Intel® Remote Platform Erase

Intel® Remote Platform Erase (Intel® RPE) allows the IT administrator to remotely erase all of a platform’s information, including (optionally) Intel® AMT information. This enables reuse of the platform without needing to erase the SSD manually.

 Note:

   Intel Remote Platform Erase is the new erase feature, and is more advanced than the Secure Erase feature that was added in Release 11.0. Users are recommended to use Intel® Remote Platform Erase instead of the older Secure Erase.

Benefits of Intel® Remote Platform Erase

Intel Remote Platform Erase allows the following:

   Protecting company assets and personal Information by clearing all user and company data from a device before disposing of or reselling the device.

   Supporting reuse of the device within a company, following erasure or reset of some of the information on the device.

Using Intel® Remote Platform Erase for Device Reuse

To allow reuse of a system within the corporation, Intel Remote Platform Erase enables IT to remotely erase the system’s user data while retaining the corporate configuration of BIOS and Intel CSME firmware (Intel® AMT).

Using Intel® Remote Platform Erase in Device Resale/EOL/Return

Intel Remote Platform Erase enables IT to remotely erase all user and corporate data on the platform, including removing the operating system.

Features Available with Intel CSME 16.0

In Intel CSME 16, Intel Remote Platform Erase includes the following functionality:

   Secure Erase of All SSDs: Removal of all content from ATA and NVM drives through a combination of media erase and crypto erase.

   TPM Clear: Deleting all created keys associated with the TPM, and data protected by those keys, such as a virtual smart card or a login PIN.

   Restoring BIOS Settings to EOM (End of Manufacture) state: Restoring the BIOS to a golden configuration specified by the system designer.

   Unconfiguring Intel CSME Firmware: Full unprovisioning of Intel AMT and returning it to the default state. This disables the Intel AMT features.

Features Available with Intel CSME 16.1 Running on a Raptor Lake Platform

On Raptor Lake platforms running Intel CSME 16.1, Intel Remote Platform Erase includes the functions available in Intel CSME 16.0 plus the following additional functions (note that these additional features are not available on Alder Lake platforms running Intel CSME 16.1):

   Enabling OEM Custom Actions: Allows for OEM custom actions as defined by the OEM or IBV.

   Reverting Pyrite-protected drives with a known drive lock password: Allows executing the Pyrite REVERT command on drives protected by a Pyrite drive locking password. This requires the IT administrator to know the password.

   Clearing BIOS variables: Ensures clearing of BIOS variables whose values were set after End of Manufacture.

Typical Erase Flow

Note: The feature must be enabled both in the BIOS and in Intel AMT, and the erase flow must be performed over TLS.

Following is a typical flow for the IT administrator to use for performing an Intel Remote Platform Erase:

1. Check whether Intel Remote Platform Erase is enabled in the Intel AMT firmware, supported by BIOS and enabled in BIOS, by reading CIM_BootService.EnabledState. If the feature is not enabled, do the following to determine the reason for this:

a.   If CIM_BootService.EnabledState shows that the feature is not enabled in the firmware, enable it by using CIM_BootService.RequestStateChange (the same method can be used to disable it). This action requires the ADMIN_SECURITY_ADMINISTRATION_REALM.

Note: If Intel Remote Platform Erase is disabled or not supported in the BIOS, calling CIM_BootService.RequestStateChange will return an error. If this happens, enable the feature in BIOS.

b.   Check whether the platform’s BIOS supports Intel Remote Platform Erase: Read AMT_BootCapabilities.PlatformErase to discover BIOS support for the feature and see which devices (if any) the BIOS can erase. See Viewing the Platform’s Erase Capabilities.

c.   Discover whether the feature is enabled in BIOS by reading AMT_BootSettingData.RPEEnabled. The user can manually change the enabled state via the BIOS menu. Note: The state can be changed only via the BIOS menu. See Viewing the Erase Capabilities Enabled by the BIOS.

