New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

me_cleaner status #3

Open
corna opened this Issue Nov 28, 2016 · 267 comments

Comments

Projects
None yet
@corna
Owner

corna commented Nov 28, 2016

Please comment here if me_cleaner works on your device.
If this tool does not work on your PC (or it does not behave as expected), don't comment here but open an issue instead.
Specify:

  • CPU architecture
  • CPU model
  • Laptop/motherboard
  • OEM BIOS or coreboot?
  • If you used the -s/-S flag in me_cleaner

Thanks

@corna

This comment has been minimized.

Show comment
Hide comment
@corna

corna Nov 28, 2016

Owner

Working on:

  • Intel Core i5-2520M
  • Sandy Bridge
  • Lenovo Thinkpad X220
  • coreboot
  • both with and without the -S flag

Working for more than a month now. Everything works perfectly, and the MEI device has disappeared from the PCI bus.

Owner

corna commented Nov 28, 2016

Working on:

  • Intel Core i5-2520M
  • Sandy Bridge
  • Lenovo Thinkpad X220
  • coreboot
  • both with and without the -S flag

Working for more than a month now. Everything works perfectly, and the MEI device has disappeared from the PCI bus.

@corna corna referenced this issue Nov 28, 2016

Closed

Skylake Should Work #1

@afics

This comment has been minimized.

Show comment
Hide comment
@afics

afics Nov 29, 2016

  • Sandy Bridge
  • Lenovo Thinkpad X220
  • coreboot

I can confirm it works on the Lenovo Thinkpad X220, but coreboot then recognizes only one of my two 8GB RAM modules. I'm currently investigating.

afics commented Nov 29, 2016

  • Sandy Bridge
  • Lenovo Thinkpad X220
  • coreboot

I can confirm it works on the Lenovo Thinkpad X220, but coreboot then recognizes only one of my two 8GB RAM modules. I'm currently investigating.

@sinetek

This comment has been minimized.

Show comment
Hide comment
@sinetek

sinetek Nov 30, 2016

  • Intel Celeron 2955U
  • Haswell
  • Chromebook C720p
  • coreboot

Hey there, I build and flashed an image of coreboot for my chromebook (C720p) running a Haswell 2955U.

There is no MEI entry in the lspci list.
Not sure what other tests I can run to see the ME's state, open to running other tests, just tell me.

Passed the 30 minutes mark, seems to work. Thanks

sinetek commented Nov 30, 2016

  • Intel Celeron 2955U
  • Haswell
  • Chromebook C720p
  • coreboot

Hey there, I build and flashed an image of coreboot for my chromebook (C720p) running a Haswell 2955U.

There is no MEI entry in the lspci list.
Not sure what other tests I can run to see the ME's state, open to running other tests, just tell me.

Passed the 30 minutes mark, seems to work. Thanks

@Nimayer

This comment has been minimized.

Show comment
Hide comment
@Nimayer

Nimayer Dec 1, 2016

Collaborator

Working on:

  • Intel i5-6500
  • Skylake
  • MSI Bazooka B150M
  • Stock AMI Bios
  • 61fd606

Everything works, the HECI (formerly MEI) device disapperars, a screen at boot notifies that the ME firmware is corrupted, but pressing F2 lets the boot continue.
me_message_small

Collaborator

Nimayer commented Dec 1, 2016

Working on:

  • Intel i5-6500
  • Skylake
  • MSI Bazooka B150M
  • Stock AMI Bios
  • 61fd606

Everything works, the HECI (formerly MEI) device disapperars, a screen at boot notifies that the ME firmware is corrupted, but pressing F2 lets the boot continue.
me_message_small

@zamaudio

This comment has been minimized.

Show comment
Hide comment
@zamaudio

zamaudio Dec 2, 2016

Contributor
  • Intel
  • Core i5-2540M
  • Lenovo Thinkpad X220
  • Coreboot
  • 48deb6c

^^ Yes that's right, the experimental branch works on this board folks! No lzma modules!

Contributor

zamaudio commented Dec 2, 2016

  • Intel
  • Core i5-2540M
  • Lenovo Thinkpad X220
  • Coreboot
  • 48deb6c

^^ Yes that's right, the experimental branch works on this board folks! No lzma modules!

@corna corna referenced this issue Dec 12, 2016

Closed

FPT not found #9

@simonepsp

This comment has been minimized.

Show comment
Hide comment
@simonepsp

simonepsp Dec 12, 2016

Working on

  • Intel Core i5 3320M
  • Ivy Bridge
  • Lenovo Thinkpad X230
  • Coreboot
  • d2e2308

simonepsp commented Dec 12, 2016

Working on

  • Intel Core i5 3320M
  • Ivy Bridge
  • Lenovo Thinkpad X230
  • Coreboot
  • d2e2308
@tlaurion

This comment has been minimized.

Show comment
Hide comment
@tlaurion

tlaurion Dec 12, 2016

Working on

  • Intel Core i5 3320M
  • Ivy Bridge
  • Lenovo Thinkpad X230
  • Stock BIOS
  • d2e2308

tlaurion commented Dec 12, 2016

Working on

  • Intel Core i5 3320M
  • Ivy Bridge
  • Lenovo Thinkpad X230
  • Stock BIOS
  • d2e2308
@ilikenwf

This comment has been minimized.

Show comment
Hide comment
@ilikenwf

ilikenwf Dec 19, 2016

  • Intel Core i7 4790k
  • Haswell
  • Desktop, ASRock Z97 Pro4
  • Modded Bios (see below)
  • ffe60d8

ASRock's bios packages are all in a proprietary format, but Windows based tools, specifically the UBU pack (http://www.win-raid.com/t154f16-Tool-Guide-News-quot-UEFI-BIOS-Updater-quot-UBU.html), allow them to be extracted and the firmware inside upgraded or downgraded. One may flash this modified file directly from the UEFI settings themselves, as it doesn't validate them.

It is unclear whether or not ME is properly disabled, as the kernel module loads but is not really usable, and the tools to check ME status segfault.

Removing extra partitions...
Removing extra partition entries in FPT...
Removing EFFS presence flag...
Reading FTPR modules list...
Wiping LZMA section (0xa7680 - 0xcf000)
 UPDATE: removed (0xa7680 - 0xa78aa)
 ROMP: removal of Huffman modules is not supported yet, skipping
 BUP: removal of Huffman modules is not supported yet, skipping
 KERNEL: removal of Huffman modules is not supported yet, skipping
 POLICY: removal of Huffman modules is not supported yet, skipping
 HOSTCOMM: removed (0xa78aa - 0xafbb5)
 TDT: removed (0xafbb5 - 0xb4f71)
 FPF: removed (0xb4f71 - 0xb6a77)
Correcting checksum (0xea)...
Done! Good luck!

ilikenwf commented Dec 19, 2016

  • Intel Core i7 4790k
  • Haswell
  • Desktop, ASRock Z97 Pro4
  • Modded Bios (see below)
  • ffe60d8

ASRock's bios packages are all in a proprietary format, but Windows based tools, specifically the UBU pack (http://www.win-raid.com/t154f16-Tool-Guide-News-quot-UEFI-BIOS-Updater-quot-UBU.html), allow them to be extracted and the firmware inside upgraded or downgraded. One may flash this modified file directly from the UEFI settings themselves, as it doesn't validate them.

It is unclear whether or not ME is properly disabled, as the kernel module loads but is not really usable, and the tools to check ME status segfault.

Removing extra partitions...
Removing extra partition entries in FPT...
Removing EFFS presence flag...
Reading FTPR modules list...
Wiping LZMA section (0xa7680 - 0xcf000)
 UPDATE: removed (0xa7680 - 0xa78aa)
 ROMP: removal of Huffman modules is not supported yet, skipping
 BUP: removal of Huffman modules is not supported yet, skipping
 KERNEL: removal of Huffman modules is not supported yet, skipping
 POLICY: removal of Huffman modules is not supported yet, skipping
 HOSTCOMM: removed (0xa78aa - 0xafbb5)
 TDT: removed (0xafbb5 - 0xb4f71)
 FPF: removed (0xb4f71 - 0xb6a77)
Correcting checksum (0xea)...
Done! Good luck!
@GenericHero

This comment has been minimized.

Show comment
Hide comment
@GenericHero

GenericHero Dec 19, 2016

  • Intel Core i7 4790k
  • Haswell
  • Desktop, ASRock Z97 Extreme6
  • Modded bios -- see #3 (comment)
  • ffe60d8

BIOS file name must be same as Instant Flash bios name, or else instant flash in bios does not detect it. In this case, Z97Ex62.70

/dev/mei0 does not exist, intelmetool reports it doesnt support my system (maybe it doesn't?), mei/mei_me modules still required by some ASRock Intel ME pci listing

Of note, Intel's own "Intel® Management Engine Verification Utility" in windows is perpetually spinning, which I should have tested beforehand. Looks like that only works if your cpu supports vPro. Tested on another Intel based machine with ME still in bios.

But everything seems to be working properly so far.

Full image detected

The ME region goes from 0x3000 to 0x1fffff

Found FPT header at 0x3010

Found 20 partition(s)
ME firmware version 9.1.10.1000
Found FTPR header: FTPR partition spans from 0x4a000 to 0xd2000
Removing extra partitions...
Removing extra partition entries in FPT...
Removing EFFS presence flag...
Reading FTPR modules list...
Wiping LZMA section (0xaa680 - 0xd2000)
 UPDATE          : removed (0xaa680 - 0xaa8aa)
 ROMP            : removal of Huffman modules is not supported yet, skipping
 BUP             : removal of Huffman modules is not supported yet, skipping
 KERNEL          : removal of Huffman modules is not supported yet, skipping
 POLICY          : removal of Huffman modules is not supported yet, skipping
 HOSTCOMM        : removed (0xaa8aa - 0xb2bb5)
 TDT             : removed (0xb2bb5 - 0xb7f71)
 FPF             : removed (0xb7f71 - 0xb9a77)
Correcting checksum (0xea)...
Done! Good luck!

GenericHero commented Dec 19, 2016

  • Intel Core i7 4790k
  • Haswell
  • Desktop, ASRock Z97 Extreme6
  • Modded bios -- see #3 (comment)
  • ffe60d8

BIOS file name must be same as Instant Flash bios name, or else instant flash in bios does not detect it. In this case, Z97Ex62.70

/dev/mei0 does not exist, intelmetool reports it doesnt support my system (maybe it doesn't?), mei/mei_me modules still required by some ASRock Intel ME pci listing

Of note, Intel's own "Intel® Management Engine Verification Utility" in windows is perpetually spinning, which I should have tested beforehand. Looks like that only works if your cpu supports vPro. Tested on another Intel based machine with ME still in bios.

