[coreboot] Experiments with disabling the ME on Sandybridge x230
rminnich at gmail.com
Mon Sep 12 19:34:43 CEST 2016
I was thinking that the x230 was so old it would just keep running, is that
possible? I know that on newer platforms you only get the 30 minutes.
On Mon, Sep 12, 2016 at 10:28 AM Peter Stuge <peter at stuge.se> wrote:
> ron minnich wrote:
> > That's pretty interesting. I had no idea that would work.
> > I wonder if erasing it all erases that little boot of the ME you need to
> > get the hardware going, whereas the 4KB erase lets the little bootstrap
> > run but disables the ME otherwise. If so, that's great news.
> The ME code to start the platform is in (on-chip) ROM and a failed
> signature check of the (compressed with AFAIK still unknown codebook)
> ME code in flash just means that the ME considers the system broken
> and allows it to run for a little while so that a human can repair it.
> It's described pretty well in the Platform Embedded Security Revealed
> book, along with the fact that the ME will sync it's internal clock
> with NTP servers across the internet once every 30 days, to make CRL
> checks for the remote management PKI work. Maybe this particular thing
> doesn't happen with the smaller ME firmware. Dunno.
> coreboot mailing list: coreboot at coreboot.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the coreboot