<div dir="ltr">I was thinking that the x230 was so old it would just keep running, is that possible? I know that on newer platforms you only get the 30 minutes. <div><br></div><div>ron</div></div><br><div class="gmail_quote"><div dir="ltr">On Mon, Sep 12, 2016 at 10:28 AM Peter Stuge <<a href="mailto:peter@stuge.se">peter@stuge.se</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">ron minnich wrote:<br>
> That's pretty interesting. I had no idea that would work.<br>
><br>
> I wonder if erasing it all erases that little boot of the ME you need to<br>
> get the hardware going, whereas the 4KB erase lets the little bootstrap<br>
> run but disables the ME otherwise. If so, that's great news.<br>
<br>
The ME code to start the platform is in (on-chip) ROM and a failed<br>
signature check of the (compressed with AFAIK still unknown codebook)<br>
ME code in flash just means that the ME considers the system broken<br>
and allows it to run for a little while so that a human can repair it.<br>
<br>
It's described pretty well in the Platform Embedded Security Revealed<br>
book, along with the fact that the ME will sync it's internal clock<br>
with NTP servers across the internet once every 30 days, to make CRL<br>
checks for the remote management PKI work. Maybe this particular thing<br>
doesn't happen with the smaller ME firmware. Dunno.<br>
<br>
<br>
//Peter<br>
<br>
--<br>
coreboot mailing list: <a href="mailto:coreboot@coreboot.org" target="_blank">coreboot@coreboot.org</a><br>
<a href="https://www.coreboot.org/mailman/listinfo/coreboot" rel="noreferrer" target="_blank">https://www.coreboot.org/mailman/listinfo/coreboot</a><br>
</blockquote></div>