Table of contents

1. Coreboot specs
2. Intel
3. Additional required Intel blobs:
4. ME status on different boards models
5. AMD
6. Power9

Coreboot specs

Intel

• xxx0: gm45 bridge, Montevina: no FSP, no ME: X200, T400, T500, R500, X300 : no QubesOS support there (no proper vt-d2)
• xx20: Sandy bridge, no FSP. ME<10: BUP module required only: X220/T420/T520
• xx30: Ivy bridge, no FSP. ME<10: ROMP and BUP required: X230/T430/W530 Z220 CMT and others
• xx40: Haswell, no FSP, ME<10: ROMP and BUP required: t440p w541 without MRC blob (upsteam docs outdated)
  • NRI was merged in upstream 25.03 and under Heads 25.09 coreboot version bump

Additional required Intel blobs:

• FSP is present in all Broadwell+ platforms
• MRC blob present in all Broadwell+ plaforms

ME status on different boards models

• Removed in ME <=6 (xxx0)
• Deactivated+Neutered ME in ME 6 <= 10 (xx20 BUP/xx30 BUP+ROMP)
• Deactivate+Partially Neutered (BUP, RBE, Kernel and syslibs modules REQUIRED in ME > 11)
• Soft disable/HAP disable bit possible on ME 12+ (PoC BE CAUTIOUS)
• xx30, xx20: ME 6 <= 10
• Skylake, Kabylake, Whiskeylake and newer: ME >= 11
• Intel ME then changed its name to Converged Security Management Engine (CSME), where HAP bit can be flipped, but modules cannot be removed anymore.

AMD

• AMD fam15h (eg: kgpe-d16)
• PSP in all models after fam15h

Power9

• Blobless.