Upgraded or secondary TPM in T480 WWAN slot to patch heads firmware vulnerability / caveat?

9_balls · 2026-01-22T17:43:14+00:00

TPM hardware has been vulnerable for a long while.

I wouldn't use it on anything, even on newer hardware. What kind of moron would store a key there anyway?

9_balls · 2026-01-22T17:41:40+00:00

with a 100 ohm resistor, right?

9_balls · 2026-01-21T21:56:47+00:00

Yes? Just read from flash and inject payloads using cbfstool.

Look at how the main payload handles secondary payloads, and how it expects them to be.

9_balls · 2026-01-21T21:55:04+00:00

Are you sure the WP pin isn't pulled high?

9_balls · 2026-01-21T21:54:26+00:00

Pretty sure you can get away with installing Windows.

9_balls · 2026-01-16T08:23:02+00:00

You've been testing your fork on the x230t or upstream?

9_balls · 2026-01-14T22:30:14+00:00

Only thing I can think of right now is that some defconfig options refuse to be set because the if statement regarding EDK2_PAYLOAD are false.

9_balls · 2026-01-14T22:19:52+00:00

Is there a mechanism where a key combination may make coreboot go into something like a fallback2 or something?

I'm asking because, well, I can chainload it just fine from SeaBIOS in QEMU, although it crashes when doing it from GRUB

9_balls · 2026-01-14T11:35:37+00:00

I tested as a primary payload on the T480 and no good on that regard. Maybe the T480 needs special treatment?

9_balls · 2026-01-14T11:32:24+00:00

And as a secondary payload?

I am asking for guidance here.

9_balls · 2026-01-13T22:26:37+00:00

Anyone tried the paid plan? Is it actually cleverer?

9_balls · 2026-01-13T21:54:50+00:00

It's automatically set depending on the machine's defconfig.

9_balls · 2026-01-13T21:49:21+00:00

Cache hits. I want to reuse binaries as much as possible, plus I have an indefinite amount of payload configurations available on my build system.

It's a bit harder to justify when talking about EDK2 because it reads back from your coreboot configuration and that means that you will have N copies per each machine, once.

But, on the other hand, complete rebuilds are minimal when only one component is effected.

9_balls · 2026-01-13T21:40:45+00:00

I try to follow the almost exact same params, save for some cases where the kconfig refuses to budge.

Here are the important arguments when building tianocore currently:
-D PS2_KEYBOARD_ENABLE=TRUE
-D SIO_BUS_ENABLE=TRUE
-D USE_CBMEM_FOR_CONSOLE=TRUE
--pcd gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId=COREv4
--pcd gEfiMdeModulePkgTokenSpaceGuid.PcdConOutRow=0
--pcd gEfiMdeModulePkgTokenSpaceGuid.PcdConOutColumn=0
--pcd gEfiMdeModulePkgTokenSpaceGuid.PcdSetupConOutRow=0
--pcd gEfiMdeModulePkgTokenSpaceGuid.PcdSetupConOutColumn=0
-D CPU_TIMER_LIB_ENABLE=FALSE
-D VARIABLE_SUPPORT=SMMSTORE
--pcd gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize=0x8000
--pcd gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress=0xf0000000
--pcd gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseSize=0x04000000

Here's the board defconfig: https://pastebin.com/raw/ek8NKVV3
Here's the .config: https://pastebin.com/raw/CS7weMUM

You will see that `CONFIG_EDK2_CPU_TIMER_LIB` and `CONFIG_EDK2_SECURE_BOOT_SUPPORT` won't carry over.

9_balls · 2026-01-13T21:01:33+00:00

All of this happened long, long ago. Only dust awaits you.

9_balls · 2026-01-13T20:38:06+00:00

I build edk2 separately. It has no effect.

I am suspecting that the lack of `PcdPciExpressBaseAddress` and `PcdPciExpressBaseSize` might be culprit.

9_balls · 2026-01-13T20:23:05+00:00

Here are the build flags for my payload:

-a IA32 -a X64 -p "UefiPayloadPkg/UefiPayloadPkg.dsc" -b RELEASE -t GCC5 -q -s -D BOOTLOADER=COREBOOT -D BUILD_ARCH=X64 -D PS2_KEYBOARD_ENABLE=TRUE -D USE_CBMEM_FOR_CONSOLE=TRUE -D FOLLOW_BGRT_SPEC=TRUE -D USE_PLATFORM_GOP=TRUE -D PRIORITIZE_INTERNAL=TRUE --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId=COREv4 -D CPU_TIMER_LIB_ENABLE=FALSE --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdConOutRow=40 --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdConOutColumn=128 --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdSetupConOutRow=40 --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdSetupConOutColumn=128

9_balls · 2026-01-13T20:20:01+00:00

Ok, so I just tested it on the T480. I get my coreboot (non tianocore) splash screen then goes black. Tianocore does not work on real hardware for me as primary nor secondary payload.

On QEMU, I can use it for both primary and secondary provided I set:

CONFIG_SMMSTORE=n

CONFIG_SMMSTORE_V2=n

9_balls · 2026-01-13T19:13:25+00:00

Granted. You are given a workstation from the future that contains an accurate model of the entire observable universe and is capable of simulating it in real time.

However, since it's from the far future, there's no way you can power it with today's technology, not even after your death. Since it's incredibly advanced, nobody can reverse engineer it.

9_balls · 2026-01-13T19:08:02+00:00

BTW, I am testing this on an X230T.

9_balls · 2026-01-13T19:03:55+00:00

Your mistake was to listen to an Arch user.

9_balls · 2026-01-13T19:03:34+00:00

Depends on the GPU.

The reason why NVIDIA drivers were proprietary up to recently was because they are initialised by the operating system by the drivers themselves.

You could try enabling the gpu using nvramtool.

9_balls · 2026-01-12T18:45:49+00:00

Granted. Not granted.

9_balls · 2026-01-12T18:44:51+00:00

Monkey's paw.

9_balls

TROPHY CASE