Intel gen 14th+ (Meteor Lake) strong dependencies against ME/CSME (s0ix requiring ME, s3 deprecated, ME not HAP disabled) #1801
Comments
tlaurion
changed the title
tlaurion
changed the title
|
"Clarify bootguard key fusing and update platforms limitations" will be seperate issue once we have to cross that bridge, no point doing prevention/documenting unknowns for the moment (i'm asked to be less verbose and told i'm off topic: letting go).
ME disablement/s3 was not considered a "Business oriented" discussion up to now even if flagged raised back to QubesOS mini-summit directly with stakeholders. Waiting for updates from the "business" side of things. Heads never supported ME enabled platform up to now. |
tlaurion
changed the title
tlaurion
changed the title
Looking at the Intel's approach to S3, it is rather a matter of when not if this changes, unless this will be a hard blocker of supporting new platforms. |
@macpijan the point is that we are not there yet. But we are not there yet, aren't we? In all case, if ME can be disabled, it will be the default under Heads, and hopefully as an open source community pushing for what should be used, we will switch away of Intel to something else and focus on the alternatives more intensely. If we know it will happen in the future, maybe we should work on this today. Can somebody explain me why I would want my computer to always be awake again? If this is the case, I will power it off, which is recommended opsec anyway outside of roaming from outside the house to inside the house and when laptop is in physical presence, otherwise it should be powered off. My 2 cents. |
|
Note to everyone lurking into this issue: we are not there yet and v506tu/v540tu will not have ME enabled, and supports s3. Its a question of adapting the configurations before #1821 under #1846 based on #1871 per @mkopec Ref #1846 (comment) |
|
ME is now disabled and S3 is enabled and functional: #1846 (comment) As I mentioned elsewhere, it's not supported by Intel so if it breaks with some update to silicon or fw there's a good chance they won't fix it (that's what happened with Tiger Lake), but right now it seems to work well |
There seems to be a confusion from community around possibility of getting Clevo laptops with unfused bootguard keys and being able to flash custom firmware on those Clevo laptops. Clarify that Clevo laptops have unfused bootguard keys only if ordered through Novacustom bulk orders from Clevo to be rebranded and distributed with Dasharo firmware.
EDIT:
ME/CSME is now required (cannot be disabled) to obtain S0ix sleep state. S3 is not possible on newer Intel platforms.So user has to switch ME on to suspend (sleep), or accept that no sleep is possible. Note that hibernation is not possible on QubesOS (Xen). So this means important change on UX.This is true on Intel gen 13+, ie NovaCustom V56 14th Gen, amongst others.This proved to be wrong statement, not so late after QubesOS mini-summit 2024, it was proven that Novacustom V56/Nitropad V56 Intel CPU gen 14th CAN do S3 still. So this problem is reported for next gen, CSME/ME not required for sleep YET.
Edit: unsure as of now see next comment...
The text was updated successfully, but these errors were encountered: