Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

me_cleaner status #3

Open
corna opened this issue Nov 28, 2016 · 390 comments
Open

me_cleaner status #3

corna opened this issue Nov 28, 2016 · 390 comments

Comments

@corna
Copy link
Owner

@corna corna commented Nov 28, 2016

Please comment here if me_cleaner works on your device.
If this tool does not work on your PC (or it does not behave as expected), don't comment here but open an issue instead.
Specify:

  • CPU architecture
  • CPU model
  • Laptop/motherboard
  • OEM BIOS or coreboot?
  • If you used the -s/-S flag in me_cleaner

Thanks

@corna
Copy link
Owner Author

@corna corna commented Nov 28, 2016

Working on:

  • Intel Core i5-2520M
  • Sandy Bridge
  • Lenovo Thinkpad X220
  • coreboot
  • both with and without the -S flag

Working for more than a month now. Everything works perfectly, and the MEI device has disappeared from the PCI bus.

@afics
Copy link

@afics afics commented Nov 29, 2016

  • Sandy Bridge
  • Lenovo Thinkpad X220
  • coreboot

I can confirm it works on the Lenovo Thinkpad X220, but coreboot then recognizes only one of my two 8GB RAM modules. I'm currently investigating.

@sinetek
Copy link

@sinetek sinetek commented Nov 30, 2016

  • Intel Celeron 2955U
  • Haswell
  • Chromebook C720p
  • coreboot

Hey there, I build and flashed an image of coreboot for my chromebook (C720p) running a Haswell 2955U.

There is no MEI entry in the lspci list.
Not sure what other tests I can run to see the ME's state, open to running other tests, just tell me.

Passed the 30 minutes mark, seems to work. Thanks

@Nimayer
Copy link
Collaborator

@Nimayer Nimayer commented Dec 1, 2016

Working on:

  • Intel i5-6500
  • Skylake
  • MSI Bazooka B150M
  • Stock AMI Bios
  • 61fd606

Everything works, the HECI (formerly MEI) device disapperars, a screen at boot notifies that the ME firmware is corrupted, but pressing F2 lets the boot continue.
me_message_small

@zamaudio
Copy link
Contributor

@zamaudio zamaudio commented Dec 2, 2016

  • Intel
  • Core i5-2540M
  • Lenovo Thinkpad X220
  • Coreboot
  • 48deb6c

^^ Yes that's right, the experimental branch works on this board folks! No lzma modules!

@corna corna mentioned this issue Dec 12, 2016
@simonepsp
Copy link

@simonepsp simonepsp commented Dec 12, 2016

Working on

  • Intel Core i5 3320M
  • Ivy Bridge
  • Lenovo Thinkpad X230
  • Coreboot
  • d2e2308
@tlaurion
Copy link

@tlaurion tlaurion commented Dec 12, 2016

Working on

  • Intel Core i5 3320M
  • Ivy Bridge
  • Lenovo Thinkpad X230
  • Stock BIOS
  • d2e2308
@ilikenwf
Copy link

@ilikenwf ilikenwf commented Dec 19, 2016

  • Intel Core i7 4790k
  • Haswell
  • Desktop, ASRock Z97 Pro4
  • Modded Bios (see below)
  • ffe60d8

ASRock's bios packages are all in a proprietary format, but Windows based tools, specifically the UBU pack (http://www.win-raid.com/t154f16-Tool-Guide-News-quot-UEFI-BIOS-Updater-quot-UBU.html), allow them to be extracted and the firmware inside upgraded or downgraded. One may flash this modified file directly from the UEFI settings themselves, as it doesn't validate them.

It is unclear whether or not ME is properly disabled, as the kernel module loads but is not really usable, and the tools to check ME status segfault.

Removing extra partitions...
Removing extra partition entries in FPT...
Removing EFFS presence flag...
Reading FTPR modules list...
Wiping LZMA section (0xa7680 - 0xcf000)
 UPDATE: removed (0xa7680 - 0xa78aa)
 ROMP: removal of Huffman modules is not supported yet, skipping
 BUP: removal of Huffman modules is not supported yet, skipping
 KERNEL: removal of Huffman modules is not supported yet, skipping
 POLICY: removal of Huffman modules is not supported yet, skipping
 HOSTCOMM: removed (0xa78aa - 0xafbb5)
 TDT: removed (0xafbb5 - 0xb4f71)
 FPF: removed (0xb4f71 - 0xb6a77)
Correcting checksum (0xea)...
Done! Good luck!
@Marco889
Copy link

@Marco889 Marco889 commented Dec 19, 2016

  • Intel Core i7 4790k
  • Haswell
  • Desktop, ASRock Z97 Extreme6
  • Modded bios -- see #3 (comment)
  • ffe60d8

BIOS file name must be same as Instant Flash bios name, or else instant flash in bios does not detect it. In this case, Z97Ex62.70

/dev/mei0 does not exist, intelmetool reports it doesnt support my system (maybe it doesn't?), mei/mei_me modules still required by some ASRock Intel ME pci listing

Of note, Intel's own "Intel® Management Engine Verification Utility" in windows is perpetually spinning, which I should have tested beforehand. Looks like that only works if your cpu supports vPro. Tested on another Intel based machine with ME still in bios.

But everything seems to be working properly so far.

Full image detected

The ME region goes from 0x3000 to 0x1fffff

Found FPT header at 0x3010

Found 20 partition(s)
ME firmware version 9.1.10.1000
Found FTPR header: FTPR partition spans from 0x4a000 to 0xd2000
Removing extra partitions...
Removing extra partition entries in FPT...
Removing EFFS presence flag...
Reading FTPR modules list...
Wiping LZMA section (0xaa680 - 0xd2000)
 UPDATE          : removed (0xaa680 - 0xaa8aa)
 ROMP            : removal of Huffman modules is not supported yet, skipping
 BUP             : removal of Huffman modules is not supported yet, skipping
 KERNEL          : removal of Huffman modules is not supported yet, skipping
 POLICY          : removal of Huffman modules is not supported yet, skipping
 HOSTCOMM        : removed (0xaa8aa - 0xb2bb5)
 TDT             : removed (0xb2bb5 - 0xb7f71)
 FPF             : removed (0xb7f71 - 0xb9a77)
Correcting checksum (0xea)...
Done! Good luck!
@nilesr
Copy link

@nilesr nilesr commented Dec 19, 2016

I can try to cat /dev/mei0 and I get "no such device" as root...so I guess that's good?

On my system that I've never flashed before (I haven't used me_cleaner yet) I get the same message when trying to read from /dev/mei0. It does not mean that the ME is disabled

@n1zzo
Copy link

@n1zzo n1zzo commented Dec 19, 2016

Working on

  • Intel Core i5 2520M
  • Sandy Bridge
  • Dell Latitude e6220
  • OEM BIOS
  • ffe60d8

MEI is no more present in lspci output.
However, the ethernet card does not show up anymore on "ip a" output.

dmesg says:

e1000e: Intel(R) PRO/1000 Network Driver - 3.2.6-k
e1000e: Copyright(c) 1999 - 2015 Intel Corporation.
e1000e 0000:00:19.0: Interrupt Throttling Rate (ints/sec) set to dynamic conservative mode
e1000e: probe of 0000:00:19.0 failed with error -e

The problem seems identical to the one reported by this user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/984404
and as he suggests just rebooting the machine temporarily fixes the problem.
When a power cycle is performed again (power off+power on) the ethernet
card is gone again.

This is the related bug on the ubuntu kernel bug tracker:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1576953

@citypw
Copy link

@citypw citypw commented Dec 20, 2016

Working on:

  • Intel Core i7-3770
  • IvyBridge
  • Motherboard: GA-B75M-D3V
  • OEM BIOS and Coreboot
  • ffe60d8f

OEM BIOS: MEI device has disappeared from the PCI bus.
Coreboot: MEI device won't go away and confirmed that ME is broken:

**Bad news, you have a B75 Express Chipset LPC Controller so you have ME hardware on board and you can't control or disable it, continuing...

MEI not hidden on PCI, checking if visible
MEI found: [8086:1e3a] 7 Series/C210 Series Chipset Family MEI Controller #1

ME Status : 0x304181
ME Status 2 : 0x153b0160

ME: FW Partition Table : OK
ME: Bringup Loader Failure : NO
ME: Firmware Init Complete : NO
ME: Manufacturing Mode : NO
ME: Boot Options Present : NO
ME: Update In Progress : NO
ME: Current Working State : Initializing
ME: Current Operation State : Bring up
ME: Current Operation Mode : Normal
ME: Error Code : Debug Failure
ME: Progress Phase : BUP Phase
ME: Power Management Event : Intel ME reset due to exception
ME: Progress Phase State : 0x3b

ME: Extend Register not valid

ME: has a broken implementation on your board with this BIOS
ME: failed to become ready
ME: failed to become ready
ME: GET FW VERSION message failed
ME: failed to become ready
ME: failed to become ready
ME: GET FWCAPS message failed
**

@citypw
Copy link

@citypw citypw commented Dec 24, 2016

Working on:

  • Intel Core i3-2370m
  • SandyBridge
  • Motherboard: Thinkpad x220i
  • OEM BIOS and Coreboot
  • ffe60d8f

MEI device has disappeared from the PCI bus.

@persmule
Copy link

@persmule persmule commented Dec 24, 2016

Working on:

  • Intel Core i7-3770T
  • IvyBridge
  • Motherboard: GA-B75M-D3H
  • Coreboot
  • ffe60d8

Sadly I failed to extract a valid OEM BIOS image this time. MEI device has disappeared from the PCI bus initially, but after programming back from the scheme below the MEI reappears and keeps present. ME is confirmed broken.
It seems whether ME remains present on desktop depends on the content of nvram.

@persmule
Copy link

@persmule persmule commented Dec 24, 2016

Working on:

  • Intel Core i7-3770T
  • IvyBridge
  • Motherboard: GA-B75M-D3H
  • Coreboot
  • ffe60d8
  • Neutralized ME from SnB/IvB laptop (e.g. samsung lumpy's ME image located at 3rdparty/blobs/mainboard/samsung/lumpy/me.bin, with ifd adjusted via modified layout file)

MEI device won't go away and confirmed that ME is broken, and integrated graphic card conpletely ceases to work, and goes away.

@ehmry
Copy link

@ehmry ehmry commented Dec 24, 2016

Works on:

  • Core i5-2520M
  • SandyBridge
  • Lenovo Thinkpad T420
  • OEM BIOS
  • ffe60d8
@jantatje
Copy link

@jantatje jantatje commented Dec 25, 2016

  • Intel Core i5-2520M
  • Lenovo Thinkpad X220
  • Coreboot-4.5
  • Seabios 1.9.3
  • ffe60d8
  • 1.5MiB Management Engine
  • SPI replaced with a 128mbit chip, IFD layout changed to span entire chip and give all remaining space to CBFS.

Everything works, but laptop hangs for ~15 seconds after suspend. I also updated coreboot, so not 100% sure this is me_cleaners fault. 100% working now.

@persmule
Copy link

@persmule persmule commented Dec 27, 2016

Works on:

  • Core i5-2520M
  • SandyBridge
  • Lenovo Thinkpad T420
  • Coreboot-4.5
  • Seagrub scheme from libreboot
  • 1.5MiB Management Engine
  • ffe60d8

MEI device has disappeared from the PCI bus. However, the ethernet card needs a warm reboot to be functional.

@persmule
Copy link

@persmule persmule commented Dec 28, 2016

Working on

  • Intel Core i3 2330M
  • Sandy Bridge
  • Dell Latitude e6220
  • OEM BIOS
  • ffe60d8

MEI is no more present in lspci output. However, the ethernet card needs a warm reboot to be functional.

@Kokokokoka
Copy link

@Kokokokoka Kokokokoka commented Dec 28, 2016

Working on:

  • T420
  • Intel core i7 3632qm
  • Ivy Bridge
  • Coreboot with seabios payload+windows
    screen goes blank after a while, running a background game app seems to help this somehow.
  • X220
  • Intel core i5 2540M
  • Sandy Bridge
  • Coreboot with linux payload+qubes, worked fine, don't remember the blank screen issue.
    using: 48deb6 on both laptops
@persmule
Copy link

@persmule persmule commented Dec 28, 2016

Working on

  • Intel Core i5 2520M
  • Sandy Bridge
  • HP EliteBook 8460P
  • OEM BIOS
  • ffe60d8

MEI is no more present in lspci output. However, the ethernet card needs a warm reboot to be functional.

@JohnnyLeone
Copy link

@JohnnyLeone JohnnyLeone commented Dec 31, 2016

Working on

  • Intel Core i5 3320M
  • Ivy Bridge
  • Lenovo Thinkpad X230
  • Coreboot
  • ffe60d8
@al3xtjames
Copy link

@al3xtjames al3xtjames commented Jan 2, 2017

Working on:

  • Intel Core i5-3570K (Ivy Bridge)
  • Gigabyte GA-Z77X-UD5H
  • coreboot with TianoCore UEFI payload
  • ffe60d8

The MEI Controller device still appears in lspci. I am unsure of the status of the Intel 82579V Ethernet controller, as I haven't gotten it to work yet (e1000e: probe of 0000:00:19.0 failed with error -3; this remains the same with normal ME or cleaned ME). The ME appears to have been disabled:

[   19.881125] mei_me 0000:00:16.0: wait hw ready failed
[   19.881131] mei_me 0000:00:16.0: hw_start failed ret = -62
[   19.881144] mei_me 0000:00:16.0: H_RST is set = 0x80000015
[   21.929169] mei_me 0000:00:16.0: wait hw ready failed
[   21.929175] mei_me 0000:00:16.0: hw_start failed ret = -62
[   21.929188] mei_me 0000:00:16.0: H_RST is set = 0x80000015
[   23.977227] mei_me 0000:00:16.0: wait hw ready failed
[   23.977233] mei_me 0000:00:16.0: hw_start failed ret = -62
[   23.977236] mei_me 0000:00:16.0: reset: reached maximal consecutive resets: disabling the device
[   23.977238] mei_me 0000:00:16.0: reset failed ret = -19
[   23.977239] mei_me 0000:00:16.0: link layer initialization failed.
[   23.977241] mei_me 0000:00:16.0: init hw failure.
[   23.977366] mei_me 0000:00:16.0: initialization failed.
Bad news, you have a `Z77 Express Chipset LPC Controller` so you have ME hardware on board and it is very difficult to remove, continuing...
RCBA at 0xfed1c000
MEI not hidden on PCI, checking if visible
MEI found: [8086:1e3a] 7 Series/C216 Chipset Family MEI Controller #1

ME Status   : 0x4181
ME Status 2 : 0x163b0160

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : NO
ME: Manufacturing Mode      : NO
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Initializing
ME: Current Operation State : Bring up
ME: Current Operation Mode  : Normal
ME: Error Code              : Debug Failure
ME: Progress Phase          : BUP Phase
ME: Power Management Event  : Pseudo-global reset
ME: Progress Phase State    : 0x3b

PCI READ [bc] : 0x000000bc
ME: Extend Register not valid

ME has a broken implementation on your board with this BIOS
ME: failed to become ready
WRITE    [00] : CB: 0x80040007
WRITE    [00] : CB: 0x000002ff
ME: failed to become ready
ME: GET FW VERSION message failed
ME: failed to become ready
WRITE    [00] : CB: 0x80080007
WRITE    [00] : CB: 0x00000203
WRITE    [00] : CB: 0x00000000
ME: failed to become ready
ME: GET FWCAPS message failed
exiting
@persmule
Copy link

@persmule persmule commented Jan 6, 2017

Working on:

  • Intel Core i5-2520M
  • Sandy Bridge
  • Lenovo Thinkpad X220
  • Coreboot
  • 4e9fc2e

After the KERNEL module of ME is removed, the integrated NIC works after a COLD reboot now.

@Kokokokoka
Copy link

@Kokokokoka Kokokokoka commented Jan 6, 2017

  • Intel Core i5-2520M
  • Sandy Bridge
  • Lenovo Thinkpad X220 tablet
  • Coreboot
  • 4e9fc2e
@Eltiech
Copy link

@Eltiech Eltiech commented Nov 25, 2019

  • CPU architecture = Kaby Lake

  • CPU model = Intel Core i7 -7600U

  • Laptop/motherboard = Dell Latitude 7480, Specifically motherboard model CHXWXP

  • OEM BIOS or coreboot? = OEM Bios

Flags; -s works without issue, and -S works in certain circumstances with varying amounts of nonsense and whitelisting.

Having done certified repair work for Dell before, I started this out with the goal of bypassing the need for me_cleaner entirely. Modern Dell motherboards, when fresh from the factory/refurb-ory, provide the option to enable/disable the management engine, and set the service tag, on their first boot, after which it cannot be changed. My personal 7480, the main subject of my experiments, unfortunately was already locked into AMT Mode 1(enabled). See google image "dell internal use only", for that menu. But, with access to fresh motherboards at the time, I took the opportunity to do some experimenting.

Contrary to what I would have expected from reading, the IME configuration is NOT controlled solely by some one-time e-fuse. With a 7490 motherboard, which I took a BIOS dump of before and after setting the "internal use" settings. I found I could enable the ME, flash back to the "virgin" state, then disable it from that same service menu, repeatedly. While I didn't have the chance to fool around with a factory-fresh 7480 motherboard as extensively, they are almost identical in most respects, so I don't doubt that these discoveries apply to both models and probably many more modern ones.

Though I did have a virgin 7480 firmware dump as well, same model as my own, it turns out that virgin dumps from identical machines are NOT interchangeable. From what I can guess, this is due to the ME MFS partition Embedded Controller section containing some sort of imprinting. The virgin firmware(from an identical model) would not boot(LED flash code, bad CPU) on my 7480 UNLESS the HAP bit was set On first. Then, upon booting, I would be presented with the service menu, though the ME options would greyed-out with AMT Mode 6(Lockout).

Thus, the service menu option 6 may have been the HAP bit all along, I don't have fresh motherboards on which to test setting option 6 myself anymore. Option 3(ME Disabled) does not set the HAP bit, and instead disables the ME elsewhere, I assume in the MFS parition data. That plays a roll but also the EC is key.

EDIT/Update: After successfully re-virginizing the firmware, I chose 6 at the service menu. Turns out Mode 6 IS the HAP bit. Looks like Dell's been utilizing it since before it was discovered elsewhere.

So, once the ME is turned on via the service menu, it is difficult(maybe not impossible further research needed) to disable the ME again the "Dell Way" without a flash taken from that same machine prior to first setup.

If the ME has not been enabled OR disabled, such as in the case of the virgin dump, the machine stops caring that the MFS EC section came from a different dump IF the HAP bit is set, but the MFS still must be present. In this case, one can use -S and only must whitelist MFS. Through trial and error, I found that if it's already on, FTUP, PSVN, DLMP must also be whitelisted

Also worth noting is that the FPT table on the dell firmwares is kinda weird; some partition boundaries overlap subsequent partitions, making them invisible to UEFItool unless manually adjusted. Might be valid configuration, but UEFItool gets confused.

TL;DR:

If the ME has never been set(virgin motherboard) or perhaps if it's been dell-service-menu disabled, you can use:

me_cleaner.py -S -w MFS -O /tmp/7480-virgin-clean.bin ~/7480firmwares/7480-CHXWXP-virgin.bin

If the ME has already been turned on, you can use

me_cleaner.py -S -w MFS,FTUP,PSVN,DLMP -O /tmp/7480-MEprevOn-gutted.bin ~/7480firmwares/7480-CHXWXP-MEon.bin

In all instances the following should still work:

me_cleaner.py -s -O /tmp/whateverHAPonly.bin ~/7480firmwares/whatever.bin

I didn't document all my testing to the degree I now wish I had, so there may be some minor inaccuracies, but I hope this helps others. EDIT: Further trial and error and random partial substitutions of pieces from my various dumps reveal that the key to disabling is somewhere in the EC section of the firmware, not the MFS(though preserving that still seems to be important for me_cleaner). I sorta found an alternate way to renable disabling the ME the Dell way but it's very model specific.

@xrop
Copy link

@xrop xrop commented Dec 1, 2019

  • Kaby Lake R
  • Intel i5-8250U
  • XPS 9360
  • OEM BIOS
  • -S Flag
  • Devil's Canyon
  • Intel i5-4690K
  • ASRock Z97 Extreme 4
  • OEM BIOS
  • -S Flag
  • Kaby Lake R
  • The following three processors were tested on individual motherboards pertaining to the same model of laptop
          Intel i5-8250U
          Intel i7-8550U
          Intel i7-8650U w/ vPro
    
  • X1 Carbon 6th Generation
  • OEM BIOS
  • -S Flag

I am currently attempting me_cleaner on the latest XPS 7390 with the Intel i7-10710U.

@Ansuel
Copy link

@Ansuel Ansuel commented Dec 1, 2019

@xrop can i ask you how you are flashink the bios on dell xps ?

@darajnish
Copy link

@darajnish darajnish commented Dec 1, 2019

@xrop can i ask you how you are flashink the bios on dell xps ?

Hey, you may get a copy of dell xps service manual from dell product downloads by looking for the one for your dell xps model. Follow the service manual guide to disassemble your laptop.
Then, locate the flash chip ic and use a flash clip to connect it to a programmer and you can flash using flashrom.
That's all.
You can follow the Gentoo Wiki or this Wiki which guides specially for Dell PCs.

@Ansuel
Copy link

@Ansuel Ansuel commented Dec 1, 2019

@darajnish all clear and good... Only problem newer xps doesn't use spi chip anymore but soap-48 chip so we can't really use clip anymore...

@xrop
Copy link

@xrop xrop commented Dec 1, 2019

@Ansuel I used the Raspberry Pi 3 to interface with the Winbond 25Q64FVS10 (can be located according to this iFixit article, Step 14 https://www.ifixit.com/Teardown/Dell+XPS+13+Teardown/36157). I used an extremely narrow gauge copper wire - Something in the realm of 32-40 AWG, and manually soldered the wires to the leads on the SOAP-48 chip. Its definitely tedious, but possible. I used a fine tip soldering iron to flow a little extra solder onto the leads on the chip to begin with, then I placed the tip of the wire onto the lead, and made sure not to move the wires around.

@Espionage724
Copy link

@Espionage724 Espionage724 commented Dec 1, 2019

@xrop can i ask you how you are flashink the bios on dell xps ?

I had a XPS 13 a while back; the BIOS chip was a WSON package. I was able to use a regular SOIC clip to connect to it after bending the pins on the clip inward a bit. I have some pictures here.

@r0bi
Copy link

@r0bi r0bi commented Dec 11, 2019

Working on:

  • Intel Xeon CPU E5-2650 v3
  • Haswell
  • SuperMicro X10SRL-F
  • OEM latest firmware (3.1c)
  • with -S flag

(external flash, although board apparently able to self flash from other reports)

[root@localhost intelmetool]# ./intelmetool -m
MEI found: [8086:8d3a] C610/X99 series chipset MEI Controller #1

ME Status   : 0xf0382
ME Status 2 : 0x90403008

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : YES
ME: Manufacturing Mode      : NO
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Recovery
ME: Current Operation State : Bring up
ME: Current Operation Mode  : (null)
ME: Error Code              : No Error
ME: Progress Phase          : Moff->Mx wake after an error
ME: Power Management Event  : Clean Moff->Mx wake
ME: Progress Phase State    : Unknown 0x40

ME: Extend Register not valid

ME: timeout waiting for data: expected 8, available 6
ME: GET FW VERSION message failed

@zinyu
Copy link

@zinyu zinyu commented Dec 18, 2019

Working on:

  • Coffee Lake
  • Intel i5 8600k
  • Asrock Fatal1ty Z370 Gaming K6
  • OEM BIOS ver. 3.30
  • With -S flag

Flashed the bios via Raspberry Pi 3 and using the bios header(that you cant find in any of the manuals) under the bios chips with help from http://forum.asrock.com/forum_posts.asp?TID=9157&title=bios-ph1-header

Capture

@Patazerty
Copy link

@Patazerty Patazerty commented Dec 26, 2019

A while back I reported success with an external flasher on a Thinkpad T470s. I since upgraded the bios like usual (using the official bios from lenovo support website), ME was still disabled. However my T470s sometimes does not boot and bleeps at me. I just reboot it and it usually works just fine after. Turns out the bleeps actually means error code 0284 "TCG-Compliant functionality-related error (might be the BIOS code validation feature)". I can't tell for sure if this appeared after I upgraded the BIOS or not.
This does not bother me much but it could be useful for other users to know about this issue.

@jmacato
Copy link

@jmacato jmacato commented Jan 7, 2020

Works on:

  • Ivy Bridge
  • Core i7 3770K
  • ASUS Sabertooth Z77
  • OEM BIOS
  • Used the -S flag

Popped the SPI Flash Chip out of the mobo, used CH341A to dump and write the modified BIOS image.

@AlanMok1
Copy link

@AlanMok1 AlanMok1 commented Jan 20, 2020

Working on

  • Intel Core i7-4600M
  • Haswell
  • Lenovo ThinkPad T440p /w Nvidia GeForce GT 730M discrete graphic card
  • Lenovo BIOS v2.54
  • me_cleaner -Big S
  • Commit a994685

Verified all outputs of intelmetool -m OK after flashing.
/dev/mei disappeared in Debian 10.1 Live USB.
No "30mins shutdown" observed within the first 4hrs.

There are 2 SPI flash on this motherboard.
The 4MB flash holds UEFI firmware(BIOS) and can be easily reached by removing the bottom cover. NOT our target as it holds no ME content.
Another flash holds Intel ME and is 8MB size. The base cover and the keyboard bezel need to be dissembled before you can see this flash, see the Hardware Maintenance Manual for details. This IS our target.

I want to dedictate this machine for Windows 10 and install Nvidia proprietary driver on it so no Coreboot.

@l29ah
Copy link

@l29ah l29ah commented Jan 24, 2020

Works:
i7-8550U
51nb X210
OEM BIOS
No. Does -S do anything good?

Flashed with flashrom --programmer internal.

@CodeDragon5793
Copy link

@CodeDragon5793 CodeDragon5793 commented Feb 6, 2020

Lenovo ThinkPad T480

  • Intel Core i7 8550U
  • Kaby Lake Refresh
  • Lenovo ThinkPad T480
  • OEM BIOS
  • I used the -s flag. Only this one works on this machine. All other flags result in a bricked motherboard.

Using ./intelmetool -m results in an error Can't find ME PCI device. However, dumping the Intel ME image and testing that with me_cleaner.py -c <final_modified.bin> outputs the following:

Full image detected
Found FPT header at 0x3010
Found 13 partition(s)
Found FTPR header: FTPR partition spans from 0x1000 to 0x130000
Found FTPR manifest at 0x1478
ME/TXE firmware version 11.8.70.3626 (generation 3)
Public key match: Intel ME, firmware versions 11.x.x.x
The HAP bit is SET
Checking the FTPR RSA signature... VALID

Testing for 30 minute mark.

@manadart
Copy link

@manadart manadart commented Feb 15, 2020

Working here.

I used flashrom from another laptop via a cheap ch341a programmer.

  • Intel Core i7-4700MQ (Haswell)
  • Lenovo Thinkpad t440p
  • Modified OEM BIOS
  • Without flags
ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : NO
ME: Manufacturing Mode      : YES
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Recovery
ME: Current Operation State : M0 with UMA
ME: Current Operation Mode  : Normal
ME: Error Code              : Image Failure
ME: Progress Phase          : BUP Phase
ME: Power Management Event  : Clean Moff->Mx wake
ME: Progress Phase State    : M0 kernel load
@cosmopol
Copy link

@cosmopol cosmopol commented Feb 24, 2020

Haswell
Intel Xeon E3-1225v3
OEM motherboard HP Z230 (Intel C226 Chipset, Lynx Point)
OEM BIOS 01.62 Rev.A
me_cleaner -S flag

worked like a charm!

Update: How about renaming this project to 'firmware cleaner' etc. and next take on UEFI bloatware blobs like AbsoluteDriver/CompuTrace/LoJack and similar nonsense besides Intel Management Engine? They even seem to be cross-integrated in some cases. It still resides in the UEFI!

@cosmopol
Copy link

@cosmopol cosmopol commented Mar 7, 2020

Update 2:

here is a brief excerpt of the HP Z230 1.62a UEFI file blobs (UEFITool). So does ME_cleaner indirectly take this out as well or would it still have to be deleted? Could I simply remove the blobs and reflash or will I risk to damage the mainboard?

Text: HPComputracePrivateSrc
Subtype: DXE driver
File GUID: 8E4BE7B2-1FCD-4C42-B3C7-8C2C4039E111
Type: 07h
Attributes: 40h
Full size: 9B9h (2489)
Header size: 18h (24)
Body size: 9A1h (2465)
State: F8h
Header checksum: 6Eh
Data checksum: 2Eh

Text: AbsoluteDriver
Subtype: Application
File GUID: 1D45150C-4558-5DDD-232D-4C8C9AD5C429
Type: 09h
Attributes: 40h
Full size: 72EBh (29419)
Header size: 18h (24)
Body size: 72D3h (29395)
State: F8h
Header checksum: 7Ch
Data checksum: 20h

@czeej
Copy link

@czeej czeej commented Mar 22, 2020

So far my successes.
Works
Dell Latitude 6410 , -S works but get many dmsg spam. works with no disable and just removing modules. Bup seems to run and then the display does a funky line fade through to init.

  • intel 560,

Dell Latitude 7450, only soft disable working, Only module I found I could remove was NFTP. Bios may have it's own network stack. Recommend replacing Wifi card (notice it is hard to remove without full disassembly) Results may vary.

Dell Latitude 7440 soft disable only.

Works Acer Aspire 5820T

  • i 480m
  • S used

However, I bought used. Not sure if GPU Radeon 6550m worked before I flashed it. However, regardless first thing I did when I got it was pull it apart and run ME Cleaner. Turned bios to integrated GPU got black display. Had to roll back bios, lspci displays no GPU, will maybe try to reflash a working ME image from backup and see if GPU shows up.

All OEM bios.

@mostav02
Copy link

@mostav02 mostav02 commented Mar 24, 2020

Worked on:

  • Sandy Bridge
  • i7-2670QM
  • Asus N53 (N53SV)
  • OEM BIOS
  • Used without -s flag because flashed ME region via FPT / 43612a6

Used Flash Descriptor Security Override "HDA_SDO" to unlock ME for writing then dumped and flashed ME using fptw. There was no need of using an external programmer.

@garytinn
Copy link

@garytinn garytinn commented Apr 8, 2020

Worked on:

  • Sandy Bridge
  • i7-2640M
  • Dell Precision M4600
  • OEM BIOS
  • Used without -s flag on the ME region dumped via FPT; Used with -s flag on the Flash Descriptor region apart; 43612a6;

No external programmer is required and it's extremely easy to deblob those Precision models. You only need to remove the keyboard and locate the IDT 92HD90**** chip which is Intel HDAudio chip and short pins 1 and 5 in order to unlock the FD and ME regions during the power on. After you just dump the full SPI with Intel Flash Programming Tool (from Intel ME System Tools v7) and flash it back after playing with me_cleaner.

Images with chip location (click to expand)

Location of the chip under the keyboard

The IDT 92HD90**** and its pins that need to be shorted

Interesting facts about Dell BIOS updates for this one:

  • When enabled AltMeDisable, official Dell BIOS updates completely ignore ME firmware update!
  • When FD is unlocked the Dell BIOS updates won't lock the FD automatically, so it's safe to upgrade or downgrade BIOSes on the modified FD.
@mostav02
Copy link

@mostav02 mostav02 commented Apr 13, 2020

Working on:

  • Broadwell Mobile
  • i5-5300U
  • Dell Latitude E7450
  • OEM BIOS
  • Used with -s flash because Verified Boot is enabled

Working on:

  • Broadwell Mobile
  • i7-5600U
  • Dell Latitude E7250
  • OEM BIOS
  • Used with -s flash because Verified Boot is enabled

Working on:

  • Haswell
  • i5-4200U
  • Lenovo ThinkPad T440s
  • OEM BIOS
  • Used with -s flash because Verified Boot is enabled

All these worked using this method https://github.com/mostav02/Remove_IntelME_FPT/blob/master/README.md (Internal flashing via FPT)

@freedominside
Copy link

@freedominside freedominside commented Apr 25, 2020

Working on:

  • Intel Core i3-6006U
  • Skylake
  • Dell Inspiron 15 3567
  • OEM BIOS
  • -s flag

I used the internal flashing method described here. After shorting pin 1 and 5 of the sound chip (with a magnifying glass and thin cable) I could dump the bin, apply me_cleaner with -s and reflash it (I just wanted to set the disabling bit and seems safer because of verified boot). Traces from the management engine have disappeared in device manager, MEINFO -verbose reports CurrentState disabled and two error messages that communication with ME was not possible. Laptop works without problems.

@czeej
Copy link

@czeej czeej commented Apr 27, 2020

Working Dell Latitude 6440,

  • **Intel i5-4310M **

  • -S used

  • External Flash

Works, noticed OEM dell bios does not see GPU however, the linux system finds the GPU no problem. No issues with PAVP. Computrace I figure does not work in linux however, it's annoying to have in bios.
No noticable changed on boot. Boots EFI on minimal. Before flash I would sometimes have no trackpad on thorough boot. Only improvements after flashing, no side effects. :)

No ime interface in bios or lspci. Bios reports a blank field for version.

@nbr44
Copy link

@nbr44 nbr44 commented May 30, 2020

Working on

Intel Core i7-3520M
Thinkpad T530
Coreboot
-s used
External flash (with ch341a programmer)

@schattenpanzer
Copy link

@schattenpanzer schattenpanzer commented Jun 11, 2020

Working on:

  • Intel Core i7-6700k x86-64
  • ASUS Z170-AR motherboard
  • OEM BIOS, updated to v3801 prior to running me_cleaner
  • -S

external flash with ch341a usb programmer

@tezeta
Copy link

@tezeta tezeta commented Jul 5, 2020

Working on:

  • Surface Pro (1st gen)
  • Core i5-3317U CPU
  • Internal via flashrom
  • -S
  • 43612a6

Surprisingly, flashing internally worked fine, despite warnings about the SMM being locked down. TPM and Secure Boot were disabled in the BIOS prior to flashing - not sure if this matters.

MEI found: [8086:1e3a] 7 Series/C216 Chipset Family MEI Controller #1

ME Status   : 0x1e020191
ME Status 2 : 0x120a0140

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : NO
ME: Manufacturing Mode      : YES
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Initializing
ME: Current Operation State : Bring up
ME: Current Operation Mode  : Debug
ME: Error Code              : No Error
ME: Progress Phase          : BUP Phase
ME: Power Management Event  : Clean global reset
ME: Progress Phase State    : Check to see if straps say ME DISABLED

ME: Extend SHA-256: 1184469a774dddb5fc671a60339db09bc5441794ea02c5e1731bd1d83cda295e

ME: failed to become ready
ME: failed to become ready
ME: GET FW VERSION message failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
You can’t perform that action at this time.