[coreboot] Experiments with disabling the ME on Sandybridge x230

ron minnich rminnich at gmail.com
Thu Sep 15 21:26:34 CEST 2016 

This is fantastic!

I hope you can write this up for the coreboot wiki ...

ron

On Thu, Sep 15, 2016 at 12:24 PM Trammell Hudson <hudson at trmm.net> wrote:

> On Mon, Sep 12, 2016 at 09:27:18PM +0000, Peter Stuge wrote:
> > Trammell Hudson wrote:
> > > I've experimented with clearing additional bits, from 0x3000 to 0x10000
> > > with the same results.  If I were really motivated I might binary
> search
> > > how much of the firmware it needs...
> >
> > That would be interesting.
>
> After a fairly brief binary search, I have determined a significantly
> reduced chunk of code required to have the Intel Management Engine bring
> up the hardware and then stay in the "ROM Phase".  This also allowed
> me to adjust the flash descriptor to give an extra 3 MB of storage to
> coreboot for my payload, as well as removed some of the problematic
> ME applications.
>
> The only piece that must be present for my x230 to function is the 512 KB
> FTPR partition at offset 0x183000, which contains these compressed
> modules (some Huffman, some LZMA):
>
>       'UPDATE' 000001BE
>       'ROMP' 0000070A
>       'BUP' 0000E064
>       'KERNEL' 00021B62
>       'POLICY' 00016AE2
>       'HOSTCOMM' 00006DDB
>       'RSA' 00005255
>       'CLS' 00005791
>       'TDT' 000066E5
>       'FTCS' 00004680
>       'ClsPriv' 000003E1
>       'SESSMGR' 0000E909
>
> This means that the ME no longer has any network stack (stored in the
> NFTP partition that has been removed), nor the protected video path
> or JCOM modules from the MDMV parition.  I do not know if the various
> anti-theft and timeout measures are also now neutralized.
>
> If I leave the firmware partition table at offset 0x3000 in place,
> the ME faults after bringup (but the system continues to function).
> Without the partition table it stays in the ROM phase.  I'm not sure if
> one outcome is preferable to the other.
>
> Relocating the FTPR partition did not work unfortunately, so there is
> some wasted space.
>
> --
> Trammell
>
>
> --
> coreboot mailing list: coreboot at coreboot.org
> https://www.coreboot.org/mailman/listinfo/coreboot
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20160915/b9b6a8ff/attachment.html>

More information about the coreboot mailing list