- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
We have the following scenario:
- EMA Server version 1.8.1 over a Windows Server 2019 DCE VM.
- Endpoint:
Model: "Dynabook Portégé X40L-K-110"
Processor: "Intel Core i5-1250P vPro"
BIOS version :2.30 (latest version)
Disk SSD : Model SAMSUNG MZVLQ512HBLU-00B00
The Endpoint is AMT provisioned in ACM Mode
We have tried the Action "Platform Erase" with no success.
We tried this action with the Endpoint in differents States:
a- S0 Power State at BIOS Setup
b- S0 Power State at Operating System Windows 10 Running
c- S5 Power State.
Only in State (a) we get this KVM outputs
Secure Erase !!!!
Disk erase completed. Exiting SSD Erase in 2 seconds
Operating system not found
But Partition Table and File Systems in that partitions have not been erased.
Is there any log we can check or utility we can use to check and determine what was going wrong while did the erase?
We have seen that this feature depends on BIOS version and Hard Disk,
how can we check that our Endpoint (described above) supports the Feature "Secure Erase" ?
Thank you very much in advance
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello SistemasLVDG,
Thank you for joining the community
In order to confirm if your system supports this "Remote Secure Erase" feature, you want to check directly with the OEM (Dynabook in this case). The BIOS is developed by the manufacturer directly and Intel is not involved at any level.
About the logs, you can check at this path <Installer Directory>/EMALog-Intel®EMAInstaller.txt
Regards
Jose A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Jose
We have executed a Secure Erase with Success from BIOS Setup
GPT Disk's Partition Table was correctly removed, so this operation was successfull, what confirms our BIOs and our SSD Disk support this feature.
So we need to know why this "Platform Erase" Action does not work , because the logs, in the path you indicated are associated to the log of the Installer
<Installer Directory>/EMALog-Intel®EMAInstaller.txt
is there any alternative log file ?
We have reviewed this directory and its files
c:\Program Files (x86)\Intel\Platform Manager\EMALogs\
but we don't find the reason why this erase does not progress .
Thanks in advance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello SistemasLVDG,
So just to clarify. Whenever you apply the Secure Erase option directly from BIOS it works fine. But when you try to apply it from the EMA console, it shows as successful, the OS is not found, but the partition tables are not fully deleted.
I am still investigating if there are any alternate logs that can be retrieved.
We will look forward to your update
Regards
Jose A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Jose
We answer on your email:
So just to clarify. Whenever you apply the Secure Erase option directly from BIOS it works fine.
yes, that´s correct
But when you try to apply it from the EMA console, it shows as successful, the OS is not found, but the partition tables are not fully deleted.
yes, partition table of the GPT disk is intact and the contents of the filesystems inside that partitions too.
I am still investigating if there are any alternate logs that can be retrieved.
thanks, that´s what we need
As a complementary information. The only way that the BIOS Setup of our Dynabook endpoints show the "Secure Erase" option as available is unsetting/unregistering/clearing de "SSD Master Password". As you know, the RPE (Remote Platform Erase) asks for the
"SSD Master Password" in order to do the Remote Erase. We have tested the RPE in two different scenarios:
1- With the "SSD Master Password" set
2- With the "SSD Master Password" unset/unregistered and using de "BIOS Supervisor Password" at the RPE form (instead of the
"SSD Master Password")
but the results were the same (partition table of the GPT disk is intact and the contents of the filesystems inside that partitions too)
We will look forward to your update
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello SistemasLVDG,
Based on the documentation in
in section 1.2.9 it seems that your system complies with the requirements; nevertheless, after reviewing the https://www.intel.com/content/www/us/en/develop/documentation/amt-developer-guide/top/remote-secure-erase/remote-secure-erase-implementation.html it specifies that the SSD should be Intel® SSD Professional Family (Pro 6000p Series, Pro 5400s Series, Pro 2500 Series, Pro 1500 Series, ). Since you are using an OEM disk, this could be the reason for the feature not working as expected
Regards
Jose A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please Jose,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello SistemasLVDG,
Based on the Intel documentation, that particular SSD series models are the supported ones for the Remote Secure Erase feature
Below are the platform requirements for RSE support:
- Platform with Intel AMT 11.0 or later
- BIOS supporting Intel RSE capability
- Intel® SSD Professional Family (Pro 6000p Series, Pro 5400s Series, Pro 2500 Series, Pro 1500 Series, )
But if you are planning to purchase a new SSD for this purpose only, I could suggest you try to get a similar one and test it before.
Regards
Jose A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the answer Jose
Please, may we maintain the case open while our OEM (Dynabook) clarifies its support of this Feature?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello SistemasLVDG,
Could you please try the following?
Run the ECT tool on your system and save to .xml file
Open the .xml file and there will be two entries for RSE, do a search for:
<IsRSEEnabled>Value</IsRSEEnabled>
<RSESupported>Value</RSESupported>
Do you have True or False value for each?
Regards
Jose A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello SistemasLVDG,
Thank you. Let me analyze this and will get back to you.
Regards
Jose A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello SistemasLVDG,
We apologize for the ongoing and repetitive questions, but could you please confirm the following:
- Is the SSD in the client system one that is in the supported list here? https://www.intel.com/content/www/us/en/develop/documentation/amt-developer-guide/top/remote-secure-erase/remote-secure-erase-implementation.html
- Do they have remote platform erase enabled in the AMT profile?
We will look forward to your comments
Regards
Jose A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi SistemasLVDG,
JoseH_Intel (Moderator) posted a new reply in Intel vPro® Platform on 02-03-2023 05:40 AM:
Re:Remote Platform Erase
Hello SistemasLVDG,
We apologize for the ongoing and repetitive questions, but could you please confirm the following:
Is the SSD in the client system one that is in the supported list here? https://www.intel.com/content/www/us/en/develop/ documentation/amt-developer- guide/top/remote-secure-erase/ remote-secure-erase- implementation.html
Model: "Dynabook Portégé X40L-K-110"
Processor: "Intel Core i5-1250P vPro"
BIOS version :2.30 (latest version)
Disk SSD : Model SAMSUNG MZVLQ512HBLU-00B00
As you can see, disk model is NOT one of the list
Do they have remote platform erase enabled in the AMT profile?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello SistemasLVDG,
Thank you for waiting for our updates.
In order to continue troubleshooting your issue, you need to contact the OEM to get the instructions to turn OFF "Demo Mode". The drive will actually get wiped by EMA when this is changed.
In case you need more assistance please let us know.
Best regards,
Sergio S.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for answer Sergio
We have just forwarded to the OEM these questions:
- is "Demo Mode" turned ON in our endpoints?
- if so, which is the procedure to turn it OFF?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello SistemasLVDG,
Do you have any updates from the OEM?
Please do not hesitate to contact us back.
If you consider the issue to be completed please let us know so we can proceed to mark this thread as closed.
Regards
Jose A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sergio,
This is Enrique from dynabook..
Could you please tell us what is the "demo mode" - where is is located? (Laptop Standard BIOS or vPro BIOS),
is it only related to the "secure errace" feature or "platform erase" feature?
and how can we enable or disable it?
sorry to ask , but we didn't know so far about thie "demo mode"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have still no updates from the OEM
May you please remain the thread open until we have a final explanation from the OEM about the "Demo mode"?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello SistemasLVDG,
After analyzing your situation, we want to apologize, but at this point, you need to work with the assigned Intel representative for OEM Dynabook to work through this issue as this is something that the OEM would implement.
Regards
Jose A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello SistemasLVDG,
After doing some deeper research, we got some extra information on this. Could you please check under BIOS, for something called SSD Erase Mode and see if it's set to "simulated"?
Regards
Jose A.
Intel Customer Support Technician
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page