But everything seems to be working properly so far.

Full image detected

The ME region goes from 0x3000 to 0x1fffff

Found FPT header at 0x3010

Found 20 partition(s)
ME firmware version 9.1.10.1000
Found FTPR header: FTPR partition spans from 0x4a000 to 0xd2000
Removing extra partitions...
Removing extra partition entries in FPT...
Removing EFFS presence flag...
Reading FTPR modules list...
Wiping LZMA section (0xaa680 - 0xd2000)
 UPDATE          : removed (0xaa680 - 0xaa8aa)
 ROMP            : removal of Huffman modules is not supported yet, skipping
 BUP             : removal of Huffman modules is not supported yet, skipping
 KERNEL          : removal of Huffman modules is not supported yet, skipping
 POLICY          : removal of Huffman modules is not supported yet, skipping
 HOSTCOMM        : removed (0xaa8aa - 0xb2bb5)
 TDT             : removed (0xb2bb5 - 0xb7f71)
 FPF             : removed (0xb7f71 - 0xb9a77)
Correcting checksum (0xea)...
Done! Good luck!
@nilesr

This comment has been minimized.

Show comment
Hide comment
@nilesr

nilesr Dec 19, 2016

I can try to cat /dev/mei0 and I get "no such device" as root...so I guess that's good?

On my system that I've never flashed before (I haven't used me_cleaner yet) I get the same message when trying to read from /dev/mei0. It does not mean that the ME is disabled

nilesr commented Dec 19, 2016

I can try to cat /dev/mei0 and I get "no such device" as root...so I guess that's good?

On my system that I've never flashed before (I haven't used me_cleaner yet) I get the same message when trying to read from /dev/mei0. It does not mean that the ME is disabled

@n1zzo

This comment has been minimized.

Show comment
Hide comment
@n1zzo

n1zzo Dec 19, 2016

Working on

  • Intel Core i5 2520M
  • Sandy Bridge
  • Dell Latitude e6220
  • OEM BIOS
  • ffe60d8

MEI is no more present in lspci output.
However, the ethernet card does not show up anymore on "ip a" output.

dmesg says:

e1000e: Intel(R) PRO/1000 Network Driver - 3.2.6-k
e1000e: Copyright(c) 1999 - 2015 Intel Corporation.
e1000e 0000:00:19.0: Interrupt Throttling Rate (ints/sec) set to dynamic conservative mode
e1000e: probe of 0000:00:19.0 failed with error -e

The problem seems identical to the one reported by this user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/984404
and as he suggests just rebooting the machine temporarily fixes the problem.
When a power cycle is performed again (power off+power on) the ethernet
card is gone again.

This is the related bug on the ubuntu kernel bug tracker:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1576953

n1zzo commented Dec 19, 2016

Working on

  • Intel Core i5 2520M
  • Sandy Bridge
  • Dell Latitude e6220
  • OEM BIOS
  • ffe60d8

MEI is no more present in lspci output.
However, the ethernet card does not show up anymore on "ip a" output.

dmesg says:

e1000e: Intel(R) PRO/1000 Network Driver - 3.2.6-k
e1000e: Copyright(c) 1999 - 2015 Intel Corporation.
e1000e 0000:00:19.0: Interrupt Throttling Rate (ints/sec) set to dynamic conservative mode
e1000e: probe of 0000:00:19.0 failed with error -e

The problem seems identical to the one reported by this user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/984404
and as he suggests just rebooting the machine temporarily fixes the problem.
When a power cycle is performed again (power off+power on) the ethernet
card is gone again.

This is the related bug on the ubuntu kernel bug tracker:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1576953

@citypw

This comment has been minimized.

Show comment
Hide comment
@citypw

citypw Dec 20, 2016

Working on:

  • Intel Core i7-3770
  • IvyBridge
  • Motherboard: GA-B75M-D3V
  • OEM BIOS and Coreboot
  • ffe60d8f

OEM BIOS: MEI device has disappeared from the PCI bus.
Coreboot: MEI device won't go away and confirmed that ME is broken:

**Bad news, you have a B75 Express Chipset LPC Controller so you have ME hardware on board and you can't control or disable it, continuing...

MEI not hidden on PCI, checking if visible
MEI found: [8086:1e3a] 7 Series/C210 Series Chipset Family MEI Controller #1

ME Status : 0x304181
ME Status 2 : 0x153b0160

ME: FW Partition Table : OK
ME: Bringup Loader Failure : NO
ME: Firmware Init Complete : NO
ME: Manufacturing Mode : NO
ME: Boot Options Present : NO
ME: Update In Progress : NO
ME: Current Working State : Initializing
ME: Current Operation State : Bring up
ME: Current Operation Mode : Normal
ME: Error Code : Debug Failure
ME: Progress Phase : BUP Phase
ME: Power Management Event : Intel ME reset due to exception
ME: Progress Phase State : 0x3b

ME: Extend Register not valid

ME: has a broken implementation on your board with this BIOS
ME: failed to become ready
ME: failed to become ready
ME: GET FW VERSION message failed
ME: failed to become ready
ME: failed to become ready
ME: GET FWCAPS message failed
**

citypw commented Dec 20, 2016

Working on:

  • Intel Core i7-3770
  • IvyBridge
  • Motherboard: GA-B75M-D3V
  • OEM BIOS and Coreboot
  • ffe60d8f

OEM BIOS: MEI device has disappeared from the PCI bus.
Coreboot: MEI device won't go away and confirmed that ME is broken:

**Bad news, you have a B75 Express Chipset LPC Controller so you have ME hardware on board and you can't control or disable it, continuing...

MEI not hidden on PCI, checking if visible
MEI found: [8086:1e3a] 7 Series/C210 Series Chipset Family MEI Controller #1

ME Status : 0x304181
ME Status 2 : 0x153b0160

ME: FW Partition Table : OK
ME: Bringup Loader Failure : NO
ME: Firmware Init Complete : NO
ME: Manufacturing Mode : NO
ME: Boot Options Present : NO
ME: Update In Progress : NO
ME: Current Working State : Initializing
ME: Current Operation State : Bring up
ME: Current Operation Mode : Normal
ME: Error Code : Debug Failure
ME: Progress Phase : BUP Phase
ME: Power Management Event : Intel ME reset due to exception
ME: Progress Phase State : 0x3b

ME: Extend Register not valid

ME: has a broken implementation on your board with this BIOS
ME: failed to become ready
ME: failed to become ready
ME: GET FW VERSION message failed
ME: failed to become ready
ME: failed to become ready
ME: GET FWCAPS message failed
**

@citypw

This comment has been minimized.

Show comment
Hide comment
@citypw

citypw Dec 24, 2016

Working on:

  • Intel Core i3-2370m
  • SandyBridge
  • Motherboard: Thinkpad x220i
  • OEM BIOS and Coreboot
  • ffe60d8f

MEI device has disappeared from the PCI bus.

citypw commented Dec 24, 2016

Working on:

  • Intel Core i3-2370m
  • SandyBridge
  • Motherboard: Thinkpad x220i
  • OEM BIOS and Coreboot
  • ffe60d8f

MEI device has disappeared from the PCI bus.

@persmule

This comment has been minimized.

Show comment
Hide comment
@persmule

persmule Dec 24, 2016

Working on:

  • Intel Core i7-3770T
  • IvyBridge
  • Motherboard: GA-B75M-D3H
  • Coreboot
  • ffe60d8

Sadly I failed to extract a valid OEM BIOS image this time. MEI device has disappeared from the PCI bus initially, but after programming back from the scheme below the MEI reappears and keeps present. ME is confirmed broken.
It seems whether ME remains present on desktop depends on the content of nvram.

persmule commented Dec 24, 2016

Working on:

  • Intel Core i7-3770T
  • IvyBridge
  • Motherboard: GA-B75M-D3H
  • Coreboot
  • ffe60d8

Sadly I failed to extract a valid OEM BIOS image this time. MEI device has disappeared from the PCI bus initially, but after programming back from the scheme below the MEI reappears and keeps present. ME is confirmed broken.
It seems whether ME remains present on desktop depends on the content of nvram.

@persmule

This comment has been minimized.

Show comment
Hide comment
@persmule

persmule Dec 24, 2016

Working on:

  • Intel Core i7-3770T
  • IvyBridge
  • Motherboard: GA-B75M-D3H
  • Coreboot
  • ffe60d8
  • Neutralized ME from SnB/IvB laptop (e.g. samsung lumpy's ME image located at 3rdparty/blobs/mainboard/samsung/lumpy/me.bin, with ifd adjusted via modified layout file)

MEI device won't go away and confirmed that ME is broken, and integrated graphic card conpletely ceases to work, and goes away.

persmule commented Dec 24, 2016

Working on:

  • Intel Core i7-3770T
  • IvyBridge
  • Motherboard: GA-B75M-D3H
  • Coreboot
  • ffe60d8
  • Neutralized ME from SnB/IvB laptop (e.g. samsung lumpy's ME image located at 3rdparty/blobs/mainboard/samsung/lumpy/me.bin, with ifd adjusted via modified layout file)

MEI device won't go away and confirmed that ME is broken, and integrated graphic card conpletely ceases to work, and goes away.

@ehmry

This comment has been minimized.

Show comment
Hide comment
@ehmry

ehmry Dec 24, 2016

Works on:

  • Core i5-2520M
  • SandyBridge
  • Lenovo Thinkpad T420
  • OEM BIOS
  • ffe60d8

ehmry commented Dec 24, 2016

Works on:

  • Core i5-2520M
  • SandyBridge
  • Lenovo Thinkpad T420
  • OEM BIOS
  • ffe60d8
@jantatje

This comment has been minimized.

Show comment
Hide comment
@jantatje

jantatje Dec 25, 2016

  • Intel Core i5-2520M
  • Lenovo Thinkpad X220
  • Coreboot-4.5
  • Seabios 1.9.3
  • ffe60d8
  • 1.5MiB Management Engine
  • SPI replaced with a 128mbit chip, IFD layout changed to span entire chip and give all remaining space to CBFS.

Everything works, but laptop hangs for ~15 seconds after suspend. I also updated coreboot, so not 100% sure this is me_cleaners fault. 100% working now.

jantatje commented Dec 25, 2016

  • Intel Core i5-2520M
  • Lenovo Thinkpad X220
  • Coreboot-4.5
  • Seabios 1.9.3
  • ffe60d8
  • 1.5MiB Management Engine
  • SPI replaced with a 128mbit chip, IFD layout changed to span entire chip and give all remaining space to CBFS.

