[coreboot] Experiments with disabling the ME on Sandybridge x230

Peter Stuge peter at stuge.se
Mon Sep 12 20:13:16 CEST 2016

Trammell Hudson wrote:
> I'm experimenting with what happens if I remove the ME firmware from
> from the lower SPI flash chip on my Thinkpad x230.

AFAIK the ME will allow the platform to stay on for 30 minutes, and
will then shut it down hard.

This has been observed by people in the coreboot community, I haven't
personally seen it, and I don't know exactly how the shutdown happens,
but I assume it involves pulling a signal to the chipset.

The 30 minutes are meant to give a technician some time to restore
the platform into a functional state.

If you are interested in the ME I strongly recommend reading through
the entertaining book Platform Embedded Security Revealed, free
download at apress.com, redistributable for non-commercial purposes
only. ISBN 9781430265719 or 9781430265726.

> If I just erase the first 4KB of its region (0x3000, starts with "$FPT"),
> coreboot boots up fine and reports that "WARNING: ME has bad firmware".
> My Linux payload initializes without any complaints.

Does it stay operational for more than 30 minutes?

> systemctl suspend works fine and the system wakes up when I open
> the lid again, so this might might be a spurious issue.

Does it resume after more than 30 minutes from power-on? And from suspend?

> If I erase the entire ME region from 0x3000 to 0x4FFFFF the system will
> not boot at all.

Not sure that's because of ME, but could be.

> The indicator on the power button will flash when I press it,

That is an LED connected to the EC, unrelated to the x86 platform.

> but the system does not seem to respond otherwise (I do not
> have a port 80 debugger or hardware serial port to see where
> it is failing).

To look into the ME in a lot of detail I think you may need to get
involved with the hardware.


More information about the coreboot mailing list