Documentation: Introduce HP Sure Start and the method to bypass it

Change-Id: Id198afdaa13b4c361e1b77a56d5a2436ed1c4c86
Signed-off-by: Iru Cai <mytbk920423@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45577
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This commit is contained in:
Iru Cai 2020-09-16 22:47:57 +08:00 committed by Angel Pons
parent 4355a6715a
commit 136380fcac
2 changed files with 61 additions and 0 deletions

View File

@ -0,0 +1,60 @@
# HP Sure Start
According to the [HP Sure Start Technical Whitepaper], HP Sure Start is a chipset
and processor independent firmware intrusion detection and automatic repair system.
It is implemented in HP notebooks since 2013, and desktops since 2015.
This document talks about some mechanism of HP Sure Start on some machines, and
the method to bypass it.
## Laptops with SMSC MEC1322 embedded controller
Haswell EliteBook, ZBook and ProBook 600 series use SMSC MEC1322 embedded controller.
The EC firmware implements HP Sure Start.
A Haswell EliteBook has two flash chips. According to the strings in the EC firmware,
the 16MiB flash chip that stores the BIOS firmware is called the *system flash*, and
the 2MiB flash chip that stores part of the system flash content is called the
*private flash*. A Haswell ProBook 600 series laptop also uses MEC1322 and has similar
EC firmware, but the HP Sure Start functions are not enabled.
The private flash is connected to the EC, and is not accessible by the OS.
It contains the following:
- HP Sure Start policy header (starting with the string "POLI")
- A copy of the Intel Flash Descriptor
- A copy of the GbE firmware
- Machine Unique Data (MUD)
- Hashes of the IFD, GbE firmware and MUD, the hash algorithm is unknown
- A copy of the bootblock, UEFI PEI stage, and microcode
If the IFD of the system flash does not match the hash in the private flash, for example,
modifying the IFD with ``ifdtool -u`` or ``me_cleaner -S``, the EC will recover the IFD.
If the content of the private flash is lost, the EC firmware will still copy the IFD,
bootblock and PEI to the private flash. However, the IFD is not protected after that.
HP Sure Start also verifies bootblock, PEI, and microcode without using the private flash.
EC firmware reads them from an absolute address of the system flash chip, which is
hardcoded in the EC firmware. It looks like this verification is done with a digital
signature. If the PEI volume is modified, EC firmware will recover it using the copy
in the private flash. If the private flash has no valid copies of the PEI volume, and
the PEI volume is modified, the machine will refuse to boot with the CapsLock LED blinking.
## Bypassing HP Sure Start
First search the mainboard for the flash chips. If there are two flash chips,
the smaller one may be the private flash.
For Intel boards, try to modify the IFD with ``ifdtool -u``, power on and shut down
the machine, then read the flash again. If the IFD is not modified, it is likely to
be recovered from the private flash. Find the private flash and erase it, then the IFD
can be modified.
To bypass the bootblock and PEI verification, we can modify the IFD to make the
BIOS region not overlap with the protected region. Since the EC firmware is usually
located at the high address of the flash chip (and in the protected region),
we can leave it untouched, and do not need to extract the EC firmware to put it in
the coreboot image.
[HP Sure Start Technical Whitepaper]: http://h10032.www1.hp.com/ctg/Manual/c05163901

View File

@ -61,6 +61,7 @@ The boards in this section are not real mainboards, but emulators.
### EliteBook series ### EliteBook series
- [HP Laptops with KBC1126 EC](hp/hp_kbc1126_laptops.md) - [HP Laptops with KBC1126 EC](hp/hp_kbc1126_laptops.md)
- [HP Sure Start](hp/hp_sure_start.md)
- [EliteBook 2560p](hp/2560p.md) - [EliteBook 2560p](hp/2560p.md)
- [EliteBook 8760w](hp/8760w.md) - [EliteBook 8760w](hp/8760w.md)