[coreboot] Experiments with disabling the ME on Sandybridge x230

Peter Stuge peter at stuge.se
Mon Sep 12 21:11:41 CEST 2016 

Trammell Hudson wrote:
> > > My Linux payload initializes without any complaints.
> > 
> > Does it stay operational for more than 30 minutes? [...]
> > Does it resume after more than 30 minutes from power-on? And from suspend?
> 
> Yes, it has been operational for the past few hours

That's interesting. It would be interesting to find out more about
the state of the ME in this case. Maybe the cleared section isn't part
of it's firmware, or maybe it really doesn't care, though that would
surprise me.

I think there's an ME utility in the coreboot source tree. The ME
host interface isn't very well-documented AFAIK, but the kernel has
a little bit of code too.


> I think the lack of entering S3 on lid-closure might be a Qubes
> 3.2-rc regression, so I'm ignoring that for now.

Agree.


> > To look into the ME in a lot of detail I think you may need to get
> > involved with the hardware.
> 
> What hardware probes would you recommend?

One thing is the LPC bus. It doesn't have that much to do with the ME
per se, but I believe it's live from reset and so has early activity.

Another is the boot flash SPI. See what addresses get fetched.


I don't have a concrete tool to recommend, I am developing one, but
for the immediate term what you can buy is essentially expensive
logic analyzers with LPC and SPI decoders. :\


> Do you know of any easy place to attach them? The x230 has a
> second mini-pcie slot available if there are useful debugging
> devices.

The X230 has pads for a "debug card connector" which may be labeled CN14
on the mainboard, with LPC bus, IRQSER and a bit of power control.

There are also edge pads "golden finger" with roughly the same signals.

Neither the WLAN nor the WWAN Mini-PCIE slot have LPC signals.


> Here's the relevant sections from the 'cbmem --console'

Sorry, I haven't gotten to the details from the PCI side.


> I'm not sure what is it using.

Is the partitioning relevant for the ME? I'm not sure that it is.


> ME: Current Working State   : Recovery
> ME: Current Operation State : Bring up
> ME: Current Operation Mode  : Normal
> ME: Error Code              : No Error
> ME: Progress Phase          : BUP Phase
..
> ME: Current Working State   : Reset
> ME: Current Operation State : Preboot
> ME: Current Operation Mode  : Normal
> ME: Error Code              : No Error
> ME: Progress Phase          : ROM Phase

How do the above change, if at all, with unchanged flash?


//Peter

More information about the coreboot mailing list