me_cleaner
RPi4
me_cleaner | RPi4 | |
---|---|---|
97 | 54 | |
4,395 | 1,150 | |
- | 2.1% | |
0.0 | 5.6 | |
almost 2 years ago | about 1 month ago | |
Python | Shell | |
GNU General Public License v3.0 only | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
me_cleaner
-
Power issue with my X250. Time to upgrade? (more info in comments)
Some times Intel version of Lenovo have a problem with Intel ME , check this out. LINK
-
System76's Coreboot Open Firmware Manages to Disable Intel Me for Raptor Lake
Yes; there are several ways, depending heavily on the version, and ranging from most trustworthy to least trustworthy:
* By patching the ME firmware itself - see the me_cleaner project, and methods documented here: https://puri.sm/posts/deep-dive-into-intel-me-disablement/ . This is Pretty Reliable; the runtime code has been deleted from flash.
* By setting a bit in the flash configuration, assumed to be added for the US High Assurance program: https://github.com/corna/me_cleaner/wiki/HAP-AltMeDisable-bi... , https://www.ptsecurity.com/ww-en/analytics/disabling-intel-m... . This is Mostly Reliable; the mechanism has been fairly aggressively reverse engineered and was added for a program with strict requirements.
* By sending an HECI command that says "hey ME, turn off your runtime" https://review.coreboot.org/c/coreboot/+/52800 . This is Somewhat Reliable; the method is well understood and seems to work but I'm not sure someone has done a deep dive audit into whether it could be re-enabled somehow.
-
Modern CPUs have a backstage cast
"...this is interesting is because POWER9 is basically the first time the public got a real view of how sophisticated the backstage cast actually is of a modern server CPU."
Not quite correct; the OpenSPARC T1 and T2 were publicly released and available by 2008.
https://www.oracle.com/servers/technologies/opensparc.html
"Large parts of this process are handled by vendor-supplied mystery firmware blobs, which may as well be boxes with “???” written in them.
The maintainers of the me_cleaner script likely have the clearest view of what is known.
https://github.com/corna/me_cleaner
- What is the most trusted hardware most OpenBSD people would suggest?
-
Let's find our next HW wallet
Your dedicated laptop with disabled Intel ME running OpenBSD might be the gold standard choice for your hardware wallet. Main discussion here.
-
Laptop with deactivated Intel ME running OpenBSD as a hardware wallet for top cryptos
I consider a dedicated laptop with deactivated Intel ME running OpenBSD (maybe from USB flash) can be a much secure alternative to a proprietary hardware wallet connected to your casual multi-purpose laptop.
-
On Intel ME
On a side note, if Intel has made it this hard to disable Intel ME, is the US government happy with this change? It was them who got the HAP bit part working, and I do not see any news suggesting they have another trick to disable Intel ME. Should I just assume that this still works? Has anybody here tried? And does me_cleaner still work (last updated in 2018: https://github.com/corna/me_cleaner)?
-
I ordered my first laptop from System76. I'm so excited
This is incorrect. Intel ME has an internal disablement mechanism: https://github.com/corna/me_cleaner/wiki/HAP-AltMeDisable-bit this is the mechanism that it used by S76 and Purism.
- linux and tails compromised? if this is real we lost all privacy. found it on twitter
-
Why I Use Old Hardware
If you are sensitive about the Intel Management Engine, the original Core 2 Duo/Quad systems are the last where it could be fully disabled.
Anything later will forcibly shut down after 30 minutes if (at least a fragment of) Intel's closed & bug-ridden monitoring code is not present.
I ran me_cleaner on a few of these systems, and I do all my finances with them running OpenBSD (usually on q9550s).
Yes, this effort to run old hardware is worth it for me. Below are the bios images that I was able to produce:
https://github.com/corna/me_cleaner/issues/233
RPi4
-
CentOS Stream and Raspberry Pi
Correct. It does not as shipped. However, the use of this project will bring the firmware into system ready spec, so it can boot with a standard aarch64 UEFI image: https://github.com/pftf/RPi4
-
What is the most trusted hardware most OpenBSD people would suggest?
are you using the uefi firmware from https://github.com/pftf/RPi4 or are you trying to boot through the gpio serial header?I don't think the pi can boot on its own through uboot unless your using a serial/usb connection
-
Kernel Updates Installed but not Loading
Looks like you can use Grub on UEFI ARM systems, but Raspberry Pi isn't natively running UEFI. https://github.com/pftf/RPi4
-
Flatcar Container Linux
The rpi4 has uefi firmware available, this allows you to boot any generic uefi aarch64 image, you no longer need rpi specific images.
https://github.com/pftf/RPi4
-
Does NetBSD 9.3 work on the RaspberryPi 4?
