreboot
+++ b/modules/coreboot
@@ -19,6 +19,11 @@ else ifeq "$(CONFIG_COREBOOT_VERSION)" "4.13"
        coreboot_hash := 4779da645a25ddebc78f1bd2bd0b740fb1e6479572648d4650042a2b9502856a
        coreboot-blobs_hash := 060656b46a7859d038ddeec3f7e086e85f146a50b280c4babec23c1188264dc8
        coreboot_depends := $(if $(CONFIG_PURISM_BLOBS), purism-blobs)
+else ifeq "$(CONFIG_COREBOOT_VERSION)" "4.14"
+       coreboot_version := 4.14
+       coreboot_hash := d907379b727561d7ddd1d80b2fabaa373db00c9805719116f591cbc948173c6e
+       coreboot-blobs_hash := 9ee2fe5ba37d0e214000b8655acf8922de6df792adb75790559db4c160847921
user@heads-x230:~/heads$ git diff > diff
user@heads-x230:~/heads$ cat diff
diff --git a/boards/x230-hotp-maximized/x230-hotp-maximized.config b/boards/x230-hotp-maximized/x230-hotp-maximized.config
index 2b60112..ccfef36 100644
--- a/boards/x230-hotp-maximized/x230-hotp-maximized.config
+++ b/boards/x230-hotp-maximized/x230-hotp-maximized.config
@@ -7,7 +7,7 @@
 #
 # - Includes: Nitrokey/Librem Key HOTP Security dongle remote attestation (in addition to TOTP remote attestation through Qr Code)
 export CONFIG_COREBOOT=y
-export CONFIG_COREBOOT_VERSION=4.13
+export CONFIG_COREBOOT_VERSION=4.14
 export CONFIG_LINUX_VERSION=4.14.62
 
 CONFIG_COREBOOT_CONFIG=config/coreboot-x230-hotp-maximized.config
diff --git a/config/coreboot-x230-hotp-maximized.config b/config/coreboot-x230-hotp-maximized.config
index 86417a5..a5e0cde 100644
--- a/config/coreboot-x230-hotp-maximized.config
+++ b/config/coreboot-x230-hotp-maximized.config
@@ -20,3 +20,4 @@ CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000
 CONFIG_PAYLOAD_LINUX=y
 CONFIG_PAYLOAD_FILE="../../build/x230-hotp-maximized/bzImage"
 CONFIG_LINUX_INITRD="../../build/x230-hotp-maximized/initrd.cpio.xz"
+CONFIG_DEBUG_SMI=y
diff --git a/modules/coreboot b/modules/coreboot
index 845f1a0..2b9d3f0 100644
--- a/modules/coreboot
+++ b/modules/coreboot
@@ -19,6 +19,11 @@ else ifeq "$(CONFIG_COREBOOT_VERSION)" "4.13"
 	coreboot_hash := 4779da645a25ddebc78f1bd2bd0b740fb1e6479572648d4650042a2b9502856a
 	coreboot-blobs_hash := 060656b46a7859d038ddeec3f7e086e85f146a50b280c4babec23c1188264dc8
 	coreboot_depends := $(if $(CONFIG_PURISM_BLOBS), purism-blobs)
+else ifeq "$(CONFIG_COREBOOT_VERSION)" "4.14"
+	coreboot_version := 4.14
+	coreboot_hash := d907379b727561d7ddd1d80b2fabaa373db00c9805719116f591cbc948173c6e
+	coreboot-blobs_hash := 9ee2fe5ba37d0e214000b8655acf8922de6df792adb75790559db4c160847921
+	coreboot_depends := $(if $(CONFIG_PURISM_BLOBS), purism-blobs)
 else
 	$(error "$(BOARD): does not specify coreboot version under CONFIG_COREBOOT_VERSION")
 endif 

Where coreboot long config diff (as opposed to defconfig diff above) looks like this as a patch:

index 86417a5..8cd103a 100644
--- a/config/coreboot-x230-hotp-maximized.config
+++ b/config/coreboot-x230-hotp-maximized.config
@@ -1,22 +1,755 @@
+#
+# Automatically generated file; DO NOT EDIT.
+# coreboot configuration
+#
+
+#
+# General setup
+#
+CONFIG_COREBOOT_BUILD=y
+CONFIG_LOCALVERSION=""
+CONFIG_CBFS_PREFIX="fallback"
+CONFIG_COMPILER_GCC=y
+# CONFIG_COMPILER_LLVM_CLANG is not set
+# CONFIG_ANY_TOOLCHAIN is not set
+# CONFIG_CCACHE is not set
+# CONFIG_FMD_GENPARSER is not set
+# CONFIG_UTIL_GENPARSER is not set
+# CONFIG_USE_OPTION_TABLE is not set
+CONFIG_COMPRESS_RAMSTAGE=y
+CONFIG_INCLUDE_CONFIG_FILE=y
+CONFIG_COLLECT_TIMESTAMPS=y
+# CONFIG_TIMESTAMPS_ON_CONSOLE is not set
 # CONFIG_USE_BLOBS is not set
+# CONFIG_COVERAGE is not set
+# CONFIG_UBSAN is not set
+# CONFIG_HAVE_ASAN_IN_ROMSTAGE is not set
+# CONFIG_ASAN_IN_ROMSTAGE is not set
+CONFIG_HAVE_ASAN_IN_RAMSTAGE=y
+# CONFIG_ASAN_IN_RAMSTAGE is not set
+# CONFIG_ASAN is not set
+# CONFIG_NO_STAGE_CACHE is not set
+CONFIG_TSEG_STAGE_CACHE=y
+# CONFIG_UPDATE_IMAGE is not set
+# CONFIG_BOOTSPLASH_IMAGE is not set
+# CONFIG_FW_CONFIG is not set
+
+#
+# Mainboard
+#
+
+#
+# Important: Run 'make distclean' before switching boards
+#
+# CONFIG_VENDOR_51NB is not set
+# CONFIG_VENDOR_ACER is not set
+# CONFIG_VENDOR_ADLINK is not set
+# CONFIG_VENDOR_AMD is not set
+# CONFIG_VENDOR_AOPEN is not set
+# CONFIG_VENDOR_APPLE is not set
+# CONFIG_VENDOR_ASROCK is not set
+# CONFIG_VENDOR_ASUS is not set
+# CONFIG_VENDOR_BAP is not set
+# CONFIG_VENDOR_BIOSTAR is not set
+# CONFIG_VENDOR_BOSTENTECH is not set
+# CONFIG_VENDOR_CAVIUM is not set
+# CONFIG_VENDOR_CLEVO is not set
+# CONFIG_VENDOR_COMPULAB is not set
+# CONFIG_VENDOR_DELL is not set
+# CONFIG_VENDOR_ELMEX is not set
+# CONFIG_VENDOR_EMULATION is not set
+# CONFIG_VENDOR_EXAMPLE is not set
+# CONFIG_VENDOR_FACEBOOK is not set
+# CONFIG_VENDOR_FOXCONN is not set
+# CONFIG_VENDOR_GETAC is not set
+# CONFIG_VENDOR_GIGABYTE is not set
+# CONFIG_VENDOR_GIZMOSPHERE is not set
+# CONFIG_VENDOR_GOOGLE is not set
+# CONFIG_VENDOR_HP is not set
+# CONFIG_VENDOR_IBASE is not set
+# CONFIG_VENDOR_INTEL is not set
+# CONFIG_VENDOR_JETWAY is not set
+# CONFIG_VENDOR_KONTRON is not set
 CONFIG_VENDOR_LENOVO=y
+# CONFIG_VENDOR_LIBRETREND is not set
+# CONFIG_VENDOR_LIPPERT is not set
+# CONFIG_VENDOR_MSI is not set
+# CONFIG_VENDOR_OCP is not set
+# CONFIG_VENDOR_OPENCELLULAR is not set
+# CONFIG_VENDOR_PACKARDBELL is not set
+# CONFIG_VENDOR_PCENGINES is not set
+# CONFIG_VENDOR_PORTWELL is not set
+# CONFIG_VENDOR_PRODRIVE is not set
+# CONFIG_VENDOR_PROTECTLI is not set
+# CONFIG_VENDOR_PURISM is not set
+# CONFIG_VENDOR_RAZER is not set
+# CONFIG_VENDOR_RODA is not set
+# CONFIG_VENDOR_SAMSUNG is not set
+# CONFIG_VENDOR_SAPPHIRE is not set
+# CONFIG_VENDOR_SCALEWAY is not set
+# CONFIG_VENDOR_SIEMENS is not set
+# CONFIG_VENDOR_SIFIVE is not set
+# CONFIG_VENDOR_SUPERMICRO is not set
+# CONFIG_VENDOR_SYSTEM76 is not set
+# CONFIG_VENDOR_TI is not set
+# CONFIG_VENDOR_UP is not set
+CONFIG_BOARD_SPECIFIC_OPTIONS=y
+CONFIG_MAINBOARD_FAMILY="ThinkPad X230"
+CONFIG_MAINBOARD_PART_NUMBER="ThinkPad X230"
+CONFIG_MAINBOARD_VERSION="1.0"
+CONFIG_MAINBOARD_DIR="lenovo/x230"
+CONFIG_MAX_CPUS=8
+CONFIG_VGA_BIOS_ID="8086,0166"
+CONFIG_DIMM_MAX=4
+CONFIG_DIMM_SPD_SIZE=256
+CONFIG_FMDFILE=""
 CONFIG_NO_POST=y
+CONFIG_MAINBOARD_VENDOR="LENOVO"
+# CONFIG_ONBOARD_VGA_IS_PRIMARY is not set
+# CONFIG_VGA_BIOS is not set
 CONFIG_CBFS_SIZE=0xB80000
+CONFIG_VARIANT_DIR="x230"
+CONFIG_DEVICETREE="devicetree.cb"
+CONFIG_VGA_BIOS_FILE="pci8086,0166.rom"
+CONFIG_C_ENV_BOOTBLOCK_SIZE=0x10000
+CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="LENOVO"
+CONFIG_DRAM_RESET_GATE_GPIO=10
+CONFIG_INTEL_GMA_VBT_FILE="src/mainboard/$(MAINBOARDDIR)/variants/$(VARIANT_DIR)/data.vbt"
+CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0xc00
+CONFIG_USBDEBUG_HCD_INDEX=2
+CONFIG_OVERRIDE_DEVICETREE="variants/$(CONFIG_VARIANT_DIR)/overridetree.cb"
+CONFIG_BOOT_DEVICE_SPI_FLASH_BUS=0
+CONFIG_TPM_PIRQ=0x0
+# CONFIG_VBOOT is not set
+CONFIG_MEMLAYOUT_LD_FILE="src/arch/x86/memlayout.ld"
+CONFIG_VBOOT_VBNV_OFFSET=0x2a
+CONFIG_DCACHE_RAM_BASE=0xfefe0000
+CONFIG_DCACHE_RAM_SIZE=0x20000
+CONFIG_DCACHE_BSP_STACK_SIZE=0x10000
+CONFIG_MMCONF_BASE_ADDRESS=0xf0000000
+CONFIG_MAX_ACPI_TABLE_SIZE_KB=144
+CONFIG_HAVE_INTEL_FIRMWARE=y
+CONFIG_MRC_SETTINGS_CACHE_SIZE=0x10000
+CONFIG_SPI_FLASH_INCLUDE_ALL_DRIVERS=y
+CONFIG_SPI_FLASH_WINBOND=y
+CONFIG_TPM_INIT=y
+CONFIG_DRIVERS_INTEL_WIFI=y
 CONFIG_IFD_BIN_PATH="../../blobs/xx30/ifd.bin"
 CONFIG_ME_BIN_PATH="../../blobs/xx30/me.bin"
 CONFIG_GBE_BIN_PATH="../../blobs/xx30/gbe.bin"
+CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="ThinkPad X230"
 CONFIG_HAVE_IFD_BIN=y
+# CONFIG_BOARD_LENOVO_G505S is not set
+# CONFIG_BOARD_LENOVO_L520 is not set
+# CONFIG_BOARD_LENOVO_S230U is not set
+# CONFIG_BOARD_LENOVO_T400 is not set
+# CONFIG_BOARD_LENOVO_T500 is not set
+# CONFIG_BOARD_LENOVO_R400 is not set
+# CONFIG_BOARD_LENOVO_R500 is not set
+# CONFIG_BOARD_LENOVO_W500 is not set
+# CONFIG_BOARD_LENOVO_T410 is not set
+# CONFIG_BOARD_LENOVO_T420 is not set
+# CONFIG_BOARD_LENOVO_T420S is not set
+# CONFIG_BOARD_LENOVO_THINKPAD_T430 is not set
+# CONFIG_BOARD_LENOVO_T430S is not set
+# CONFIG_BOARD_LENOVO_T431S is not set
+# CONFIG_BOARD_LENOVO_THINKPAD_T440P is not set
+# CONFIG_BOARD_LENOVO_T520 is not set
+# CONFIG_BOARD_LENOVO_W520 is not set
+# CONFIG_BOARD_LENOVO_T530 is not set
+# CONFIG_BOARD_LENOVO_W530 is not set
+# CONFIG_BOARD_LENOVO_T60 is not set
+# CONFIG_BOARD_LENOVO_Z61T is not set
+# CONFIG_BOARD_LENOVO_R60 is not set
+# CONFIG_BOARD_LENOVO_THINKCENTRE_A58 is not set
+# CONFIG_BOARD_LENOVO_X131E is not set
+# CONFIG_BOARD_LENOVO_X1_CARBON_GEN1 is not set
+# CONFIG_BOARD_LENOVO_X200 is not set
+# CONFIG_BOARD_LENOVO_X301 is not set
+# CONFIG_BOARD_LENOVO_X201 is not set
+# CONFIG_BOARD_LENOVO_X220 is not set
+# CONFIG_BOARD_LENOVO_X220I is not set
+# CONFIG_BOARD_LENOVO_X1 is not set
 CONFIG_BOARD_LENOVO_X230=y
+# CONFIG_BOARD_LENOVO_X230T is not set
+# CONFIG_BOARD_LENOVO_X230S is not set
+# CONFIG_BOARD_LENOVO_X60 is not set
+CONFIG_PS2K_EISAID="PNP0303"
+CONFIG_PS2M_EISAID="LEN0020"
+CONFIG_THINKPADEC_HKEY_EISAID="LEN0068"
+CONFIG_VBOOT_SLOTS_RW_AB=y
+CONFIG_DRIVER_LENOVO_SERIALS=y
+# CONFIG_BOARD_LENOVO_BASEBOARD_T520 is not set
+# CONFIG_BOARD_LENOVO_BASEBOARD_T530 is not set
+# CONFIG_PCIEXP_L1_SUB_STATE is not set
+# CONFIG_PCIEXP_CLK_PM is not set
+# CONFIG_DRIVERS_UART_8250IO is not set
+CONFIG_HEAP_SIZE=0x4000
 CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
+CONFIG_BOARD_ROMSIZE_KB_12288=y
+# CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_512 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_1024 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_2048 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_4096 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_5120 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_6144 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_8192 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_10240 is not set
+CONFIG_COREBOOT_ROMSIZE_KB_12288=y
+# CONFIG_COREBOOT_ROMSIZE_KB_16384 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_32768 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_65536 is not set
+CONFIG_COREBOOT_ROMSIZE_KB=12288
+CONFIG_ROM_SIZE=0x00c00000
+CONFIG_HAVE_POWER_STATE_AFTER_FAILURE=y
+CONFIG_HAVE_POWER_STATE_PREVIOUS_AFTER_FAILURE=y
+CONFIG_POWER_STATE_OFF_AFTER_FAILURE=y
+# CONFIG_POWER_STATE_ON_AFTER_FAILURE is not set
+# CONFIG_POWER_STATE_PREVIOUS_AFTER_FAILURE is not set
+CONFIG_MAINBOARD_POWER_FAILURE_STATE=0
+CONFIG_SYSTEM_TYPE_LAPTOP=y
+# CONFIG_SYSTEM_TYPE_TABLET is not set
+# CONFIG_SYSTEM_TYPE_DETACHABLE is not set
+# CONFIG_SYSTEM_TYPE_CONVERTIBLE is not set
+# CONFIG_CBFS_AUTOGEN_ATTRIBUTES is not set
+
+#
+# Chipset
+#
+
+#
+# SoC
+#
+CONFIG_CPU_SPECIFIC_OPTIONS=y
+CONFIG_ROMSTAGE_ADDR=0x2000000
+CONFIG_VERSTAGE_ADDR=0x2000000
+CONFIG_RAMBASE=0xe00000
+CONFIG_CPU_ADDR_BITS=36
+# CONFIG_CHECK_REV_IN_OPROM_NAME is not set
+CONFIG_EHCI_BAR=0xfef00000
+CONFIG_SERIRQ_CONTINUOUS_MODE=y
+CONFIG_SMM_TSEG_SIZE=0x800000
+CONFIG_SMM_RESERVED_SIZE=0x100000
+CONFIG_SMM_MODULE_STACK_SIZE=0x400
+CONFIG_ACPI_CPU_STRING="\\_SB.CP%02d"
+# CONFIG_SOC_CAVIUM_CN81XX is not set
+CONFIG_ARCH_ARMV8_EXTENSION=0
+CONFIG_STACK_SIZE=0x1000
+# CONFIG_SOC_CAVIUM_COMMON is not set
+CONFIG_IED_REGION_SIZE=0x400000
+# CONFIG_SOC_INTEL_GEMINILAKE is not set
+CONFIG_X86_TOP4G_BOOTMEDIA_MAP=y
+CONFIG_DCACHE_RAM_MRC_VAR_SIZE=0x0
+CONFIG_PCIEXP_ASPM=y
