-
Notifications
You must be signed in to change notification settings - Fork 273
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SuperMicro A2SDi doesn't work #189
Comments
Great, finally I have the chance to work on SPS 4.x ;) Note that I'm going to analyze the SPS image (which, luckily, is available on the supermicro website), I'll keep you updated. |
I was whitelisting all removed partitions and then removing them from the whitelist individually. Same idea I guess.
Awesome! |
From the Positive Technologies blog post on HAP disable:
So it would seem that soft disable not working is expected. |
Update from playing with some of the undocumented bits in the soft strap at
Also saw this IE Disable bit: And decided to try bit 13 at Board booted normally, but no change of the ME status. |
Looking at this Power Management Controller register: It seems to mirror the ordering of the listed soft strap bits, and lines up with the observed behavior of the undocumented bits (i.e. Bit 13 disables USB2). So if that was going to work, it would have been bit 15, which had no effect. I did try it again just to be sure. |
Oh great, so these newer C3000 motherboards, which seem so great for pfSense aren't all that great. I have the A1SRi-2558F, which does not have intel ME. Perhaps it also lacks that "innovation engine", that sounds so incredibly helpful. |
A few updates: There is a second Previously, I wasn't able to boot an image even with all partitions whitelisted. I have been able to boot an image now after I disabled the One very odd thing came up that I'm not really sure what to make of yet. The partitions in this image are as follows:
Then, I tried removing It would seem that I can't remove more than two modules, but I'm not really sure why yet. @corna, any insight you have would be appreciated. |
I've read somewhere SPS firmware images have a main and recovery image together, so if you find two $FPT partitions that would make sense. I think I read it on the win-raid forum. Check this topic for a start: https://www.win-raid.com/t596f39-Intel-Management-Engine-Drivers-Firmware-amp-System-Tools.html |
And of course you have also found ME Analyzer? Other thing: I've looked in the manual. Have you tried to set the ME to manufacturing mode? |
I think this jumper is actually mislabeled. The HECI firmware status always has bit 4 (manufacturing mode) set to 1 in both jumper positions. The jumper appears to toggle the ME between operational and recovery modes. |
I'm quite busy these days, but I haven't forgotten about this issue, don't worry. ;) I should have some spare time this weekend, I'll work on it. |
🔔 Ding, dong, the witch is dead! (I think) 🔔 I was able to work around not being able to remove more than two modules by changing the offset and length of a module to zero to remove it instead of removing the table entry entirely. You must leave Board reports firmware version: 0.0.0.0 and recovery mode, which I understand is usually a good sign that this worked. The firmware heartbeat bits of Booted ArchLinux, board has been up for 30 minutes, so no issues with the watchdog timer either. Happy to contribute my code for nulling out table entries instead of removing them if you think it's useful. |
Good job! I've looked into the SPS firmware, here you can find the raw content; as you can see the interesting partitions are
So my hypothesis is (no way to verify it, so I may be completely wrong):
This scheme allows a good redundancy, however the Note that, at least in ME 8, there was probably a backup FPT in the ROM (as we were able to completely wipe it without any effect). According to Youness, the ROM size has been reduced in Skylake, so it makes sense that they've moved the backup FPT out of it to save some space. The ROMB (ROM Bypass) partition is used only in pre-production images, so it makes sense that it's empty. Now, let's move to the part "what can we do?". Which partitions have you removed? Which ones are still there? |
some additional comments:
|
Just wanted to say that I didn't forget about this; things have just been a little crazy on my end. I will try to make time to put together a pull request sometime this week. edit: Unfortunately, this got away from me a little bit and I just haven't had the time. I will do my best to put something together before the end of July. edit 2: No longer actively working on this, but hopefully my comments here help someone in the future. |
@lasalvavida Could you please check this? Would be very appreciated :) Just do the following steps:
Also, please attach a dump of |
Hi @felixsinger. Unfortunately, I no longer have access to this mainboard. I can tell you that it does not have bootguard since the CPU is an Intel® Atom™ Processor C3338 which does not have bootguard. |
https://www.supermicro.com/products/motherboard/atom/A2SDi-2C-HLN4F.cfm
SPS version: 4.0.4.139
Have tried soft disable, code removal, and the combination of the two.
Soft disable doesn't appear to work at all here. The current state is still reported as Operational.
Code removal causes the board to enter a state where power is off and stays off even if the button is pressed, or a power command is issued over IPMI.
Have also tried
--keep-modules
, and using--whitelist
to attempt removing only single partitions. These exhibit various behaviors, some where the board stays off as described above, some where the board comes up but never POSTs, staying at code 0xff, and some that go through a few codes and then get stuck at 0xad. None of these boot paths successfully initialize VGA.I don't believe that this board has Intel Boot Guard, but the inability to remove anything from the ME section makes me think that either something about how me_cleaner modifies the image is failing some kind of validation, or that SuperMicro has made some kind of configuration/code change in SEC or PEI that requires ME to be present and functional.
@corna, any ideas?
The text was updated successfully, but these errors were encountered: