I was thinking that the x230 was so old it would just keep running, is that possible? I know that on newer platforms you only get the 30 minutes. 

ron

On Mon, Sep 12, 2016 at 10:28 AM Peter Stuge <peter@stuge.se> wrote:
ron minnich wrote:
> That's pretty interesting. I had no idea that would work.
>
> I wonder if erasing it all erases that little boot of the ME you need to
> get the hardware going, whereas the 4KB erase lets the little bootstrap
> run but disables the ME otherwise. If so, that's great news.

The ME code to start the platform is in (on-chip) ROM and a failed
signature check of the (compressed with AFAIK still unknown codebook)
ME code in flash just means that the ME considers the system broken
and allows it to run for a little while so that a human can repair it.

It's described pretty well in the Platform Embedded Security Revealed
book, along with the fact that the ME will sync it's internal clock
with NTP servers across the internet once every 30 days, to make CRL
checks for the remote management PKI work. Maybe this particular thing
doesn't happen with the smaller ME firmware. Dunno.


//Peter

--
coreboot mailing list: coreboot@coreboot.org
https://www.coreboot.org/mailman/listinfo/coreboot