+CONFIG_PCIEXP_COMMON_CLOCK=y
 CONFIG_UART_PCI_ADDR=0
+CONFIG_CHIPSET_DEVICETREE=""
+CONFIG_VBT_DATA_SIZE_KB=8
+# CONFIG_SOC_MEDIATEK_MT8173 is not set
+# CONFIG_SOC_MEDIATEK_MT8183 is not set
+# CONFIG_SOC_MEDIATEK_MT8192 is not set
+# CONFIG_SOC_NVIDIA_TEGRA124 is not set
+# CONFIG_SOC_NVIDIA_TEGRA210 is not set
+# CONFIG_SOC_QUALCOMM_COMMON is not set
+# CONFIG_SOC_QC_IPQ40XX is not set
+# CONFIG_SOC_QC_IPQ806X is not set
+# CONFIG_SOC_QUALCOMM_QCS405 is not set
+# CONFIG_SOC_ROCKCHIP_RK3288 is not set
+# CONFIG_SOC_ROCKCHIP_RK3399 is not set
+# CONFIG_CPU_SAMSUNG_EXYNOS5250 is not set
+# CONFIG_CPU_SAMSUNG_EXYNOS5420 is not set
+# CONFIG_SOC_TI_AM335X is not set
+# CONFIG_SOC_UCB_RISCV is not set
+
+#
+# CPU
+#
+# CONFIG_CPU_AMD_AGESA is not set
+# CONFIG_CPU_AMD_PI is not set
+# CONFIG_CPU_ARMLTD_CORTEX_A9 is not set
+CONFIG_CPU_INTEL_MODEL_206AX=y
+CONFIG_SSE2=y
+# CONFIG_CPU_INTEL_FIRMWARE_INTERFACE_TABLE is not set
+# CONFIG_CPU_INTEL_TURBO_NOT_PACKAGE_SCOPED is not set
+CONFIG_CPU_INTEL_COMMON=y
+CONFIG_ENABLE_VMX=y
+CONFIG_SET_IA32_FC_LOCK_BIT=y
+CONFIG_SET_MSR_AESNI_LOCK_BIT=y
+CONFIG_CPU_INTEL_COMMON_TIMEBASE=y
+CONFIG_CPU_INTEL_COMMON_SMM=y
+CONFIG_MICROCODE_UPDATE_PRE_RAM=y
+# CONFIG_PARALLEL_CPU_INIT is not set
+CONFIG_PARALLEL_MP=y
+# CONFIG_PARALLEL_MP_AP_WORK is not set
+# CONFIG_UDELAY_LAPIC is not set
+CONFIG_UDELAY_TSC=y
+CONFIG_TSC_MONOTONIC_TIMER=y
+# CONFIG_TSC_SYNC_LFENCE is not set
+CONFIG_TSC_SYNC_MFENCE=y
+CONFIG_LOGICAL_CPUS=y
+CONFIG_HAVE_SMI_HANDLER=y
+# CONFIG_NO_SMM is not set
+# CONFIG_SMM_ASEG is not set
+CONFIG_SMM_TSEG=y
+CONFIG_SMM_MODULE_HEAP_SIZE=0x4000
+CONFIG_SMM_STUB_STACK_SIZE=0x400
+# CONFIG_X86_SMM_LOADER_VERSION2 is not set
+# CONFIG_SMM_LAPIC_REMAP_MITIGATION is not set
+# CONFIG_SERIALIZED_SMM_INITIALIZATION is not set
+# CONFIG_X86_AMD_FIXED_MTRRS is not set
+# CONFIG_X86_AMD_INIT_SIPI is not set
+# CONFIG_SOC_SETS_MSRS is not set
+CONFIG_SMP=y
+CONFIG_MMX=y
+CONFIG_SSE=y
+CONFIG_SUPPORT_CPU_UCODE_IN_CBFS=y
+# CONFIG_USES_MICROCODE_HEADER_FILES is not set
+CONFIG_USE_CPU_MICROCODE_CBFS_BINS=y
+CONFIG_CPU_MICROCODE_CBFS_DEFAULT_BINS=y
+# CONFIG_CPU_MICROCODE_CBFS_EXTERNAL_BINS is not set
+# CONFIG_CPU_MICROCODE_CBFS_EXTERNAL_HEADER is not set
+# CONFIG_CPU_MICROCODE_CBFS_NONE is not set
+
+#
+# Northbridge
+#
+# CONFIG_NORTHBRIDGE_AMD_AGESA is not set
+# CONFIG_NORTHBRIDGE_AMD_PI is not set
+CONFIG_INTEL_GMA_BCLV_OFFSET=0x48254
+CONFIG_INTEL_GMA_BCLM_OFFSET=0xc8256
+CONFIG_NORTHBRIDGE_INTEL_SANDYBRIDGE=y
+# CONFIG_SANDYBRIDGE_VBOOT_IN_ROMSTAGE is not set
+CONFIG_USE_NATIVE_RAMINIT=y
+# CONFIG_NATIVE_RAMINIT_IGNORE_MAX_MEM_FUSES is not set
+# CONFIG_NATIVE_RAMINIT_IGNORE_XMP_MAX_DIMMS is not set
+CONFIG_RAMINIT_ENABLE_ECC=y
+
+#
+# Southbridge
+#
+# CONFIG_AMD_SB_CIMX is not set
+# CONFIG_SOUTHBRIDGE_AMD_CIMX_SB800 is not set
+CONFIG_SOUTHBRIDGE_INTEL_C216=y
+CONFIG_SOUTH_BRIDGE_OPTIONS=y
+CONFIG_HPET_MIN_TICKS=0x80
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_RESET=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_RTC=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_PMCLIB=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_PMBASE=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_GPIO=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_EARLY_SMBUS=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMBUS=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_SPI=y
+# CONFIG_SOUTHBRIDGE_INTEL_COMMON_SPI_ICH7 is not set
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_SPI_ICH9=y
+# CONFIG_SOUTHBRIDGE_INTEL_COMMON_SPI_SILVERMONT is not set
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_PIRQ_ACPI_GEN=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_RCBA_PIRQ=y
+CONFIG_HAVE_INTEL_CHIPSET_LOCKDOWN=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMM=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_ACPI_MADT=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_FINALIZE=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_USB_DEBUG=y
+CONFIG_INTEL_DESCRIPTOR_MODE_CAPABLE=y
+CONFIG_INTEL_DESCRIPTOR_MODE_REQUIRED=y
+# CONFIG_VALIDATE_INTEL_DESCRIPTOR is not set
 # CONFIG_INTEL_CHIPSET_LOCKDOWN is not set
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_WATCHDOG=y
+CONFIG_FIXED_SMBUS_IO_BASE=0x400
+
+#
+# Super I/O
+#
+# CONFIG_SUPERIO_ASPEED_AST2400 is not set
+# CONFIG_SUPERIO_ASPEED_COMMON_PRE_RAM is not set
+# CONFIG_SUPERIO_ASPEED_HAS_UART_DELAY_WORKAROUND is not set
+# CONFIG_SUPERIO_FINTEK_FAN_CONTROL is not set
+
+#
+# Embedded Controllers
+#
+CONFIG_EC_ACPI=y
+# CONFIG_EC_51NB_NPCE985LA0DX is not set
+# CONFIG_EC_GOOGLE_CHROMEEC_SKUID is not set
+# CONFIG_EC_GOOGLE_WILCO is not set
+CONFIG_EC_LENOVO_H8=y
+CONFIG_H8_BEEP_ON_DEATH=y
+CONFIG_H8_FLASH_LEDS_ON_DEATH=y
+# CONFIG_H8_SUPPORT_BT_ON_WIFI is not set
+CONFIG_H8_HAS_BAT_TRESHOLDS_IMPL=y
+# CONFIG_H8_HAS_PRIMARY_FN_KEYS is not set
+CONFIG_EC_LENOVO_PMH7=y
+
+#
+# Intel Firmware
+#
 CONFIG_HAVE_ME_BIN=y
+# CONFIG_CHECK_ME is not set
+# CONFIG_USE_ME_CLEANER is not set
+CONFIG_MAINBOARD_USES_IFD_GBE_REGION=y
 CONFIG_HAVE_GBE_BIN=y
+# CONFIG_MAINBOARD_USES_IFD_EC_REGION is not set
+# CONFIG_DO_NOT_TOUCH_DESCRIPTOR_REGION is not set
+# CONFIG_LOCK_MANAGEMENT_ENGINE is not set
+CONFIG_UNLOCK_FLASH_REGIONS=y
+# CONFIG_CAVIUM_BDK is not set
+# CONFIG_MAINBOARD_HAS_CHROMEOS is not set
+# CONFIG_GOOGLE_SMBIOS_MAINBOARD_VERSION is not set
+# CONFIG_UEFI_2_4_BINDING is not set
+# CONFIG_UDK_2015_BINDING is not set
+# CONFIG_UDK_2017_BINDING is not set
+# CONFIG_UDK_202005_BINDING is not set
+# CONFIG_USE_SIEMENS_HWILIB is not set
+# CONFIG_ARM_LPAE is not set
+CONFIG_ARCH_X86=y
+CONFIG_ARCH_BOOTBLOCK_X86_32=y
+CONFIG_ARCH_VERSTAGE_X86_32=y
+CONFIG_ARCH_ROMSTAGE_X86_32=y
+CONFIG_ARCH_POSTCAR_X86_32=y
+CONFIG_ARCH_RAMSTAGE_X86_32=y
+CONFIG_ARCH_ALL_STAGES_X86_32=y
+# CONFIG_ARCH_POSTCAR_X86_64 is not set
+# CONFIG_USE_MARCH_586 is not set
+# CONFIG_AP_IN_SIPI_WAIT is not set
+# CONFIG_SIPI_VECTOR_IN_ROM is not set
+CONFIG_RAMTOP=0x1000000
+CONFIG_NUM_IPI_STARTS=2
+CONFIG_PC80_SYSTEM=y
+# CONFIG_BOOTBLOCK_DEBUG_SPINLOOP is not set
+CONFIG_HAVE_CMOS_DEFAULT=y
+CONFIG_CMOS_DEFAULT_FILE="src/mainboard/$(MAINBOARDDIR)/cmos.default"
+CONFIG_IOAPIC_INTERRUPTS_ON_FSB=y
+# CONFIG_IOAPIC_INTERRUPTS_ON_APIC_SERIAL_BUS is not set
+# CONFIG_HPET_ADDRESS_OVERRIDE is not set
+CONFIG_HPET_ADDRESS=0xfed00000
+CONFIG_ID_SECTION_OFFSET=0x80
+CONFIG_POSTCAR_STAGE=y
+# CONFIG_VERSTAGE_DEBUG_SPINLOOP is not set
+# CONFIG_ROMSTAGE_DEBUG_SPINLOOP is not set
+CONFIG_BOOTBLOCK_SIMPLE=y
+# CONFIG_BOOTBLOCK_NORMAL is not set
+# CONFIG_COLLECT_TIMESTAMPS_NO_TSC is not set
+CONFIG_COLLECT_TIMESTAMPS_TSC=y
+# CONFIG_PAGING_IN_CACHE_AS_RAM is not set
+# CONFIG_IDT_IN_EVERY_STAGE is not set
+CONFIG_HAVE_CF9_RESET=y
+# CONFIG_PIRQ_ROUTE is not set
+
+#
+# Devices
+#
+# CONFIG_MAINBOARD_HAS_NATIVE_VGA_INIT is not set
+# CONFIG_MAINBOARD_FORCE_NATIVE_VGA_INIT is not set
+CONFIG_MAINBOARD_HAS_LIBGFXINIT=y
+# CONFIG_MAINBOARD_USE_LIBGFXINIT is not set
+# CONFIG_VGA_ROM_RUN is not set
 CONFIG_NO_GFX_INIT=y
+# CONFIG_MULTIPLE_VGA_ADAPTERS is not set
+CONFIG_PCI=y
+# CONFIG_NO_MMCONF_SUPPORT is not set
+CONFIG_MMCONF_SUPPORT=y
+# CONFIG_HYPERTRANSPORT_PLUGIN_SUPPORT is not set
+CONFIG_HT_CHAIN_UNITID_BASE=0
+CONFIG_HT_CHAIN_END_UNITID_BASE=0
+CONFIG_PCIX_PLUGIN_SUPPORT=y
+CONFIG_CARDBUS_PLUGIN_SUPPORT=y
+# CONFIG_AZALIA_PLUGIN_SUPPORT is not set
+CONFIG_PCIEXP_PLUGIN_SUPPORT=y
+CONFIG_PCI_ALLOW_BUS_MASTER=y
+CONFIG_PCI_SET_BUS_MASTER_PCI_BRIDGES=y
+CONFIG_PCI_ALLOW_BUS_MASTER_ANY_DEVICE=y
+# CONFIG_PCIEXP_HOTPLUG is not set
+# CONFIG_EARLY_PCI_BRIDGE is not set
+CONFIG_SUBSYSTEM_VENDOR_ID=0x0000
+CONFIG_SUBSYSTEM_DEVICE_ID=0x0000
+CONFIG_INTEL_GMA_HAVE_VBT=y
+CONFIG_INTEL_GMA_ADD_VBT=y
+# CONFIG_SOFTWARE_I2C is not set
+# CONFIG_RESOURCE_ALLOCATOR_V3 is not set
+CONFIG_RESOURCE_ALLOCATOR_V4=y
+# CONFIG_XHCI_UTILS is not set
+
+#
+# Generic Drivers
+#
+# CONFIG_DRIVERS_AS3722_RTC is not set
+# CONFIG_CHROMEOS_CAMERA is not set
+CONFIG_CRB_TPM_BASE_ADDRESS=0xfed40000
+# CONFIG_MAINBOARD_HAS_CRB_TPM is not set
+# CONFIG_ELOG is not set
+# CONFIG_GIC is not set
+# CONFIG_IPMI_KCS is not set
+# CONFIG_DRIVERS_LENOVO_WACOM is not set
+CONFIG_CACHE_MRC_SETTINGS=y
+# CONFIG_MRC_SETTINGS_PROTECT is not set
+# CONFIG_HAS_RECOVERY_MRC_CACHE is not set
+# CONFIG_MRC_SETTINGS_VARIABLE_DATA is not set
+# CONFIG_MRC_WRITE_NV_LATE is not set
+CONFIG_MRC_STASH_TO_CBMEM=y
+# CONFIG_RT8168_GET_MAC_FROM_VPD is not set
+# CONFIG_RT8168_SUPPORT_LEGACY_VPD_MAC is not set
+# CONFIG_RT8168_SET_LED_MODE is not set
+# CONFIG_SMMSTORE is not set
+# CONFIG_SMMSTORE_IN_CBFS is not set
+CONFIG_SPI_FLASH=y
+# CONFIG_SPI_SDCARD is not set
+CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP=y
+CONFIG_BOOT_DEVICE_SPI_FLASH_NO_EARLY_WRITES=y
+# CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY is not set
+# CONFIG_SPI_FLASH_DONT_INCLUDE_ALL_DRIVERS is not set
+# CONFIG_SPI_FLASH_NO_FAST_READ is not set
+CONFIG_SPI_FLASH_ADESTO=y
+CONFIG_SPI_FLASH_AMIC=y
+CONFIG_SPI_FLASH_ATMEL=y
+CONFIG_SPI_FLASH_EON=y
+CONFIG_SPI_FLASH_GIGADEVICE=y
+CONFIG_SPI_FLASH_MACRONIX=y
+CONFIG_SPI_FLASH_SPANSION=y
+CONFIG_SPI_FLASH_SST=y
+CONFIG_SPI_FLASH_STMICRO=y
+# CONFIG_SPI_FLASH_HAS_VOLATILE_GROUP is not set
+# CONFIG_HAVE_EM100PRO_SPI_CONSOLE_SUPPORT is not set
+CONFIG_NO_UART_ON_SUPERIO=y
+# CONFIG_UART_OVERRIDE_INPUT_CLOCK_DIVIDER is not set
+# CONFIG_UART_OVERRIDE_REFCLK is not set
+# CONFIG_DRIVERS_UART_8250MEM is not set
+# CONFIG_DRIVERS_UART_8250MEM_32 is not set
+# CONFIG_HAVE_UART_SPECIAL is not set
+# CONFIG_DRIVERS_UART_OXPCIE is not set
+# CONFIG_DRIVERS_UART_PL011 is not set
+# CONFIG_UART_USE_REFCLK_AS_INPUT_CLOCK is not set
+CONFIG_HAVE_USBDEBUG=y
+CONFIG_HAVE_USBDEBUG_OPTIONS=y
+# CONFIG_USBDEBUG is not set
+# CONFIG_VPD is not set
+# CONFIG_DRIVERS_AMD_PI is not set
+# CONFIG_DRIVERS_GENERIC_CBFS_SERIAL is not set
+# CONFIG_DRIVERS_GENESYSLOGIC_GL9755 is not set
+# CONFIG_DRIVERS_GFX_GENERIC is not set
+# CONFIG_DRIVERS_I2C_GPIO_MUX is not set
+# CONFIG_DRIVERS_I2C_MAX98373 is not set
+# CONFIG_DRIVERS_I2C_MAX98390 is not set
+# CONFIG_DRIVERS_I2C_MAX98927 is not set
+# CONFIG_DRIVERS_I2C_PCA9538 is not set
+# CONFIG_DRIVERS_I2C_PCF8523 is not set
+# CONFIG_DRIVERS_I2C_PTN3460 is not set
+# CONFIG_DRIVERS_I2C_RT1011 is not set
+# CONFIG_DRIVERS_I2C_RT5663 is not set
+# CONFIG_DRIVERS_I2C_RTD2132 is not set
+# CONFIG_DRIVERS_I2C_RX6110SA is not set
+# CONFIG_DRIVERS_I2C_SX9310 is not set
+# CONFIG_MAINBOARD_HAS_I2C_TPM_ATMEL is not set
+# CONFIG_MAINBOARD_HAS_I2C_TPM_CR50 is not set
+# CONFIG_MAINBOARD_HAS_I2C_TPM_GENERIC is not set
+# CONFIG_DRIVERS_INTEL_DPTF is not set
+# CONFIG_PLATFORM_USES_FSP2_0 is not set
+# CONFIG_PLATFORM_USES_FSP2_1 is not set
+# CONFIG_PLATFORM_USES_FSP2_2 is not set
+# CONFIG_INTEL_DDI is not set
+# CONFIG_INTEL_EDID is not set
+CONFIG_INTEL_INT15=y
+CONFIG_INTEL_GMA_ACPI=y
+CONFIG_INTEL_GMA_BCLV_WIDTH=16
+CONFIG_INTEL_GMA_BCLM_WIDTH=16
+# CONFIG_INTEL_GMA_SSC_ALTERNATE_REF is not set
+# CONFIG_INTEL_GMA_SWSMISCI is not set
+# CONFIG_GFX_GMA_IGNORE_PRESENCE_STRAPS is not set
+# CONFIG_GFX_GMA_PANEL_1_ON_EDP is not set
+CONFIG_GFX_GMA_PANEL_1_ON_LVDS=y
+# CONFIG_DRIVER_INTEL_I210 is not set
+# CONFIG_DRIVERS_INTEL_ISH is not set
+# CONFIG_DRIVERS_INTEL_MIPI_CAMERA is not set
+# CONFIG_DRIVERS_INTEL_PMC is not set
+# CONFIG_HAVE_INTEL_PTT is not set
+# CONFIG_IPMI_OCP is not set
+# CONFIG_DRIVERS_LENOVO_HYBRID_GRAPHICS is not set
+# CONFIG_DRIVER_MAXIM_MAX77686 is not set
+CONFIG_FRU_DEVICE_ID=0
+# CONFIG_DRIVER_PARADE_PS8625 is not set
+# CONFIG_DRIVER_PARADE_PS8640 is not set
 CONFIG_DRIVERS_PS2_KEYBOARD=y
+CONFIG_DRIVERS_MC146818=y
+CONFIG_MAINBOARD_HAS_LPC_TPM=y
+CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000
+CONFIG_DRIVERS_RICOH_RCE822=y
+# CONFIG_DRIVER_SIEMENS_NC_FPGA is not set
+# CONFIG_NC_FPGA_NOTIFY_CB_READY is not set
+# CONFIG_DRIVERS_SIL_3114 is not set
+# CONFIG_MAINBOARD_HAS_SPI_TPM_CR50 is not set
+# CONFIG_MAINBOARD_HAS_SPI_TPM is not set
+# CONFIG_DRIVERS_TI_SN65DSI86BRIDGE is not set
+# CONFIG_DRIVER_TI_TPS65090 is not set
+# CONFIG_DRIVERS_TI_TPS65913_RTC is not set
+# CONFIG_DRIVERS_USB_ACPI is not set
+# CONFIG_DRIVERS_USB_PCI_XHCI is not set
+CONFIG_DRIVERS_WIFI_GENERIC=y
+# CONFIG_USE_SAR is not set
+# CONFIG_COMMONLIB_STORAGE is not set
+
+#
+# Security
+#
+
+#
+# Verified Boot (vboot)
+#
+CONFIG_VBOOT_LIB=y
+
+#
+# Trusted Platform Module
+#
+CONFIG_TPM1=y
+CONFIG_MAINBOARD_HAS_TPM1=y
+# CONFIG_TPM_DEACTIVATE is not set
+# CONFIG_DEBUG_TPM is not set
+# CONFIG_TPM_RDRESP_NEED_DELAY is not set
 CONFIG_TPM_MEASURED_BOOT=y
+CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA=""
+
+#
+# Memory initialization
+#
+CONFIG_PLATFORM_HAS_DRAM_CLEAR=y
+# CONFIG_SECURITY_CLEAR_DRAM_ON_REGULAR_BOOT is not set
+# CONFIG_STM is not set
+# CONFIG_STM_CONSOLE_RELEASE is not set
+# CONFIG_BOOTMEDIA_LOCK_NONE is not set
 CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y
+# CONFIG_BOOTMEDIA_LOCK_CHIP is not set
+CONFIG_BOOTMEDIA_LOCK_WHOLE_RO=y
+# CONFIG_BOOTMEDIA_LOCK_WHOLE_NO_ACCESS is not set
+# CONFIG_ACPI_AMD_HARDWARE_SLEEP_VALUES is not set
+CONFIG_ACPI_HAVE_PCAT_8259=y
+CONFIG_ACPI_INTEL_HARDWARE_SLEEP_VALUES=y
+CONFIG_HAVE_ACPI_TABLES=y
+# CONFIG_BOOT_DEVICE_NOT_SPI_FLASH is not set
+CONFIG_BOOT_DEVICE_SPI_FLASH=y
+CONFIG_BOOT_DEVICE_MEMORY_MAPPED=y
+CONFIG_BOOT_DEVICE_SUPPORTS_WRITES=y
+CONFIG_RTC=y
+
+#
+# Console
+#
+CONFIG_BOOTBLOCK_CONSOLE=y
+CONFIG_POSTCAR_CONSOLE=y
+CONFIG_SQUELCH_EARLY_SMP=y
+# CONFIG_SPKMODEM is not set
+# CONFIG_CONSOLE_NE2K is not set
+CONFIG_CONSOLE_CBMEM=y
 CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000
+# CONFIG_CONSOLE_CBMEM_DUMP_TO_UART is not set
+# CONFIG_CONSOLE_SPI_FLASH is not set
+# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8 is not set
+CONFIG_DEFAULT_CONSOLE_LOGLEVEL_7=y
+# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_6 is not set
+# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5 is not set
+# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_4 is not set
+# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_3 is not set
+# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_2 is not set
+# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1 is not set
+# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0 is not set
+CONFIG_DEFAULT_CONSOLE_LOGLEVEL=7
+# CONFIG_DEFAULT_POST_ON_LPC is not set
+# CONFIG_NO_EARLY_BOOTBLOCK_POSTCODES is not set
+CONFIG_HWBASE_DEBUG_CB=y
+CONFIG_HAVE_ACPI_RESUME=y
+# CONFIG_DISABLE_ACPI_HIBERNATE is not set
+CONFIG_RESUME_PATH_SAME_AS_BOOT=y
+# CONFIG_NO_MONOTONIC_TIMER is not set
+CONFIG_HAVE_MONOTONIC_TIMER=y
+# CONFIG_TIMER_QUEUE is not set
+CONFIG_HAVE_OPTION_TABLE=y
+# CONFIG_PCI_IO_CFG_EXT is not set
+CONFIG_IOAPIC=y
+CONFIG_USE_WATCHDOG_ON_BOOT=y
+# CONFIG_GFXUMA is not set
+# CONFIG_ACPI_NHLT is not set
+
+#
+# System tables
+#
+# CONFIG_GENERATE_MP_TABLE is not set
+# CONFIG_GENERATE_PIRQ_TABLE is not set
+CONFIG_GENERATE_SMBIOS_TABLES=y
+CONFIG_SMBIOS_PROVIDED_BY_MOBO=y
+CONFIG_MAINBOARD_SERIAL_NUMBER="123456789"
+
+#
+# Payload
+#
+# CONFIG_PAYLOAD_NONE is not set
+# CONFIG_PAYLOAD_ELF is not set
+# CONFIG_PAYLOAD_BOOTBOOT is not set
+# CONFIG_PAYLOAD_FILO is not set
+# CONFIG_PAYLOAD_GRUB2 is not set
+# CONFIG_PAYLOAD_LINUXBOOT is not set
+# CONFIG_PAYLOAD_SEABIOS is not set
+# CONFIG_PAYLOAD_UBOOT is not set
+# CONFIG_PAYLOAD_YABITS is not set
 CONFIG_PAYLOAD_LINUX=y
+# CONFIG_PAYLOAD_TIANOCORE is not set
 CONFIG_PAYLOAD_FILE="../../build/x230-hotp-maximized/bzImage"
 CONFIG_LINUX_INITRD="../../build/x230-hotp-maximized/initrd.cpio.xz"
+CONFIG_PAYLOAD_OPTIONS=""
+# CONFIG_PXE is not set
+# CONFIG_PAYLOAD_IS_FLAT_BINARY is not set
+CONFIG_COMPRESS_SECONDARY_PAYLOAD=y
+
+#
+# Secondary Payloads
+#
+# CONFIG_COREINFO_SECONDARY_PAYLOAD is not set
+# CONFIG_MEMTEST_SECONDARY_PAYLOAD is not set
+# CONFIG_NVRAMCUI_SECONDARY_PAYLOAD is not set
+# CONFIG_TINT_SECONDARY_PAYLOAD is not set
+
+#
+# Debugging
+#
+
+#
+# CPU Debug Settings
+#
+
+#
+# BLOB Debug Settings
+#
+
+#
+# General Debug Settings
+#
+# CONFIG_FATAL_ASSERTS is not set
+# CONFIG_DEBUG_CBFS is not set
+CONFIG_HAVE_DEBUG_RAM_SETUP=y
+# CONFIG_DEBUG_RAM_SETUP is not set
+CONFIG_HAVE_DEBUG_SMBUS=y
+# CONFIG_DEBUG_SMBUS is not set
+CONFIG_DEBUG_SMI=y
+# CONFIG_DEBUG_PERIODIC_SMI is not set
+# CONFIG_DEBUG_MALLOC is not set
+# CONFIG_DEBUG_RESOURCES is not set
+# CONFIG_DEBUG_CONSOLE_INIT is not set
+# CONFIG_DEBUG_SPI_FLASH is not set
+# CONFIG_TRACE is not set
+# CONFIG_DEBUG_FUNC is not set
+# CONFIG_DEBUG_BOOT_STATE is not set
+# CONFIG_DEBUG_ADA_CODE is not set
+CONFIG_HAVE_EM100_SUPPORT=y
+# CONFIG_EM100 is not set
+CONFIG_NO_EDID_FILL_FB=y
+CONFIG_WARNINGS_ARE_ERRORS=y
+# CONFIG_POWER_BUTTON_DEFAULT_ENABLE is not set
+# CONFIG_POWER_BUTTON_DEFAULT_DISABLE is not set
+# CONFIG_POWER_BUTTON_FORCE_ENABLE is not set
+# CONFIG_POWER_BUTTON_FORCE_DISABLE is not set
+# CONFIG_POWER_BUTTON_IS_OPTIONAL is not set
+# CONFIG_REG_SCRIPT is not set
+CONFIG_MAX_REBOOT_CNT=3
+# CONFIG_NO_XIP_EARLY_STAGES is not set
+# CONFIG_EARLY_CBMEM_LIST is not set
+CONFIG_RELOCATABLE_MODULES=y
+CONFIG_HAVE_BOOTBLOCK=y
+CONFIG_HAVE_ROMSTAGE=y
+CONFIG_HAVE_RAMSTAGE=y

[tlaurion]

CONFIG_BOOTMEDIA_LOCK_CONTROLLER, I don't understand how it's not locking things prior to the payload execution on older platforms. I'd want to see a cbmem log from an x230 (eg) with SMM logging enabled to try and make sense of it

@MrChromebox : I added SMI debug from above config.
A cbmem -l didn't show anything new past TCPA log after a call to lock_chip which successfully locked platform and prevented SPI write access from Heads recovery shell.

What exactly do you want me to add to config and then what exactly do you want me to dump here?

[MrChromebox]

@tlaurion I'm honestly not sure. I guess I need to take another / more in depth look at coreboot to try and understand the execution flow that's allowing this to work on SNB/IVB

[MrChromebox]

ok, looked at this more closely (and beat my x230 into submission enough to do some testing), and seems that on SNB (Sandy bridge)/IVB (Ivy bridge), setting the FPR alone (which boot_device_security_lockdown() does in ramstage) is not sufficient to prevent writes to flash. The chipset finalization is required as well, which is what CONFIG_INTEL_CHIPSET_LOCKDOWN=y would normally do.

But, on newer FSP_based platforms (SKL+), FSP will perform the chipset finalization functions (at least w/r/t the flash protection registers) if coreboot does not, so there is no opportunity for the payload to do it.

So, this approach works, but not for any 6th-gen or newer devices

[tlaurion]

Considering io386 is an interesting security improvement for xx20 and xx30 boards, since OS cannot touch SPI in write mode even if iomem=relaxed the following needs to be done prior of merge:

• Clean https://github.com/tlaurion/heads/tree/maximized_boards-coreboot-4_13-io386_lockdown so that a seperate PR is based on Introduce io386 to heads and use it to finalize chipset at runtime #326 and applies change so the lock_chip call is made just prior of kexec
• Add io386 option in all xx20 and xx30 boards by default
• Change wiki to cover this feature (maybe create a Board features section, talking about all the board configuration options?)
  • Change supported devices grid so that only xx20 and xx30 boards have that feature ticked.
• Review this PR and wiki's PR
• Merge

[tlaurion]

This feature alone, per previous post referred PR, just works for xx30/xx20 on coreboot 4.13+ and mitigates a platora of attacks from OS targeting firmware modifications. But it does not prevent, without recovery shell authentication a local attacker to get to recovery shell, backup ROM, tamper ROM and flash back a ROM faking measurements without being noticed.

Maybe we should give option to user to use TPM disk unlock key (sufficient)/GPG user pin(limited)/LUKS Disk recovery Key passphrase(not so great idea, disk swap would be sufficient to authenticate) when going to recovery shell and for upgrading firmware (not so needed: read below)?

Each option has it's risks and limitations, but one is at least needed here to implement this feature while making it truely useful. But merging this first while deciding of the best authenticating mechanisms are totally different issues.

The blocker here is really just how to authenticate user in case of access to recovery shell and how to properly handle firmware upgrade from heads... Out of ideas outside of the followings.

Otherwise, this would give advantage to sandy/ivy for locking correctly platform access to SPI flash, preventing at least the OS to be able to modify the firmware whatsoever (iomem=relaxed not working anymore).

But that is void if user can just go to recovery shell to backup current whole ROM, thinker leisure and then come back at machine to flash a ROM which would contain hardcoded values of past valid ROM measurements including user's public key, user config files and tampered binaries and scripts... So authentication is mandatory to at least limit access to the recovery shell to backup/extract/tamper firmware and flash it back unnoticed.

Disk recovery key passphrase alone (luksOpen check) would be susceptible to disk swap and is not good enough to truly authenticate user, while physical access would be needed here to swap disks. I would go against that.

Disk Unlock key is a feature limited to non-Librems and could fit the bill since this PR is targeting only sandy/ivy bridges as of now, while access to recovery shell unauthorized is jeopardizing security of all boards for other threats, including users just wanting to nuke OS from it....

GPG user PIN would need to have workaround for expired keys and when a key is not existing, while needing fallback of some sort to other mechanisms, which are lacking in case of lost USB Security dongle to be able to use GPG User PIN as a mechanism alone for authentication for recovery shell, while not really a problem if flashing from Heads menu is permitted, permitting user to flash a fresh ROM without key and generating a new one on next boot.

We could simply protect recovery access while ROM flashing would still be permitted as a mitigation, but where attackers would be in the dark if not possible to access recovery shell to get a proper ROM backup to craft a tampered one faking measurements. So in my opinion, preventing recovery shell access might be enough.

To me, the problem missing thinking is how to authenticate user in case of lost USB Security dongle, which should be first way to authenticate with some kind of fallback, while user flashing new ROM without key might mitigate this.

If we are OK pushing this feature with Disk Unlock Key as fallback for GPG User PIN for xx30 and xx20, then there is no problem.

In that case, the TPM release of the Disk Unlock key as authentication would be the strongest authentication ( #1091 now measuring whole LUKS headers into TPM NVRAM to seal/unseal Disk Unlock Key, while #1093 is giving insights of why Disk Unlock Key would fail to be released). The TPM Disk Unlock Key passhphrase release would fail as an authentication mechanism in case of a disk swap here, and wound prove the firmware state, cbfs files state, normal boot patch, kernel modules state being the same as when state was sealed, as opposed to GPG User PIN which would only validate that the USB Security dongle is connected with someone knowing the PIN, no other states are validated, which is enough for some use cases.

If the user or attacker decides to flash a clean ROM without conserving public key and user settings, then Heads currently asks on boot for generation of key. If disk is blank, user is asked to install from USB. Consequently, the user having lost his USB dongle could reflash a clean ROM from USB and regenerate keys.

Consequently, the user could be asked to authenticate with TPM Disk Unlock Key passphrase/ GPG user PIN to access the recovery shell, while flashing a new firmware could stay unauthenticated.

Otherwise I need you brains, guys. Challenge me.

@Thrilleratplay? @Tonux599 @persmule? @kylerankin (not relevant to Purism but xx30/xx20 only for platform lockdown, but what about recovery shell authorized access)? @MrChromebox?