On Mon, 27 Mar 2017 14:33:23 -0700 Andrey Petrov andrey.petrov@intel.com wrote:
Hi,
On 03/27/2017 01:05 PM, Denis 'GNUtoo' Carikli wrote:
Since until now, the code running on the management engine is:
- Signed by its manufacturer
- Proprietary software, without corresponding source code
It can desirable to run the least ammount possible of such code, which is what me_cleaner[1] enables.
It does it by removing partitions of the management engine firmwares, however when doing so, the HECI interface might not be present anymore.
So it is desirable not to have the RAM initialisation code wait forever for the HECI interface to appear.
I do not know how ME cleaner operates but I believe security engine may be going into "recovery mode".
That is my understanding too. If I understood correctly, the only partitions left contain code meant to intialize the management engine just enough to be able to boot the computer and reflash the boot flash.
This means it may never indicate readyness status. However the fact it is in recovery mode can be figured out programmatically as one of FWSTS registers.
So you can try checking if security engine is in recovery and just skip waiting altogether. Try looking at "Current state" bits or "OP mode" bits. I suspect either of them will change after ME cleaner. FWSTS sits in ME PCI device config space and should be easily accessible. Typically FWSTS registers they sit in offset 0x40,0x48,0x60 and so on. Please try to compare them before and after ME cleaner.
Thanks, I might try to do it if I can find the time.
Denis.