Popular Posts

  • X220 Resources
    Introduction Congratulations, you chose the best laptop - the Lenovo Thinkpad X220. Below is a collection of information, tips, and tweak...
  • Coreboot X220 guide
    Please read the post Neuter Intel ME with me_cleaner which describes how to read and write BIOS chips with an SPI programmer - this will no...

Pages

Thursday, December 13, 2018

Neuter Intel ME with me_cleaner

Thanks to the work by the me_cleaner team!

Basic steps are
  1. Obtain a copy of me_cleaner from Github
  2. Install python, if not already installed
  3. Dump BIOS firmware with SPI flash reader
  4. Clean the image with the command python me_cleaner.py -S -O modified_image.bin original_dump.bin
  5. Flash modified image
  6. Check status of Intel ME with MEInfoWin.exe in Windows or intelmetool in Linux

Obtaining a Copy of me_cleaner

Run git clone https://github.com/corna/me_cleaner.git [desired location]
Alternatively download straight from the project page


Dump BIOS

For this you will require
  • Some SPI programmer with drivers - I used a $3 CH341a USB-SPI programmer
  • A SOIC-8/SOP-8 test clip 
  • Some jumper cables to connect the clip to the programmer
  • Flashrom installed
  • Some patience
Assuming you have the above we can then connected the programmer to the BIOS chip.
  1. Disconnect the battery and AC from the laptop
  2. Locate the BIOS chip on the motherboard directly right of the Expresscard cover
  3. Connect the chip to the programmer as per below
  4. For Linux run sudo flashrom -r original.bin -p ch341a_spi -c "MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E"For Windows follow the GUI
    An example output is shown at the bottom of the post
  5. Run again and make sure MD5 hashes match
Notes
You may need to change the chip model depending on your motherboard
If flashrom says it cannot detect any chips, check your wiring and clip connection


Clean the Image 

Run the command python me_cleaner.py -S -O modified_image.bin original_dump.bin

An example output is shown at the bottom of the post

-O specifies output filename
-S neuters the Intel ME firmware and sets the High Assurance Program (HAP) bit
-s leaves the firmware intact but sets the HAP bit
Read the readme for more details

Flash Modified Image

For Linux run sudo flashrom -w modified_image.bin -p ch341a_spi -c "MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E"For Windows follow the GUI

An example output is shown at the bottom of the post

With luck flashrom will say "VERIFIED" meaning that the firmware was flashed successfully.

Check Status of Intel ME

For Linux
  1. Install intelmetool
  2. Add iomem=relaxed to kernel commandline to /etc/default/grub
  3. Rebuild grub using sudo update-grub  
  4. Reboot
  5. Run sudo rmmod mei_me; sudo rmmod mei; sudo intelmetool -S
  6. Check what the output means here
For Window
  1. Obtain MEInfoWin.exe tool via Intel ME firmware update extracted files
  2. Run MEInfoWin.exe with admin privileges

Congratulations!

Now your system is mostly free of Intel ME!

Log Dumps

[arch@x220b me_cleaner-master]$ sudo flashrom -r original.bin -p ch341a_spi -c "MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E"
flashrom v1.0 on Linux 4.18.9-arch1-1-ARCH (x86_64)
flashrom is free software, get the source code at https://flashrom.org

flashrom was built with libpci 3.5.6, GCC 7.2.1 20171224, little endian
Command line (7 args): flashrom -r original.bin -V -p ch341a_spi -c MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E
Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
Initializing ch341a_spi programmer
Device revision is 3.0.4
The following protocols are supported: SPI.
Probing for Macronix MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E, 8192 kB: probe_spi_rdid_generic: id1 0xc2, id2 0x2017
Found Macronix flash chip "MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E" (8192 kB, SPI) on ch341a_spi.
Chip status register is 0x00.
Chip status register: Status Register Write Disable (SRWD, SRP, ...) is not set
Chip status register: Bit 6 is not set
Chip status register: Block Protect 3 (BP3) is not set
Chip status register: Block Protect 2 (BP2) is not set
Chip status register: Block Protect 1 (BP1) is not set
Chip status register: Block Protect 0 (BP0) is not set
Chip status register: Write Enable Latch (WEL) is not set
Chip status register: Write In Progress (WIP/BUSY) is not set
This chip may contain one-time programmable memory. flashrom cannot read
and may never be able to write it, hence it may not be able to completely
clone the contents of this chip (see man page for details).
Reading flash... done.

[arch@x220b me_cleaner-master]$ sudo flashrom -r original1.bin -p ch341a_spi -c "MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E"
flashrom v1.0 on Linux 4.18.9-arch1-1-ARCH (x86_64)
flashrom is free software, get the source code at https://flashrom.org

flashrom was built with libpci 3.5.6, GCC 7.2.1 20171224, little endian
Command line (7 args): flashrom -r original1.bin -V -p ch341a_spi -c MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E
Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
Initializing ch341a_spi programmer
Device revision is 3.0.4
The following protocols are supported: SPI.
Probing for Macronix MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E, 8192 kB: probe_spi_rdid_generic: id1 0xc2, id2 0x2017
Found Macronix flash chip "MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E" (8192 kB, SPI) on ch341a_spi.
Chip status register is 0x00.
Chip status register: Status Register Write Disable (SRWD, SRP, ...) is not set
Chip status register: Bit 6 is not set
Chip status register: Block Protect 3 (BP3) is not set
Chip status register: Block Protect 2 (BP2) is not set
Chip status register: Block Protect 1 (BP1) is not set
Chip status register: Block Protect 0 (BP0) is not set
Chip status register: Write Enable Latch (WEL) is not set
Chip status register: Write In Progress (WIP/BUSY) is not set
This chip may contain one-time programmable memory. flashrom cannot read
and may never be able to write it, hence it may not be able to completely
clone the contents of this chip (see man page for details).
Reading flash... done.


[arch@x220b me_cleaner-master]$ md5sum original.bin original1.bin
d039e30faa8411fae705df2701cabbc5  original.bin
d039e30faa8411fae705df2701cabbc5  original1.bin

[arch@x220b me_cleaner-master]$ python me_cleaner.py original.bin -O mecleaned.bin -S
Full image detected
Found FPT header at 0x3010
Found 19 partition(s)
Found FTPR header: FTPR partition spans from 0xcc000 to 0x142000
ME/TXE firmware version 7.1.91.3272 (generation 2)
Public key match: Intel ME, firmware versions 7.x.x.x, 8.x.x.x
The AltMeDisable bit is NOT SET
Reading partitions list...
 FOVD (0x00000400 - 0x000001000, 0x00000c00 total bytes): removed
 MDES (0x00001000 - 0x000002000, 0x00001000 total bytes): removed
 FCRS (0x00002000 - 0x000003000, 0x00001000 total bytes): removed
 EFFS (0x00003000 - 0x0000c7000, 0x000c4000 total bytes): removed
 BIAL (NVRAM partition, no data, 0x0000adce total bytes): nothing to remove
 BIEL (NVRAM partition, no data, 0x00003000 total bytes): nothing to remove
 BIIS (NVRAM partition, no data, 0x00036000 total bytes): nothing to remove
 NVCL (NVRAM partition, no data, 0x000095d9 total bytes): nothing to remove
 NVCM (NVRAM partition, no data, 0x000036fc total bytes): nothing to remove
 NVJC (NVRAM partition, no data, 0x00005000 total bytes): nothing to remove
 NVKR (NVRAM partition, no data, 0x0000f650 total bytes): nothing to remove
 NVOS (NVRAM partition, no data, 0x00035c3c total bytes): nothing to remove
 NVQS (NVRAM partition, no data, 0x00000def total bytes): nothing to remove
 NVSH (NVRAM partition, no data, 0x000056b7 total bytes): nothing to remove
 NVTD (NVRAM partition, no data, 0x00001e44 total bytes): nothing to remove
 PLDM (NVRAM partition, no data, 0x0000a000 total bytes): nothing to remove
 GLUT (0x000c7000 - 0x0000cc000, 0x00005000 total bytes): removed
 FTPR (0x000cc000 - 0x000142000, 0x00076000 total bytes): NOT removed
 NFTP (0x00142000 - 0x0004fd000, 0x003bb000 total bytes): removed
Removing partition entries in FPT...
Removing EFFS presence flag...
Correcting checksum (0xed)...
Reading FTPR modules list...
 UPDATE           (LZMA   , 0x110a5a - 0x110aec       ): removed
 BUP              (Huffman, fragmented data, ~48 KiB  ): NOT removed, essential
 KERNEL           (Huffman, fragmented data, ~122 KiB ): removed
 POLICY           (Huffman, fragmented data, ~86 KiB  ): removed
 HOSTCOMM         (LZMA   , 0x110aec - 0x116082       ): removed
 RSA              (LZMA   , 0x116082 - 0x11ab3f       ): removed
 CLS              (LZMA   , 0x11ab3f - 0x11f551       ): removed
 TDT              (LZMA   , 0x11f551 - 0x1256fc       ): removed
 FTCS             (Huffman, fragmented data, ~15 KiB  ): removed
The ME minimum size should be 921600 bytes (0xe1000 bytes)
The ME region can be reduced up to:
 00003000:000e3fff me
Setting the AltMeDisable bit in PCHSTRP10 to disable Intel ME...
Checking the FTPR RSA signature... VALID
Done! Good luck!

