Anybody with linux could run intelmetool for bootguard?

Hi, can anybody run “intelmetool -b” on framework laptop ?

I’m curious about bootguard status on the machine.

For me, this is all it outputs:

Can't find ME PCI device
Can't find ME PCI device

I may have done something wrong though, I don’t know much about Intel ME or this tool. I’m on Fedora 34 and had to disable Secure Boot for the tool to work at all.

I’m not sure if the ME will show up if you chose a device without vPro, or it might not be visible/accessible in the firmware by default.

Oh, then I should clarify: I have the i7-1165g7, and therefore no vPro.

yes - sorry i should clarify - it would be nice to get the status on i7-1185g7

“-b” switch checks the “boot guard” status
i’m curious about porting CoreBoot to this machines - but to do so - bootguard must be disabled

could you check the bootguard status this way? :
install msr-tools

dnf install msr-tools

sudo apt install msr-tools

then run:

sudo modprobe msr
sudo rdmsr 0x13a

possible statuses will be something like that

0x0 == no bootguard

0x10000000 == verified
0x20000000 == measured
0x30000000 == verified + measured

They are hoping to work on Coreboot at some point.

i know they will, but if laptop is "unlocked’ from factory - opensource people (me included) could start right away :wink:

When I receive the laptop I will definitely try this out and tell you. I hope it is unlocked


$ cat /proc/cpuinfo | grep "model name" | head -1
model name	: 11th Gen Intel(R) Core(TM) i7-1185G7 @ 3.00GHz
$ sudo rdmsr 0x13a

Damn what does boot guard verified and measured do. And is it possible to remove it