I noticed the Librem14 is using a Comet Lake/10th Gen CPU. Does ME_Cleaner still work with these newer CPUs?
The me_cleaner code hasn’t been updated since October 2018 and it doesn’t have any info on whether it works with Comet Lake processors or not.
@MrChromebox says that he disabled the ME in the L14 by changing the HAP bit. You have to ask him what tool he used to change the HAP bit.
there are some WIP patches in the PR section of me_cleaner for it to get the HAP bit for CSME 12.x, but the location of the HAP bit is SKU-specific. Same with CSME 14.x (CML).
There is no capability to neuter/clean the ME firmware for anything above ME 11.x currently
Hello @MrChromebox I hope it is ok if I ask my question here as it belongs to this topic.
If I got it right you are still using the me_cleaner tool to set the HAP bit.
May I ask you to point me in to the right direction where you call the me_cleaner in the source code?
I could only find this, but it is 4 years old: https://source.puri.sm/pureos/packages/purism-librem-coreboot-updater
And here which is more current I could not find it: https://source.puri.sm/firmware/utility
Thank you very much.
no, I set it manually with a hex editor. ME cleaner hasn’t been used in years now. Also, Purism now self-hosts all the blobs needed for building a full coreboot image, so we don’t modify anything at compile time - the blobs in our repo are already modified.
Does the hap setting still work on newer (11th/12th gen) CPUs?
yes, but starting with 10th-gen the position of the HAP bit is variable within the IFD based on the Intel product SKU
Thank you very much for your explanation.