Straight out of the box, the image wouldn't boot, said that start.elf was invalid, so I went to https://github.com/pftf/RPi4/releases as suggested in the Readme.md file in the EFI partition. I installed that (version 1.34) over the existing EFI partition and tried again. That booted up the kernel, but it apparently died when it enabled the interrupt controller. The last messages are about armgic0.
-
Ethernet on my Pi4 is giving me headaches
Maybe similar discussion on github:
-
How can I dual boot Fedora on Pi4?
You can use these firmware images for UEFI as well as install with the arm ISO. I didn't have graphics acceleration that way, but it might be an easy fix.
-
Orange Pi 5: 8-core CPU 2.4GHz, up to 32GB DDR4, $60 preorders ship Dec. 1
I'm guessing these are not SystemReady certified with UEFI firmware and require "bespoke" preinstalled arm images?
https://www.arm.com/architecture/system-architectures/system...
https://developer.arm.com/documentation/102677/0100/UEFI-req...
I have three SystemReady arm devices and it's pretty awesome to be able to just boot an aarch64 live ISO and install. The experience is the same for running vms via ESXi arm edition.
Nvidia Jetson AGX Xavier - https://developer.nvidia.com/embedded/downloads#?search=uefi
Honeycomb LX2 - https://github.com/SolidRun/lx2160a_uefi
RPI4 - https://github.com/pftf/RPi4
It can be tedious building/provisioning the firmware but once complete they are ready for any aarch64 uefi iso.
What is annoying however is when distros don't ship an aarch64 uefi iso - but instead choose to build a zillion device specific "preinstalled" arm images. (looking at you manjaro)
The list of supported devices for ESXi arm edition is a great place to start for identifying options and is constantly updated.
https://flings.vmware.com/esxi-arm-edition
Raspberry-Pi-4
-
[Aarch64] Help creating a generic image that boots on the Raspberry Pi 4
The only reason why I am was trying to build the image was because I wanted to move stuff as mainline as possible and was worried that any installation made with the help of RPi4 UEFI firmware would stop booting after a while.
-
I have come to bury the BIOS, not to open it: The need for holistic systems
Most ARM hardware is cellphones, raspberry pi and the Mac M1, which certainly aren't that type.
But a lot of ARM hardware is that type. The keywords are SBSA / SBBR / SystemReady. If your hardware is SBBR compatible then Fedora and Ubuntu's ARM64 iso, and Windows ARM64, downloaded from their website, will at least boot fine (drivers are a different question as always).
There's a good list of supported hardware in the lower half of https://community.arm.com/arm-community-blogs/b/architecture... . Many systems from Avantek, Gigabyte, NXP, Marvell, Solidrun etc are standardizing on this way of booting.
DeviceTree is low-level enough that you can implement UEFI on top of it. There's a UEFI port for the Raspberry Pi 4 at https://rpi4-uefi.dev/ that produces an SBBR layer, allowing it to boot any off-the-shelf ARM64 SBBR distro.
What are some alternatives?
firmware-open - System76 Open Firmware
NanoPi-R4S-OpenWRT - OpenWrt Frimwares for FriendlyARM NanoPi R4S
thinkpad-firmware-patches - Collection of ThinkPad UEFI patches.
openbsd-rpi4
t430-coreboot - coreboot rom for thinkpad t430
zram-swap - A simple zram swap service for modern systemd Linux
coreboot - DEPRECATED: coreboot on the w541. See link below.
BorgBackup - Deduplicating archiver with compression and authenticated encryption.
cadmium - [Moved to: https://github.com/Maccraft123/Cadmium]
k3s - Lightweight Kubernetes
thepyphone - Voice and SMS/MMS on a Raspberry Pi 3B+
uhubctl - uhubctl - USB hub per-port power control