Everything works, but laptop hangs for ~15 seconds after suspend. I also updated coreboot, so not 100% sure this is me_cleaners fault. 100% working now.

@persmule

This comment has been minimized.

Show comment
Hide comment
@persmule

persmule Dec 27, 2016

Works on:

  • Core i5-2520M
  • SandyBridge
  • Lenovo Thinkpad T420
  • Coreboot-4.5
  • Seagrub scheme from libreboot
  • 1.5MiB Management Engine
  • ffe60d8

MEI device has disappeared from the PCI bus. However, the ethernet card needs a warm reboot to be functional.

persmule commented Dec 27, 2016

Works on:

  • Core i5-2520M
  • SandyBridge
  • Lenovo Thinkpad T420
  • Coreboot-4.5
  • Seagrub scheme from libreboot
  • 1.5MiB Management Engine
  • ffe60d8

MEI device has disappeared from the PCI bus. However, the ethernet card needs a warm reboot to be functional.

@persmule

This comment has been minimized.

Show comment
Hide comment
@persmule

persmule Dec 28, 2016

Working on

  • Intel Core i3 2330M
  • Sandy Bridge
  • Dell Latitude e6220
  • OEM BIOS
  • ffe60d8

MEI is no more present in lspci output. However, the ethernet card needs a warm reboot to be functional.

persmule commented Dec 28, 2016

Working on

  • Intel Core i3 2330M
  • Sandy Bridge
  • Dell Latitude e6220
  • OEM BIOS
  • ffe60d8

MEI is no more present in lspci output. However, the ethernet card needs a warm reboot to be functional.

@Kokokokoka

This comment has been minimized.

Show comment
Hide comment
@Kokokokoka

Kokokokoka Dec 28, 2016

Working on:

  • T420
  • Intel core i7 3632qm
  • Ivy Bridge
  • Coreboot with seabios payload+windows
    screen goes blank after a while, running a background game app seems to help this somehow.
  • X220
  • Intel core i5 2540M
  • Sandy Bridge
  • Coreboot with linux payload+qubes, worked fine, don't remember the blank screen issue.
    using: 48deb6 on both laptops

Kokokokoka commented Dec 28, 2016

Working on:

  • T420
  • Intel core i7 3632qm
  • Ivy Bridge
  • Coreboot with seabios payload+windows
    screen goes blank after a while, running a background game app seems to help this somehow.
  • X220
  • Intel core i5 2540M
  • Sandy Bridge
  • Coreboot with linux payload+qubes, worked fine, don't remember the blank screen issue.
    using: 48deb6 on both laptops
@persmule

This comment has been minimized.

Show comment
Hide comment
@persmule

persmule Dec 28, 2016

Working on

  • Intel Core i5 2520M
  • Sandy Bridge
  • HP EliteBook 8460P
  • OEM BIOS
  • ffe60d8

MEI is no more present in lspci output. However, the ethernet card needs a warm reboot to be functional.

persmule commented Dec 28, 2016

Working on

  • Intel Core i5 2520M
  • Sandy Bridge
  • HP EliteBook 8460P
  • OEM BIOS
  • ffe60d8

MEI is no more present in lspci output. However, the ethernet card needs a warm reboot to be functional.

@JohnnyLeone

This comment has been minimized.

Show comment
Hide comment
@JohnnyLeone

JohnnyLeone Dec 31, 2016

Working on

  • Intel Core i5 3320M
  • Ivy Bridge
  • Lenovo Thinkpad X230
  • Coreboot
  • ffe60d8

JohnnyLeone commented Dec 31, 2016

Working on

  • Intel Core i5 3320M
  • Ivy Bridge
  • Lenovo Thinkpad X230
  • Coreboot
  • ffe60d8
@al3xtjames

This comment has been minimized.

Show comment
Hide comment
@al3xtjames

al3xtjames Jan 2, 2017

Working on:

  • Intel Core i5-3570K (Ivy Bridge)
  • Gigabyte GA-Z77X-UD5H
  • coreboot with TianoCore UEFI payload
  • ffe60d8

The MEI Controller device still appears in lspci. I am unsure of the status of the Intel 82579V Ethernet controller, as I haven't gotten it to work yet (e1000e: probe of 0000:00:19.0 failed with error -3; this remains the same with normal ME or cleaned ME). The ME appears to have been disabled:

[   19.881125] mei_me 0000:00:16.0: wait hw ready failed
[   19.881131] mei_me 0000:00:16.0: hw_start failed ret = -62
[   19.881144] mei_me 0000:00:16.0: H_RST is set = 0x80000015
[   21.929169] mei_me 0000:00:16.0: wait hw ready failed
[   21.929175] mei_me 0000:00:16.0: hw_start failed ret = -62
[   21.929188] mei_me 0000:00:16.0: H_RST is set = 0x80000015
[   23.977227] mei_me 0000:00:16.0: wait hw ready failed
[   23.977233] mei_me 0000:00:16.0: hw_start failed ret = -62
[   23.977236] mei_me 0000:00:16.0: reset: reached maximal consecutive resets: disabling the device
[   23.977238] mei_me 0000:00:16.0: reset failed ret = -19
[   23.977239] mei_me 0000:00:16.0: link layer initialization failed.
[   23.977241] mei_me 0000:00:16.0: init hw failure.
[   23.977366] mei_me 0000:00:16.0: initialization failed.
Bad news, you have a `Z77 Express Chipset LPC Controller` so you have ME hardware on board and it is very difficult to remove, continuing...
RCBA at 0xfed1c000
MEI not hidden on PCI, checking if visible
MEI found: [8086:1e3a] 7 Series/C216 Chipset Family MEI Controller #1

ME Status   : 0x4181
ME Status 2 : 0x163b0160

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : NO
ME: Manufacturing Mode      : NO
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Initializing
ME: Current Operation State : Bring up
ME: Current Operation Mode  : Normal
ME: Error Code              : Debug Failure
ME: Progress Phase          : BUP Phase
ME: Power Management Event  : Pseudo-global reset
ME: Progress Phase State    : 0x3b

PCI READ [bc] : 0x000000bc
ME: Extend Register not valid

ME has a broken implementation on your board with this BIOS
ME: failed to become ready
WRITE    [00] : CB: 0x80040007
WRITE    [00] : CB: 0x000002ff
ME: failed to become ready
ME: GET FW VERSION message failed
ME: failed to become ready
WRITE    [00] : CB: 0x80080007
WRITE    [00] : CB: 0x00000203
WRITE    [00] : CB: 0x00000000
ME: failed to become ready
ME: GET FWCAPS message failed
exiting

al3xtjames commented Jan 2, 2017

Working on:

  • Intel Core i5-3570K (Ivy Bridge)
  • Gigabyte GA-Z77X-UD5H
  • coreboot with TianoCore UEFI payload
  • ffe60d8

The MEI Controller device still appears in lspci. I am unsure of the status of the Intel 82579V Ethernet controller, as I haven't gotten it to work yet (e1000e: probe of 0000:00:19.0 failed with error -3; this remains the same with normal ME or cleaned ME). The ME appears to have been disabled:

[   19.881125] mei_me 0000:00:16.0: wait hw ready failed
[   19.881131] mei_me 0000:00:16.0: hw_start failed ret = -62
[   19.881144] mei_me 0000:00:16.0: H_RST is set = 0x80000015
[   21.929169] mei_me 0000:00:16.0: wait hw ready failed
[   21.929175] mei_me 0000:00:16.0: hw_start failed ret = -62
[   21.929188] mei_me 0000:00:16.0: H_RST is set = 0x80000015
[   23.977227] mei_me 0000:00:16.0: wait hw ready failed
[   23.977233] mei_me 0000:00:16.0: hw_start failed ret = -62
[   23.977236] mei_me 0000:00:16.0: reset: reached maximal consecutive resets: disabling the device
[   23.977238] mei_me 0000:00:16.0: reset failed ret = -19
[   23.977239] mei_me 0000:00:16.0: link layer initialization failed.
[   23.977241] mei_me 0000:00:16.0: init hw failure.
[   23.977366] mei_me 0000:00:16.0: initialization failed.
Bad news, you have a `Z77 Express Chipset LPC Controller` so you have ME hardware on board and it is very difficult to remove, continuing...
RCBA at 0xfed1c000
MEI not hidden on PCI, checking if visible
MEI found: [8086:1e3a] 7 Series/C216 Chipset Family MEI Controller #1

ME Status   : 0x4181
ME Status 2 : 0x163b0160

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : NO
ME: Manufacturing Mode      : NO
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Initializing
ME: Current Operation State : Bring up
ME: Current Operation Mode  : Normal
ME: Error Code              : Debug Failure
ME: Progress Phase          : BUP Phase
ME: Power Management Event  : Pseudo-global reset
ME: Progress Phase State    : 0x3b

PCI READ [bc] : 0x000000bc
ME: Extend Register not valid

ME has a broken implementation on your board with this BIOS
ME: failed to become ready
WRITE    [00] : CB: 0x80040007
WRITE    [00] : CB: 0x000002ff
ME: failed to become ready
ME: GET FW VERSION message failed
ME: failed to become ready
WRITE    [00] : CB: 0x80080007
WRITE    [00] : CB: 0x00000203
WRITE    [00] : CB: 0x00000000
ME: failed to become ready
ME: GET FWCAPS message failed
exiting
@persmule

This comment has been minimized.

Show comment
Hide comment
@persmule

persmule Jan 6, 2017

Working on:

  • Intel Core i5-2520M
  • Sandy Bridge
  • Lenovo Thinkpad X220
  • Coreboot
  • 4e9fc2e

After the KERNEL module of ME is removed, the integrated NIC works after a COLD reboot now.

persmule commented Jan 6, 2017

Working on:

  • Intel Core i5-2520M
  • Sandy Bridge
  • Lenovo Thinkpad X220
  • Coreboot
  • 4e9fc2e

After the KERNEL module of ME is removed, the integrated NIC works after a COLD reboot now.

@Kokokokoka

This comment has been minimized.

Show comment
Hide comment
@Kokokokoka

Kokokokoka Jan 6, 2017

  • Intel Core i5-2520M
  • Sandy Bridge
  • Lenovo Thinkpad X220 tablet
  • Coreboot
  • 4e9fc2e

Kokokokoka commented Jan 6, 2017

  • Intel Core i5-2520M
  • Sandy Bridge
  • Lenovo Thinkpad X220 tablet
  • Coreboot
  • 4e9fc2e
@ml0rd

This comment has been minimized.