2. If the feature is enabled in BIOS and in Intel AMT, use AMT_BootSettingData.PlatformErase to set the PlatformErase boot option for the next boot.

3. Use AMT_BootSettingData.UefiBootParametersArray to configure the devices that should be erased. See Transmitting Parameters from the Console to BIOS via Intel AMT for the required message format, and Intel Remote Platform Erase Parameter Types for details on the the types of parameters.

4. Use CIM_BootService.SetBootConfigRole to activate the Intel Remote Platform Erase specified in AMT_BootSettingData so that it will be executed after the next restart.

5. Restart the platform (e.g., by using an Intel AMT remote control command or pressing the Restart button.

6. Track the progress and state of the operation by reading AMT_BootSettingData.BIOSLastStatus or (for more detailed information) the Intel AMT Event Log.

After the restart, the BIOS reads the boot options and boot parameters from the Intel CSME firmware, and begins to erase or clear the devices on the platform, one at a time.

As the operation progresses, the BIOS reports the operation’s status to Intel CSME. Intel CSME logs the status in the Intel AMT event log so that the IT administrator can view it.

Typical Intel AMT Unconfigure Flow

Following an Intel Remote Platform Erase flow and getting the status of this erase via Intel AMT, it is recommended to perform unconfiguration of Intel CSME (which includes unconfiguration of Intel AMT). Once these steps have been performed, the platform is no longer reachable remotely.

After performing the erase, reboot the platform via an Intel AMT remote control command, and then use the AMT_BootSettingData.ConfigurationDataReset WS-MAN command to reset the Intel AMT non-volatile configuration data to the factory defaults. Intel CSE performs an unconfigure operation, in which the boot options are cleared and logs are erased.

After the unconfiguration, verify that Intel ME is no longer accessible.

Viewing the Operation’s Status

There are 2 ways for the management console to monitor the operation status:

 Subscribe to Boot Progress / Error Alerts: During boot, the BIOS sends ASF PET alerts to Intel AMT regarding the boot progress. The management console can subscribe to the alerts via the AMT_BootSettingData.ForcedProgressEvents command. These events show the detailed progress for each device that the BIOS is attempting to clear.
To receive PET events, you need to configure a filter, similar to Configuring a Filter for Logging OCR Events.

 Poll the status that the BIOS provides to Intel AMT: The BIOS notifies Intel AMT about the operation’s progress. When BIOS starts executing the boot option that it received from Intel AMT, the BIOS reports the execution state as In Progress. It continues reporting In Progress until the erase operation (clearing the SSD, TPM, etc.) is complete. Once the BIOS completes the erase flow, it updates Intel AMT with the status Success or Failed. The management console can use the AMT_BootSettingData.BIOSLastStatus command to read this status.

Viewing the Platform’s Erase Capabilities

The Management Console can read AMT_BootCapabilities.PlatformErase to discover the erase capabilities supported by the platform in each version of Intel CSME.

Viewing the Erase Capabilities Enabled by the BIOS

The management console can discover whether the platform’s BIOS enables Intel Remote Platform Erase via the AMT_BootSettingData.RPEEnabled field.

If the BIOS does support the feature, the erase capabilities can be viewed via AMT_BootCapabilities.PlatformErase.

Intel Remote Platform Erase Parameter Types

The following table lists the Intel parameter types for Intel Remote Platform Erase. The OEM/ISV can add their own proprietary parameters, as needed by the BIOS.

ParameterTypeID Maximum Size Description Mandatory Used in Unconfigure
Bit mask of devices that should be cleared = 1 4 bytes Bit mask of device that should be clear Yes Yes
PSID = 10 64 bytes PSID used to revert/clear pyrite drive No No
SSD Master Password = 20 64 bytes Password used to clear SSD No No
OEM defined additional parameter = 30 500 bytes OEM defined parameters No No

Copyright © 2006-2022, Intel Corporation. All rights reserved.