[arch@x220b me_cleaner-master]$ sudo flashrom -w mecleaned.bin -p ch341a_spi -c "MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E"   
flashrom v1.0 on Linux 4.18.9-arch1-1-ARCH (x86_64)
flashrom is free software, get the source code at https://flashrom.org
flashrom was built with libpci 3.5.6, GCC 7.2.1 20171224, little endian
Command line (7 args): flashrom -w mecleaned.bin -V -p ch341a_spi -c MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E
Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
Initializing ch341a_spi programmer
Device revision is 3.0.4
The following protocols are supported: SPI.
Probing for Macronix MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E, 8192 kB: probe_spi_rdid_generic: id1 0xc2, id2 0x2017
Found Macronix flash chip "MX25L6436E/MX25L6445E/MX25L6465E/MX25L6473E" (8192 kB, SPI) on ch341a_spi.
Chip status register is 0x00.
Chip status register: Status Register Write Disable (SRWD, SRP, ...) is not set
Chip status register: Bit 6 is not set
Chip status register: Block Protect 3 (BP3) is not set
Chip status register: Block Protect 2 (BP2) is not set
Chip status register: Block Protect 1 (BP1) is not set
Chip status register: Block Protect 0 (BP0) is not set
Chip status register: Write Enable Latch (WEL) is not set
Chip status register: Write In Progress (WIP/BUSY) is not set
This chip may contain one-time programmable memory. flashrom cannot read
and may never be able to write it, hence it may not be able to completely
clone the contents of this chip (see man page for details).
Reading old flash chip contents... done.
Erasing and writing flash chip... Trying erase function 0... Erase/write done.
Verifying flash... VERIFIED. 

[arch@x220b ~]$ sudo intelmetool -S
Bad news, you have a `QM67 Express Chipset Family LPC Controller` so you have ME hardware on board and it is very difficult to remove, continuing...
RCBA at 0xfed1c000
MEI was hidden on PCI, now unlocked
MEI found: [8086:1c3a] 6 Series/C200 Series Chipset Family MEI Controller #1

ME Status   : 0x20191
ME Status 2 : 0x160a0000

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : NO
ME: Manufacturing Mode      : YES
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Initializing
ME: Current Operation State : Bring up
ME: Current Operation Mode  : Debug
ME: Error Code              : No Error
ME: Progress Phase          : BUP Phase
ME: Power Management Event  : Pseudo-global reset
ME: Progress Phase State    : Check to see if straps say ME DISABLED

PCI READ [bc] : 0x000000bc
ME: Extend SHA-256: ...

ME seems okay on this board
ME: failed to become ready
WRITE    [00] : CB: 0x80040007
WRITE    [00] : CB: 0x000002ff
ME: failed to become ready
ME: GET FW VERSION message failed
ME: failed to become ready
WRITE    [00] : CB: 0x80080007
WRITE    [00] : CB: 0x00000203
WRITE    [00] : CB: 0x00000000
ME: failed to become ready
ME: GET FWCAPS message failed
Re-hiding MEI device...done, exiting
on
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)