Show comment
Hide comment
@ml0rd

ml0rd Jun 8, 2018

Lenovo Thinkpad T480s
Core i5-8250U
OEM BIOS
boot guard enabled
WORKS

extracting bios images from the original 'CD' image is a hassle and wasnt successful in my case (me_cleaner did not recognize a valid FW image). so i dumped the eeprom (easily accessible after opening the bottom lid!).

Found Winbond flash chip "W25Q128.V" (16384 kB, SPI) on linux_spi

tried soft-disable-only --> seems to work. intelmetool could not find any PCI device to read from anymore ('ME PCI device is hidden')
also: did not disconnect the backup battery...just checked if the eeprom was powered from the motherboard before connecting the clip - it wasn't ;)

thank you!

ml0rd commented Jun 8, 2018

Lenovo Thinkpad T480s
Core i5-8250U
OEM BIOS
boot guard enabled
WORKS

extracting bios images from the original 'CD' image is a hassle and wasnt successful in my case (me_cleaner did not recognize a valid FW image). so i dumped the eeprom (easily accessible after opening the bottom lid!).

Found Winbond flash chip "W25Q128.V" (16384 kB, SPI) on linux_spi

tried soft-disable-only --> seems to work. intelmetool could not find any PCI device to read from anymore ('ME PCI device is hidden')
also: did not disconnect the backup battery...just checked if the eeprom was powered from the motherboard before connecting the clip - it wasn't ;)

thank you!

@ShadowsFriend

This comment has been minimized.

Show comment
Hide comment
@ShadowsFriend

ShadowsFriend Jun 12, 2018

Working on:

  • Intel Core i7-4770k
  • Haswell
  • Gigabyte Z87X-D3H
  • Stock UEFI (Version: F9)
  • -S was used

I have been working with the patched system for about a week without issues that are sufficiently likely caused by me_cleaner.

intelmetool.log

ShadowsFriend commented Jun 12, 2018

Working on:

  • Intel Core i7-4770k
  • Haswell
  • Gigabyte Z87X-D3H
  • Stock UEFI (Version: F9)
  • -S was used

I have been working with the patched system for about a week without issues that are sufficiently likely caused by me_cleaner.

intelmetool.log

@l29ah

This comment has been minimized.

Show comment
Hide comment
@l29ah

l29ah Jun 15, 2018

Worked just fine on Lenovo Thinkpad X230 with both the stock BIOS and Coreboot using external flasher, -S and d5b0806. The reclaimed space is usable for CBFS.

l29ah commented Jun 15, 2018

Worked just fine on Lenovo Thinkpad X230 with both the stock BIOS and Coreboot using external flasher, -S and d5b0806. The reclaimed space is usable for CBFS.

@bol-van

This comment has been minimized.

Show comment
Hide comment
@bol-van

bol-van Jun 21, 2018

X33 industrial computer
Intel celeron J1900
Bay trail chipset
Winbond W25Q64
AMI bios

dumped bios in linux using flashrom
ran me_cleaner on dumped image with no additional options
flashed modified image using flashrom

BRICK
unbootable, display is dead

python me_cleaner.py --check bios_nome.bin
Full image detected
The ME/TXE region goes from 0x1000 to 0x300000
Found FPT header at 0x1010
Found 1 partition(s)
Found FTPR header: FTPR partition spans from 0x67000 to 0xdd000
ME/TXE firmware version 1.1.0.1089
Public key match: Intel TXE, firmware versions 1.x.x.x
The AltMeDisable bit is NOT SET
Checking the FTPR RSA signature... VALID

Successfully recovered using programer with clip.
After that used "-s" option and it worked
Still have
00:1a.0 Encryption controller: Intel Corporation Atom Processor Z36xxx/Z37xxx Series Trusted Execution Engine (rev 0e)

bol-van commented Jun 21, 2018

X33 industrial computer
Intel celeron J1900
Bay trail chipset
Winbond W25Q64
AMI bios

dumped bios in linux using flashrom
ran me_cleaner on dumped image with no additional options
flashed modified image using flashrom

BRICK
unbootable, display is dead

python me_cleaner.py --check bios_nome.bin
Full image detected
The ME/TXE region goes from 0x1000 to 0x300000
Found FPT header at 0x1010
Found 1 partition(s)
Found FTPR header: FTPR partition spans from 0x67000 to 0xdd000
ME/TXE firmware version 1.1.0.1089
Public key match: Intel TXE, firmware versions 1.x.x.x
The AltMeDisable bit is NOT SET
Checking the FTPR RSA signature... VALID

Successfully recovered using programer with clip.
After that used "-s" option and it worked
Still have
00:1a.0 Encryption controller: Intel Corporation Atom Processor Z36xxx/Z37xxx Series Trusted Execution Engine (rev 0e)

@mimecry

This comment has been minimized.

Show comment
Hide comment
@mimecry

mimecry Jun 21, 2018

Working on:

  • Intel Core i7-7700HQ
  • Kaby Lake
  • Lenovo Thinkpad T470P
  • -S flag

intelmetool post-flash output:

Bad news, you have a `Sunrise Point-LP LPC Controller` so you have ME hardware on board and it is very difficult to remove, continuing...
RCBA at 0x00000000
MEI not hidden on PCI, checking if visible
MEI device not found, huh?
exiting

mimecry commented Jun 21, 2018

Working on:

  • Intel Core i7-7700HQ
  • Kaby Lake
  • Lenovo Thinkpad T470P
  • -S flag

intelmetool post-flash output:

Bad news, you have a `Sunrise Point-LP LPC Controller` so you have ME hardware on board and it is very difficult to remove, continuing...
RCBA at 0x00000000
MEI not hidden on PCI, checking if visible
MEI device not found, huh?
exiting
@LiBoHanse

This comment has been minimized.

Show comment
Hide comment
@LiBoHanse

LiBoHanse Jun 29, 2018

  • Intel Skylake

  • Core i7 6700HQ

  • Sager NP8153-S (Clevo P650RS-G)

  • Clevo P6xxRS

  • OEM Firmware

  • used -s flag

The key is to make sure to run Wmeset.exe or meset.exe to unlock access beforehand and for -s(HAP bit only) option, only the first 4096 is needed to be flashed(bit in Descriptor region. (fpt -f new.bin -l 4096 -y). Also it is recommended to unplug AC wait 10 sec replug after applying to let the region relock(as fpt -closmnf would not work when ME is disabled. )

Attached is the result of MEInfo -FWSTS
dfgxfghf

LiBoHanse commented Jun 29, 2018

  • Intel Skylake

  • Core i7 6700HQ

  • Sager NP8153-S (Clevo P650RS-G)

  • Clevo P6xxRS

  • OEM Firmware

  • used -s flag

The key is to make sure to run Wmeset.exe or meset.exe to unlock access beforehand and for -s(HAP bit only) option, only the first 4096 is needed to be flashed(bit in Descriptor region. (fpt -f new.bin -l 4096 -y). Also it is recommended to unplug AC wait 10 sec replug after applying to let the region relock(as fpt -closmnf would not work when ME is disabled. )

Attached is the result of MEInfo -FWSTS
dfgxfghf

@LiBoHanse

This comment has been minimized.

Show comment
Hide comment
@LiBoHanse

LiBoHanse Jun 29, 2018

  • Intel Ivy Bridge

  • Xeon E3-1230V2

  • GA-Z77P-D3

  • OEM Firmware F8e

  • used -s flag

Gigabyte has Region access FFFFh set to all thus the official Q-flash in the uefi setup will work

MEInfo gives

Intel(R) MEInfo Version: 8.1.20.1309
Copyright(C) 2005 - 2012, Intel Corporation. All rights reserved.


Error 9458: Communication error between application and Intel(R) ME module (FW Update client)

Error 9459: Internal error (Could not determine FW features information)

MEInfo -FWSTS gives

Intel(R) MEInfo Version: 8.1.20.1309
Copyright(C) 2005 - 2012, Intel Corporation. All rights reserved.


FW Status Register1: 0x1E020191
FW Status Register2: 0x100A0100

  CurrentState:                         Init
  ManufacturingMode:                    Enabled
  FlashPartition:                       Valid
  OperationalState:                     Bring Up
  InitComplete:                         Initializing
  BUPLoadState:                         Success
  ErrorCode:                            No Error
  ModeOfOperation:                      Alt Disable Mode
  ICC:                                  No valid OEM data, ICC not programmed
  PhaseStatus:                          CHECK_ME_STRAP_DISABLED

LiBoHanse commented Jun 29, 2018

  • Intel Ivy Bridge

  • Xeon E3-1230V2

  • GA-Z77P-D3

  • OEM Firmware F8e

  • used -s flag

Gigabyte has Region access FFFFh set to all thus the official Q-flash in the uefi setup will work

MEInfo gives

Intel(R) MEInfo Version: 8.1.20.1309
Copyright(C) 2005 - 2012, Intel Corporation. All rights reserved.


Error 9458: Communication error between application and Intel(R) ME module (FW Update client)

Error 9459: Internal error (Could not determine FW features information)

MEInfo -FWSTS gives

Intel(R) MEInfo Version: 8.1.20.1309
Copyright(C) 2005 - 2012, Intel Corporation. All rights reserved.


FW Status Register1: 0x1E020191
FW Status Register2: 0x100A0100

  CurrentState:                         Init
  ManufacturingMode:                    Enabled
  FlashPartition:                       Valid
  OperationalState:                     Bring Up
  InitComplete:                         Initializing
  BUPLoadState:                         Success
  ErrorCode:                            No Error
  ModeOfOperation:                      Alt Disable Mode
  ICC:                                  No valid OEM data, ICC not programmed
  PhaseStatus:                          CHECK_ME_STRAP_DISABLED
@pcp04

This comment has been minimized.

Show comment
Hide comment
@pcp04

pcp04 Jul 2, 2018

  • Intel Celeron N2806
  • EF10MI2
  • OEM Firmware (1.04 Version: BIOS//EC//Customer = 1.04//1.06)
  • used -s flag

The notebook turns on but does not show video (black screen)

python me_cleaner.py -S -O EF10MIX_MOD.bin EF10MIX.bin
Full image detected
The ME/TXE region goes from 0x3000 to 0x400000
Found FPT header at 0x3010
Found 18 partition(s)
Found FTPR header: FTPR partition spans from 0x67000 to 0xdd000
ME/TXE firmware version 1.1.0.1089
Public key match: Intel TXE, firmware versions 1.x.x.x
The AltMeDisable bit is NOT SET
Reading partitions list...
PSVN (0x000003c0 - 0x000000400, 0x00000040 total bytes): removed
FOVD (0x00000400 - 0x000001000, 0x00000c00 total bytes): removed
MDES (0x00001000 - 0x000002000, 0x00001000 total bytes): removed
FCRS (0x00002000 - 0x000003000, 0x00001000 total bytes): removed
EFFS (0x00003000 - 0x000067000, 0x00064000 total bytes): removed
ACDS (NVRAM partition, no data, 0x00012c4c total bytes): nothing to remove
FTPM (NVRAM partition, no data, 0x0000b591 total bytes): nothing to remove
IPTS (NVRAM partition, no data, 0x00000069 total bytes): nothing to remove
LPBK (NVRAM partition, no data, 0x0000095a total bytes): nothing to remove
NVCL (NVRAM partition, no data, 0x00006ad2 total bytes): nothing to remove
NVCP (NVRAM partition, no data, 0x0000a847 total bytes): nothing to remove
NVJC (NVRAM partition, no data, 0x00005000 total bytes): nothing to remove
NVKR (NVRAM partition, no data, 0x00006cfe total bytes): nothing to remove
NVNF (NVRAM partition, no data, 0x0000187b total bytes): nothing to remove
NVTD (NVRAM partition, no data, 0x00001eba total bytes): nothing to remove
STOK (NVRAM partition, no data, 0x000004a4 total bytes): nothing to remove
FTPR (0x00067000 - 0x0000dd000, 0x00076000 total bytes): NOT removed
NFTP (0x000dd000 - 0x000153000, 0x00076000 total bytes): removed
Removing partition entries in FPT...
Removing EFFS presence flag...
Correcting checksum (0xd5)...
Reading FTPR modules list...
BUP (uncomp., 0x068000 - 0x07d000 ): NOT removed, essential
KERNEL (LZMA , 0x07d000 - 0x08eb41 ): removed
POLICY (LZMA , 0x08f000 - 0x099661 ): removed
HOSTCOMM (LZMA , 0x09a000 - 0x0a2a1b ): removed
FPF (LZMA , 0x0a3000 - 0x0a4ea2 ): removed
RSA (LZMA , 0x0a5000 - 0x0ab33c ): removed
fTPM (LZMA , 0x0ac000 - 0x0bbd3a ): removed
SBOOT (LZMA , 0x0bc000 - 0x0c1045 ): removed
The ME minimum size should be 532480 bytes (0x82000 bytes)
The ME region can be reduced up to:
00003000:00084fff me
Setting the AltMeDisable bit in PCHSTRP10 to disable Intel ME...
Checking the FTPR RSA signature... VALID
Done! Good luck!

pcp04 commented Jul 2, 2018

  • Intel Celeron N2806
  • EF10MI2
  • OEM Firmware (1.04 Version: BIOS//EC//Customer = 1.04//1.06)
  • used -s flag

The notebook turns on but does not show video (black screen)

python me_cleaner.py -S -O EF10MIX_MOD.bin EF10MIX.bin
Full image detected
The ME/TXE region goes from 0x3000 to 0x400000
Found FPT header at 0x3010
Found 18 partition(s)
Found FTPR header: FTPR partition spans from 0x67000 to 0xdd000
ME/TXE firmware version 1.1.0.1089
Public key match: Intel TXE, firmware versions 1.x.x.x
The AltMeDisable bit is NOT SET
Reading partitions list...
PSVN (0x000003c0 - 0x000000400, 0x00000040 total bytes): removed
FOVD (0x00000400 - 0x000001000, 0x00000c00 total bytes): removed
MDES (0x00001000 - 0x000002000, 0x00001000 total bytes): removed
FCRS (0x00002000 - 0x000003000, 0x00001000 total bytes): removed
EFFS (0x00003000 - 0x000067000, 0x00064000 total bytes): removed
ACDS (NVRAM partition, no data, 0x00012c4c total bytes): nothing to remove
FTPM (NVRAM partition, no data, 0x0000b591 total bytes): nothing to remove
IPTS (NVRAM partition, no data, 0x00000069 total bytes): nothing to remove
LPBK (NVRAM partition, no data, 0x0000095a total bytes): nothing to remove
NVCL (NVRAM partition, no data, 0x00006ad2 total bytes): nothing to remove
NVCP (NVRAM partition, no data, 0x0000a847 total bytes): nothing to remove
NVJC (NVRAM partition, no data, 0x00005000 total bytes): nothing to remove
NVKR (NVRAM partition, no data, 0x00006cfe total bytes): nothing to remove
NVNF (NVRAM partition, no data, 0x0000187b total bytes): nothing to remove
NVTD (NVRAM partition, no data, 0x00001eba total bytes): nothing to remove
STOK (NVRAM partition, no data, 0x000004a4 total bytes): nothing to remove
FTPR (0x00067000 - 0x0000dd000, 0x00076000 total bytes): NOT removed
NFTP (0x000dd000 - 0x000153000, 0x00076000 total bytes): removed
Removing partition entries in FPT...
Removing EFFS presence flag...
Correcting checksum (0xd5)...
Reading FTPR modules list...
BUP (uncomp., 0x068000 - 0x07d000 ): NOT removed, essential
KERNEL (LZMA , 0x07d000 - 0x08eb41 ): removed
POLICY (LZMA , 0x08f000 - 0x099661 ): removed
HOSTCOMM (LZMA , 0x09a000 - 0x0a2a1b ): removed
FPF (LZMA , 0x0a3000 - 0x0a4ea2 ): removed
RSA (LZMA , 0x0a5000 - 0x0ab33c ): removed
fTPM (LZMA , 0x0ac000 - 0x0bbd3a ): removed
SBOOT (LZMA , 0x0bc000 - 0x0c1045 ): removed
The ME minimum size should be 532480 bytes (0x82000 bytes)
The ME region can be reduced up to:
00003000:00084fff me
Setting the AltMeDisable bit in PCHSTRP10 to disable Intel ME...
Checking the FTPR RSA signature... VALID
Done! Good luck!

@kitsunyan

This comment has been minimized.

Show comment
Hide comment
@kitsunyan

kitsunyan Jul 5, 2018

Working on:

  • Intel Core i7-7500U
  • Kaby Lake
  • Lenovo ThinkPad T25
  • Stock BIOS
  • With -S flag

The result is quite surprising for me. intelmetool reported about hardened Boot Guard setup before flashing:

ME Capability: BootGuard: ON
ME Capability: BootGuard Mode: Verified & Measured Boot

But despite this, I was able to clean IME with -S flag and successfully boot the machine. No error messages, no boot delay.

I checked the firmware again:

Found 1 partition(s)
ME/TXE firmware version 11.8.50.3425
The HAP bit is SET

The HECI device is gone from list of PCI devices. intelmetool reports Can't find ME PCI device.

Thanks for your work.

kitsunyan commented Jul 5, 2018

Working on:

  • Intel Core i7-7500U
  • Kaby Lake
  • Lenovo ThinkPad T25
  • Stock BIOS
  • With -S flag

The result is quite surprising for me. intelmetool reported about hardened Boot Guard setup before flashing:

ME Capability: BootGuard: ON
ME Capability: BootGuard Mode: Verified & Measured Boot

But despite this, I was able to clean IME with -S flag and successfully boot the machine. No error messages, no boot delay.

I checked the firmware again:

Found 1 partition(s)
ME/TXE firmware version 11.8.50.3425
The HAP bit is SET

The HECI device is gone from list of PCI devices. intelmetool reports Can't find ME PCI device.

Thanks for your work.

@r0bi

This comment has been minimized.

Show comment
Hide comment
@r0bi

r0bi Jul 6, 2018

Working on:

  • Intel Core i7 4770
  • Haswell
  • HP EliteDesk 800 G1 SFF
  • OEM latest firmware
  • with -S flag

(external flash)

[hp@localhost intelmetool]$ sudo ./intelmetool -m
MEI found: [8086:8c3a] 8 Series/C220 Series Chipset Family MEI Controller #1                                                                                                                   
                                                                                                                                                                                               
ME Status   : 0x1e020191                                                                                                                                                                       
ME Status 2 : 0x164d2142                                                                                                                                                                       
                                                                                                                                                                                               
ME: FW Partition Table      : OK                                                                                                                                                               
ME: Bringup Loader Failure  : NO                                                                                                                                                               
ME: Firmware Init Complete  : NO                                                                                                                                                               
ME: Manufacturing Mode      : YES                                                                                                                                                              
ME: Boot Options Present    : NO                                                                                                                                                               
ME: Update In Progress      : NO
ME: Current Working State   : Initializing
ME: Current Operation State : Bring up
ME: Current Operation Mode  : Debug
ME: Error Code              : No Error
ME: Progress Phase          : BUP Phase
ME: Power Management Event  : Pseudo-global reset
ME: Progress Phase State    : 0x4d

ME: Extend SHA-256: [hash]

ME: failed to become ready
ME: failed to become ready
ME: GET FW VERSION message failed

r0bi commented Jul 6, 2018

Working on:

  • Intel Core i7 4770
  • Haswell
  • HP EliteDesk 800 G1 SFF
  • OEM latest firmware
  • with -S flag

(external flash)

[hp@localhost intelmetool]$ sudo ./intelmetool -m
MEI found: [8086:8c3a] 8 Series/C220 Series Chipset Family MEI Controller #1                                                                                                                   
                                                                                                                                                                                               
ME Status   : 0x1e020191                                                                                                                                                                       
ME Status 2 : 0x164d2142                                                                                                                                                                       
                                                                                                                                                                                               
ME: FW Partition Table      : OK                                                                                                                                                               
ME: Bringup Loader Failure  : NO                                                                                                                                                               
ME: Firmware Init Complete  : NO                                                                                                                                                               
ME: Manufacturing Mode      : YES                                                                                                                                                              
ME: Boot Options Present    : NO                                                                                                                                                               
ME: Update In Progress      : NO
ME: Current Working State   : Initializing
ME: Current Operation State : Bring up
ME: Current Operation Mode  : Debug
ME: Error Code              : No Error
ME: Progress Phase          : BUP Phase
ME: Power Management Event  : Pseudo-global reset
ME: Progress Phase State    : 0x4d

ME: Extend SHA-256: [hash]

ME: failed to become ready
ME: failed to become ready
ME: GET FW VERSION message failed

@guillaumedsde

This comment has been minimized.

Show comment
Hide comment
@guillaumedsde

guillaumedsde Jul 12, 2018

external flash with a ch341a, no problems with -s flag

    Skylake
    i3-6100
    ASUS G11CD rev 1
    latest UEFI as of 12/07/2018
    tried -S no post, -s works without any problems so far

guillaumedsde commented Jul 12, 2018

external flash with a ch341a, no problems with -s flag

    Skylake
    i3-6100
    ASUS G11CD rev 1
    latest UEFI as of 12/07/2018
    tried -S no post, -s works without any problems so far
@mha42

This comment has been minimized.

Show comment
Hide comment
@mha42

mha42 Jul 13, 2018

CPU architecture: Skylake
CPU model: Intel i7-7820x (socket 2066)
Laptop/motherboard: MSI X299m Gaming Pro Carbon AC
OEM BIOS or coreboot?: OEM
Version: 7B06v16 (2018-03-25)
Status: Works!
If you used the -s/-S flag in me_cleaner: -S hung the system on boot with status LEDs displaying "00". -s boots the system with the message "The ME FW of system was found abnormal". No key press required for system to continue as usual.

No shutdown after 30 minutes.

Only running Windows on this system so cannot check with the above recommended utils, however, the SA00086 tool reported:

*** Intel(R) ME Information ***
Engine: Intel(R) Management Engine
Version: Unknown
SVN: 0

Previously to running this tool SA00086 would show the ME version.

mha42 commented Jul 13, 2018

CPU architecture: Skylake
CPU model: Intel i7-7820x (socket 2066)
Laptop/motherboard: MSI X299m Gaming Pro Carbon AC
OEM BIOS or coreboot?: OEM
Version: 7B06v16 (2018-03-25)
Status: Works!
If you used the -s/-S flag in me_cleaner: -S hung the system on boot with status LEDs displaying "00". -s boots the system with the message "The ME FW of system was found abnormal". No key press required for system to continue as usual.

No shutdown after 30 minutes.

Only running Windows on this system so cannot check with the above recommended utils, however, the SA00086 tool reported:

*** Intel(R) ME Information ***
Engine: Intel(R) Management Engine
Version: Unknown
SVN: 0

Previously to running this tool SA00086 would show the ME version.

@seadra

This comment has been minimized.

Show comment
Hide comment
@seadra

seadra Jul 22, 2018

CPU architecture: Haswell
CPU model: 4670K
Motherboard: MSI H81-I (MS-7851)
OEM BIOS or coreboot?: OEM (version A.6)
If you used the -s/-S flag in me_cleaner: used -S flag only
Status: Works

Just downloaded & extracted 7851vA6.zip from MSI website, and ran ./me_cleaner -S -O E7851IMS_modified.A60 E7851IMS.A60. I then copied everything from the zip file to a USB disk, and replaced the E7851IMS.A60 with E7851IMS_modified.A60 (the filename apparently must be E7851IMS.A60 for M-FLASH) in the disk. Rebooted, entered the BIOS menu with DEL, and used M-FLASH to update the BIOS + ME. Computer rebooted itself twice and after that things are running perfectly fine so far and ME is gone!

seadra commented Jul 22, 2018

CPU architecture: Haswell
CPU model: 4670K
Motherboard: MSI H81-I (MS-7851)
OEM BIOS or coreboot?: OEM (version A.6)
If you used the -s/-S flag in me_cleaner: used -S flag only
Status: Works

Just downloaded & extracted 7851vA6.zip from MSI website, and ran ./me_cleaner -S -O E7851IMS_modified.A60 E7851IMS.A60. I then copied everything from the zip file to a USB disk, and replaced the E7851IMS.A60 with E7851IMS_modified.A60 (the filename apparently must be E7851IMS.A60 for M-FLASH) in the disk. Rebooted, entered the BIOS menu with DEL, and used M-FLASH to update the BIOS + ME. Computer rebooted itself twice and after that things are running perfectly fine so far and ME is gone!

@nodeg

This comment has been minimized.

Show comment
Hide comment
@nodeg

nodeg Jul 23, 2018

  • Intel Core i5-2520M
  • Sandy Bridge
  • Lenovo Thinkpad T420
  • Coreboot 4.8.1+ SeaBIOS 1.11.2

nodeg commented Jul 23, 2018

  • Intel Core i5-2520M
  • Sandy Bridge
  • Lenovo Thinkpad T420
  • Coreboot 4.8.1+ SeaBIOS 1.11.2
@GreenBeard

This comment has been minimized.

Show comment
Hide comment
@GreenBeard

GreenBeard Aug 2, 2018

Hard to tell if it is working:

  • CPU architecture: Skylake
  • CPU model: Intel i5 6500
  • Laptop/motherboard: Asus H170 Pro Gaming
  • OEM BIOS (mostly followed #62, flashed using Window's version of tool and /GAN)
  • -S flag was used

The intelmetool claims the following (see bottom), however the official Intel ME Verification Tool (https://downloadcenter.intel.com/download/19009/Intel-Management-Engine-Verification-Utility, I dualbooted into Windows) crashed aftering a few minutes of doing nothing. The ethernet stopped working for my Linux OS (linux mint 17.3), but it continued to chug away on Windows. Interestingly enough the BIOS I downloaded version 3805 mentions "Intel New ME Update, Improve Stability" in the updates (https://www.asus.com/us/Motherboards/H170-PRO-GAMING/HelpDesk_BIOS/). I think I want ethernet though and am going to attempt to revert what I did to the ME tool.

MEI found: [8086:a13a] Sunrise Point-H CSME HECI #1

ME Status   : 0x90000245
ME Status 2 : 0x86110306

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : YES
ME: Manufacturing Mode      : NO
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Normal
ME: Current Operation State : M0 with UMA
ME: Current Operation Mode  : Normal
ME: Error Code              : No Error
ME: Progress Phase          : Clean Moff->Mx wake
ME: Power Management Event  : Pseudo-global reset
ME: Progress Phase State    : Unknown 0x11

ME: Extend Register not valid

ME: Firmware Version 11.8.3470.50 (code) 11.8.3470.50 (recovery) 11.0.1168.0 (fitc)

ME Capability: Full Network manageability                 : OFF
ME Capability: Regular Network manageability              : OFF
ME Capability: Manageability                              : OFF
ME Capability: Small business technology                  : OFF
ME Capability: Level III manageability                    : OFF
ME Capability: IntelR Anti-Theft (AT)                     : OFF
ME Capability: IntelR Capability Licensing Service (CLS)  : ON
ME Capability: IntelR Power Sharing Technology (MPC)      : ON
ME Capability: ICC Over Clocking                          : OFF
ME Capability: Protected Audio Video Path (PAVP)          : ON
ME Capability: IPV6                                       : OFF
ME Capability: KVM Remote Control (KVM)                   : OFF
ME Capability: Outbreak Containment Heuristic (OCH)       : OFF
ME Capability: Virtual LAN (VLAN)                         : ON
ME Capability: TLS                                        : OFF
ME Capability: Wireless LAN (WLAN)                        : OFF

GreenBeard commented Aug 2, 2018

Hard to tell if it is working:

  • CPU architecture: Skylake
  • CPU model: Intel i5 6500
  • Laptop/motherboard: Asus H170 Pro Gaming
  • OEM BIOS (mostly followed #62, flashed using Window's version of tool and /GAN)
  • -S flag was used

The intelmetool claims the following (see bottom), however the official Intel ME Verification Tool (https://downloadcenter.intel.com/download/19009/Intel-Management-Engine-Verification-Utility, I dualbooted into Windows) crashed aftering a few minutes of doing nothing. The ethernet stopped working for my Linux OS (linux mint 17.3), but it continued to chug away on Windows. Interestingly enough the BIOS I downloaded version 3805 mentions "Intel New ME Update, Improve Stability" in the updates (https://www.asus.com/us/Motherboards/H170-PRO-GAMING/HelpDesk_BIOS/). I think I want ethernet though and am going to attempt to revert what I did to the ME tool.

MEI found: [8086:a13a] Sunrise Point-H CSME HECI #1

ME Status   : 0x90000245
ME Status 2 : 0x86110306

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : YES
ME: Manufacturing Mode      : NO
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Normal
ME: Current Operation State : M0 with UMA
ME: Current Operation Mode  : Normal
ME: Error Code              : No Error
ME: Progress Phase          : Clean Moff->Mx wake
ME: Power Management Event  : Pseudo-global reset
ME: Progress Phase State    : Unknown 0x11

ME: Extend Register not valid

ME: Firmware Version 11.8.3470.50 (code) 11.8.3470.50 (recovery) 11.0.1168.0 (fitc)

ME Capability: Full Network manageability                 : OFF
ME Capability: Regular Network manageability              : OFF
ME Capability: Manageability                              : OFF
ME Capability: Small business technology                  : OFF
ME Capability: Level III manageability                    : OFF
ME Capability: IntelR Anti-Theft (AT)                     : OFF
ME Capability: IntelR Capability Licensing Service (CLS)  : ON
ME Capability: IntelR Power Sharing Technology (MPC)      : ON
ME Capability: ICC Over Clocking                          : OFF
ME Capability: Protected Audio Video Path (PAVP)          : ON
ME Capability: IPV6                                       : OFF
ME Capability: KVM Remote Control (KVM)                   : OFF
ME Capability: Outbreak Containment Heuristic (OCH)       : OFF
ME Capability: Virtual LAN (VLAN)                         : ON
ME Capability: TLS                                        : OFF
ME Capability: Wireless LAN (WLAN)                        : OFF
@lukacsd

This comment has been minimized.

Show comment
Hide comment
@lukacsd

lukacsd Aug 5, 2018

Working on:

  • Intel Core i7-3770K
  • Ivy Bridge
  • MSI Z77 MPower (MS-7751)
  • OEM BIOS
  • with -S flag
  • d5b0806

lukacsd commented Aug 5, 2018

Working on:

  • Intel Core i7-3770K
  • Ivy Bridge
  • MSI Z77 MPower (MS-7751)
  • OEM BIOS
  • with -S flag
  • d5b0806
@IlyaMZP

This comment has been minimized.

Show comment
Hide comment
@IlyaMZP

IlyaMZP Aug 11, 2018

Working on:

  • Intel Core i5-3470
  • Ivy Bridge
  • Intel DH77EB
  • OEM BIOS
  • With -S flag
$ sudo intelmetool -m
Bad news, you have a `H77 Express Chipset LPC Controller` so you have ME hardware on board and you can't control or disable it, continuing...

MEI found: [8086:1e3a] 7 Series/C216 Chipset Family MEI Controller #1

ME Status   : 0x1e020191
ME Status 2 : 0x160a0140

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : NO
ME: Manufacturing Mode      : YES
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Initializing
ME: Current Operation State : Bring up
ME: Current Operation Mode  : Debug
ME: Error Code              : No Error
ME: Progress Phase          : BUP Phase
ME: Power Management Event  : Pseudo-global reset
ME: Progress Phase State    : Check to see if straps say ME DISABLED

ME: Extend SHA-256: 1f26f801d908a89a51428e47738d05bdc0f7bd9a79dafb61bf8876355594aa5d

ME: failed to become ready
ME: failed to become ready
ME: GET FW VERSION message failed

Tested for a few months now. No problems at all.

IlyaMZP commented Aug 11, 2018

Working on:

  • Intel Core i5-3470
  • Ivy Bridge
  • Intel DH77EB
  • OEM BIOS
  • With -S flag
$ sudo intelmetool -m
Bad news, you have a `H77 Express Chipset LPC Controller` so you have ME hardware on board and you can't control or disable it, continuing...

MEI found: [8086:1e3a] 7 Series/C216 Chipset Family MEI Controller #1

ME Status   : 0x1e020191
ME Status 2 : 0x160a0140

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : NO
ME: Manufacturing Mode      : YES
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Initializing
ME: Current Operation State : Bring up
ME: Current Operation Mode  : Debug
ME: Error Code              : No Error
ME: Progress Phase          : BUP Phase
ME: Power Management Event  : Pseudo-global reset
ME: Progress Phase State    : Check to see if straps say ME DISABLED

ME: Extend SHA-256: 1f26f801d908a89a51428e47738d05bdc0f7bd9a79dafb61bf8876355594aa5d

ME: failed to become ready
ME: failed to become ready
ME: GET FW VERSION message failed

Tested for a few months now. No problems at all.

@benwa

This comment has been minimized.

Show comment
Hide comment
@benwa

benwa Aug 11, 2018

Working on:

  • Intel Core i5-3570K
  • Ivy Bridge
  • Gigabyte GA-Z77-DS3H
  • OEM BIOS
  • With -S flag

benwa commented Aug 11, 2018

Working on:

  • Intel Core i5-3570K
  • Ivy Bridge
  • Gigabyte GA-Z77-DS3H
  • OEM BIOS
  • With -S flag
@xinterix

This comment has been minimized.

Show comment
Hide comment
@xinterix

xinterix Aug 12, 2018

Intel Core i7 7700K
Asus Tuf Mark 1 z270

NOTE: Only works one time and afterwards the once unlocked will be locked, so any future downgrades will require external flashing however the possibility of upgrades may still work but until one is released, I can't say for sure. The steps below is just a quick summary of I what I did and should not be relied upon as an actual tutorial.

If you already have 11.7.0.1229 the latest ME, I doubt this will work, I can't verify if it would.

Internal OEM works without any options using the latest Vulnerability Patch 11.7.0.1229.

Download the ME vulnerability patch from Asus support page. - MEUpdateTool_UI_20171103_TP.zip

Extract the zip and copied the ME.bin file contained in the subfolder called FW.

I ran me_cleaner on the ME.bin (which is only a TXE image, so only cleaned it) .

You will loose OEM stuff if you don't use FIT or rebuild ME which I not certain or not how this relates with it being only TXE.

I was just learning and failed to do it, I lost one of my ethernet MAC addresses, only one works now, and I would advise you very strongly to use FIT. As soon as my external flashing tool arrives I plan to fix.

You will need to use FIT afterwards.

You can then replace the ME.bin with your modified one, and run the Meupdatetool.exe found in the root directory.

I'm pretty sure if you have not yet got the update or done the above steps, you may also be able to flash modified CAP or full ROMS containing the updated ME, only if ME is later then your present version using AFU or IFT, IFT allows flash of same version using -allowsv, but like I said if already have the update, don't bother.

I lost any further flash capabilities by flashing the update so I can no longer test, I have external flashing hardware on it's way, so i will post anything i learn.

xinterix commented Aug 12, 2018

Intel Core i7 7700K
Asus Tuf Mark 1 z270

NOTE: Only works one time and afterwards the once unlocked will be locked, so any future downgrades will require external flashing however the possibility of upgrades may still work but until one is released, I can't say for sure. The steps below is just a quick summary of I what I did and should not be relied upon as an actual tutorial.

If you already have 11.7.0.1229 the latest ME, I doubt this will work, I can't verify if it would.

Internal OEM works without any options using the latest Vulnerability Patch 11.7.0.1229.

Download the ME vulnerability patch from Asus support page. - MEUpdateTool_UI_20171103_TP.zip

Extract the zip and copied the ME.bin file contained in the subfolder called FW.

I ran me_cleaner on the ME.bin (which is only a TXE image, so only cleaned it) .

You will loose OEM stuff if you don't use FIT or rebuild ME which I not certain or not how this relates with it being only TXE.

I was just learning and failed to do it, I lost one of my ethernet MAC addresses, only one works now, and I would advise you very strongly to use FIT. As soon as my external flashing tool arrives I plan to fix.

You will need to use FIT afterwards.

You can then replace the ME.bin with your modified one, and run the Meupdatetool.exe found in the root directory.

I'm pretty sure if you have not yet got the update or done the above steps, you may also be able to flash modified CAP or full ROMS containing the updated ME, only if ME is later then your present version using AFU or IFT, IFT allows flash of same version using -allowsv, but like I said if already have the update, don't bother.

I lost any further flash capabilities by flashing the update so I can no longer test, I have external flashing hardware on it's way, so i will post anything i learn.

@xinterix

This comment has been minimized.

Show comment
Hide comment
@xinterix

xinterix Aug 19, 2018

MSI z370 Gaming Plus MS-7B61
Intel Core i5 8600K

Downloaded from MSI support the only available bios update that mentioned it containing an ME update which was the following file: 7B61v11.zip based off the version.

I will warn you, my first attempt I did the full clean + the HAP (-S -O) and used the normal bios M-Flash update utility to flash it, and everything seemed to proceed like any other flash, however after restart it was bricked. It was purchased the day before so I exchanged it rather then messing with physical flash recovery of the backup.

I have no idea what made me go and try a second time considering I doubt the merchant would have accepted my excuse again.

Everything was done near damn perfect the first time and so I yet to figure out what happened to cause the problem other then it's not work this board. I can't say for sure either way, it may still be possible to do a clean and succeed with flashing perhaps with different method. The bricked board could have been from other reasons, although I didn't observe anything, there's always a possibility.

So the second time I used the lower case -s (HAP ONLY) and flashed it the same way - used M-Flash (remember to include the text file that comes with the bios file when copying or moving it around because the bios file will not show up in the list of availble without it present too, on M-Flash tool).

You don't even need UEFITool or anything as the bios is already the correct format and is not in capsule or anything. Just extract from zip file run me_cleaner with lower case s.

After completing the flash you will forever be prompted when starting your pc with same message as mentioned by Nimayer, but it does not appear to cause any problems. PC seems to run much faster now.

Thought I might point out that with this particular board and example, the single little difference between a lower case and capital "S" is all that would be needed for the difference between a successful flash with working board or a completely bricked board.

In my first try I completely knew and intended to do it that way, by using -S, (only way to know is to try, right?), but for those who are more new to me_cleaner, Perhaps developer to change the switch used for specifying the HAP only switch or the other. For others people (and trust me i see them all the time) who are more inclined to mistaken the difference of and importance with lower case and capitol letter, like those Microsoft users, where case sensitivity used to be irrelevant as more and more people start using me_cleaner.

9/6/2018

Ok there is an issue I have noticed since I originally posted and thought I would include it. It seems that sometimes the overclock settings that you may attempt to use (settings that would otherwise normally work), even something as simple as changing to an XMP profile, will bring you to the message after hanging for a bit, telling you they failed and that it loaded defaults. But sometimes it does work, and once it finally does save the settings and properly startup, it will work every time afters until you try changing sometime in the bios again.

xinterix commented Aug 19, 2018

MSI z370 Gaming Plus MS-7B61
Intel Core i5 8600K

Downloaded from MSI support the only available bios update that mentioned it containing an ME update which was the following file: 7B61v11.zip based off the version.

I will warn you, my first attempt I did the full clean + the HAP (-S -O) and used the normal bios M-Flash update utility to flash it, and everything seemed to proceed like any other flash, however after restart it was bricked. It was purchased the day before so I exchanged it rather then messing with physical flash recovery of the backup.

I have no idea what made me go and try a second time considering I doubt the merchant would have accepted my excuse again.

Everything was done near damn perfect the first time and so I yet to figure out what happened to cause the problem other then it's not work this board. I can't say for sure either way, it may still be possible to do a clean and succeed with flashing perhaps with different method. The bricked board could have been from other reasons, although I didn't observe anything, there's always a possibility.

So the second time I used the lower case -s (HAP ONLY) and flashed it the same way - used M-Flash (remember to include the text file that comes with the bios file when copying or moving it around because the bios file will not show up in the list of availble without it present too, on M-Flash tool).

You don't even need UEFITool or anything as the bios is already the correct format and is not in capsule or anything. Just extract from zip file run me_cleaner with lower case s.

After completing the flash you will forever be prompted when starting your pc with same message as mentioned by Nimayer, but it does not appear to cause any problems. PC seems to run much faster now.

Thought I might point out that with this particular board and example, the single little difference between a lower case and capital "S" is all that would be needed for the difference between a successful flash with working board or a completely bricked board.

In my first try I completely knew and intended to do it that way, by using -S, (only way to know is to try, right?), but for those who are more new to me_cleaner, Perhaps developer to change the switch used for specifying the HAP only switch or the other. For others people (and trust me i see them all the time) who are more inclined to mistaken the difference of and importance with lower case and capitol letter, like those Microsoft users, where case sensitivity used to be irrelevant as more and more people start using me_cleaner.

9/6/2018

Ok there is an issue I have noticed since I originally posted and thought I would include it. It seems that sometimes the overclock settings that you may attempt to use (settings that would otherwise normally work), even something as simple as changing to an XMP profile, will bring you to the message after hanging for a bit, telling you they failed and that it loaded defaults. But sometimes it does work, and once it finally does save the settings and properly startup, it will work every time afters until you try changing sometime in the bios again.

@youiopmop

This comment has been minimized.

Show comment
Hide comment
@youiopmop

youiopmop Aug 24, 2018

Works on:

  • Intel Core i3-6100
  • Skylake
  • MSI B150M Pro-VDH
  • OEM BIOS downloaded from MSI's website, used me_cleaner to disable ME, internal flashed using M-Flash inside BIOS (lucky it worked since I don't have an external flasher)
  • With -S flag

intelmetool reports
~/c/u/intelmetool $ sudo ./intelmetool -m
Can't find ME PCI device

On bootup a message pops up saying that the ME is corrupted and you should reflash the BIOS, however, after a few seconds it just boots as normal

In addition, in BIOS settings the ME Version is shown as 'N/A'
img_20180824_203445
img_20180824_204835

youiopmop commented Aug 24, 2018

Works on:

  • Intel Core i3-6100
  • Skylake
  • MSI B150M Pro-VDH
  • OEM BIOS downloaded from MSI's website, used me_cleaner to disable ME, internal flashed using M-Flash inside BIOS (lucky it worked since I don't have an external flasher)
  • With -S flag

intelmetool reports
~/c/u/intelmetool $ sudo ./intelmetool -m
Can't find ME PCI device

On bootup a message pops up saying that the ME is corrupted and you should reflash the BIOS, however, after a few seconds it just boots as normal

In addition, in BIOS settings the ME Version is shown as 'N/A'
img_20180824_203445
img_20180824_204835

@dartraiden

This comment has been minimized.

Show comment
Hide comment
@dartraiden

dartraiden Aug 28, 2018

  • Skylake
  • Intel Core i7-6700 ES (Engineering sample)
  • ASUS Z170-P
  • OEM BIOS version 1804 (this CPU is incompatible with latest BIOSes)
  • Both (-S and -s) are working. ME successfully wiped (version 0.0.0.0 in BIOS), but motherboard cannot increase base clock without ME, so overclocking Non-K CPU is impossible.

dartraiden commented Aug 28, 2018

  • Skylake
  • Intel Core i7-6700 ES (Engineering sample)
  • ASUS Z170-P
  • OEM BIOS version 1804 (this CPU is incompatible with latest BIOSes)
  • Both (-S and -s) are working. ME successfully wiped (version 0.0.0.0 in BIOS), but motherboard cannot increase base clock without ME, so overclocking Non-K CPU is impossible.
@frenklin

This comment has been minimized.

Show comment
Hide comment
@frenklin

frenklin Sep 8, 2018

Laptop HP ENVY dv7
Core i7-3630QM

Full image detected
The ME/TXE region goes from 0x1000 to 0x380000
Found FPT header at 0x1010
Found 15 partition(s)
Found FTPR header: FTPR partition spans from 0x93000 to 0x108000
ME/TXE firmware version 8.1.0.1248
Public key match: Intel ME, firmware versions 7.x.x.x, 8.x.x.x
The AltMeDisable bit is NOT SET
Reading partitions list...
???? (0x000003c0 - 0x000000400, 0x00000040 total bytes): removed
FOVD (0x00000400 - 0x000001000, 0x00000c00 total bytes): removed
MDES (0x00001000 - 0x000002000, 0x00001000 total bytes): removed
FCRS (0x00002000 - 0x000003000, 0x00001000 total bytes): removed
EFFS (0x00003000 - 0x00004b000, 0x00048000 total bytes): removed
NVCL (NVRAM partition, no data, 0x00010511 total bytes): nothing to remove
NVCP (NVRAM partition, no data, 0x0000a553 total bytes): nothing to remove
NVJC (NVRAM partition, no data, 0x00004000 total bytes): nothing to remove
NVKR (NVRAM partition, no data, 0x0001257d total bytes): nothing to remove
NVSH (NVRAM partition, no data, 0x00007609 total bytes): nothing to remove
NVTD (NVRAM partition, no data, 0x00001eac total bytes): nothing to remove
GLUT (0x0004b000 - 0x00004d000, 0x00002000 total bytes): removed
MDMV (0x0004d000 - 0x000093000, 0x00046000 total bytes): removed
FTPR (0x00093000 - 0x000108000, 0x00075000 total bytes): NOT removed
NFTP (0x00108000 - 0x00017d000, 0x00075000 total bytes): removed
Removing partition entries in FPT...
Removing EFFS presence flag...
Correcting checksum (0x10)...
Reading FTPR modules list...
UPDATE (LZMA , 0x0df61c - 0x0df7da ): removed
ROMP (Huffman, fragmented data, ~2 KiB ): NOT removed, essential
BUP (Huffman, fragmented data, ~56 KiB ): NOT removed, essential
KERNEL (Huffman, fragmented data, ~135 KiB ): removed
POLICY (Huffman, fragmented data, ~91 KiB ): removed
HOSTCOMM (LZMA , 0x0df7da - 0x0e64fa ): removed
RSA (LZMA , 0x0e64fa - 0x0eb760 ): removed
CLS (LZMA , 0x0eb760 - 0x0f0f03 ): removed
TDT (LZMA , 0x0f0f03 - 0x0f75e3 ): removed
FTCS (Huffman, fragmented data, ~18 KiB ): removed
ClsPriv (LZMA , 0x0f75e3 - 0x0f79c3 ): removed
SESSMGR (LZMA , 0x0f79c3 - 0x1062c0 ): removed
The ME minimum size should be 696320 bytes (0xaa000 bytes)
The ME region can be reduced up to:
00001000:000aafff me
Setting the AltMeDisable bit in PCHSTRP10 to disable Intel ME...
Checking the FTPR RSA signature... VALID

Works perfect!

frenklin commented Sep 8, 2018

Laptop HP ENVY dv7
Core i7-3630QM

Full image detected
The ME/TXE region goes from 0x1000 to 0x380000
Found FPT header at 0x1010
Found 15 partition(s)
Found FTPR header: FTPR partition spans from 0x93000 to 0x108000
ME/TXE firmware version 8.1.0.1248
Public key match: Intel ME, firmware versions 7.x.x.x, 8.x.x.x
The AltMeDisable bit is NOT SET
Reading partitions list...
???? (0x000003c0 - 0x000000400, 0x00000040 total bytes): removed
FOVD (0x00000400 - 0x000001000, 0x00000c00 total bytes): removed
MDES (0x00001000 - 0x000002000, 0x00001000 total bytes): removed
FCRS (0x00002000 - 0x000003000, 0x00001000 total bytes): removed
EFFS (0x00003000 - 0x00004b000, 0x00048000 total bytes): removed
NVCL (NVRAM partition, no data, 0x00010511 total bytes): nothing to remove
NVCP (NVRAM partition, no data, 0x0000a553 total bytes): nothing to remove
NVJC (NVRAM partition, no data, 0x00004000 total bytes): nothing to remove
NVKR (NVRAM partition, no data, 0x0001257d total bytes): nothing to remove
NVSH (NVRAM partition, no data, 0x00007609 total bytes): nothing to remove
NVTD (NVRAM partition, no data, 0x00001eac total bytes): nothing to remove
GLUT (0x0004b000 - 0x00004d000, 0x00002000 total bytes): removed
MDMV (0x0004d000 - 0x000093000, 0x00046000 total bytes): removed
FTPR (0x00093000 - 0x000108000, 0x00075000 total bytes): NOT removed
NFTP (0x00108000 - 0x00017d000, 0x00075000 total bytes): removed
Removing partition entries in FPT...
Removing EFFS presence flag...
Correcting checksum (0x10)...
Reading FTPR modules list...
UPDATE (LZMA , 0x0df61c - 0x0df7da ): removed
ROMP (Huffman, fragmented data, ~2 KiB ): NOT removed, essential
BUP (Huffman, fragmented data, ~56 KiB ): NOT removed, essential
KERNEL (Huffman, fragmented data, ~135 KiB ): removed
POLICY (Huffman, fragmented data, ~91 KiB ): removed
HOSTCOMM (LZMA , 0x0df7da - 0x0e64fa ): removed
RSA (LZMA , 0x0e64fa - 0x0eb760 ): removed
CLS (LZMA , 0x0eb760 - 0x0f0f03 ): removed
TDT (LZMA , 0x0f0f03 - 0x0f75e3 ): removed
FTCS (Huffman, fragmented data, ~18 KiB ): removed
ClsPriv (LZMA , 0x0f75e3 - 0x0f79c3 ): removed
SESSMGR (LZMA , 0x0f79c3 - 0x1062c0 ): removed
The ME minimum size should be 696320 bytes (0xaa000 bytes)
The ME region can be reduced up to:
00001000:000aafff me
Setting the AltMeDisable bit in PCHSTRP10 to disable Intel ME...
Checking the FTPR RSA signature... VALID

Works perfect!

@ro-bercik

This comment has been minimized.

Show comment
Hide comment
@ro-bercik

ro-bercik Sep 19, 2018

Working on:

  • Asus K53SD
  • i5 2450M / Sandy Bridge
  • HM65 / Cougar Point
  • OEM BIOS
  • flag -S

ro-bercik commented Sep 19, 2018

Working on:

  • Asus K53SD
  • i5 2450M / Sandy Bridge
  • HM65 / Cougar Point
  • OEM BIOS
  • flag -S
@ro-bercik

This comment has been minimized.

Show comment
Hide comment
@ro-bercik

ro-bercik Sep 20, 2018

Working on:

  • Asrock H55M-LE
  • i3 540 / Clarkdale
  • H55 / Ibex Peak
  • OEM BIOS
  • flag -S

ro-bercik commented Sep 20, 2018

Working on:

  • Asrock H55M-LE
  • i3 540 / Clarkdale
  • H55 / Ibex Peak
  • OEM BIOS
  • flag -S
@ro-bercik

This comment has been minimized.

Show comment
Hide comment
@ro-bercik

ro-bercik Sep 22, 2018

Working on:

  • Asus PU551JA
  • i5 4210M / Haswell
  • HM87 / Lynx Point
  • OEM BIOS
  • flag -S

ro-bercik commented Sep 22, 2018

Working on:

  • Asus PU551JA
  • i5 4210M / Haswell
  • HM87 / Lynx Point
  • OEM BIOS
  • flag -S
@ManoaNosea

This comment has been minimized.

Show comment
Hide comment
@ManoaNosea

ManoaNosea Sep 23, 2018

Asrock z87 Extreme3
i7 4790K / Haswell Devil Canyon
Z87
BIOS version downloaded and flashed internally from site: Z87Ex32.70A
then read directly from the chip by ch341_a: flag -S + ifdtool -u
Results: there is no 30 minutes shutdown, but I think the network card (not on board) goes into "cable disconnected" after 30 minutes, can be re-enabled and it works !

I hope ifdtool -u will allow future BIOS updates internally without the external tool

ManoaNosea commented Sep 23, 2018

Asrock z87 Extreme3
i7 4790K / Haswell Devil Canyon
Z87
BIOS version downloaded and flashed internally from site: Z87Ex32.70A
then read directly from the chip by ch341_a: flag -S + ifdtool -u
Results: there is no 30 minutes shutdown, but I think the network card (not on board) goes into "cable disconnected" after 30 minutes, can be re-enabled and it works !

I hope ifdtool -u will allow future BIOS updates internally without the external tool

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment