Software ME disable and HAP bit in BIOS setup

[miczyg1]

The problem you're addressing (if any) Proprietary components are controversial, there is a need for a way to disable ME.

Describe the solution you'd like Add an option to disable ME in the Dasharo setup.

Where is the value to a user, and who might that user be? The community desires an option to disable ME due to privacy concerns and not only that.

Describe alternatives you've considered None

Additional context None

[renehoj]

I'm very interested in this feature for the Z690 board.

If it is easier in terms of development, I think most people who want this feature are fine HAP being set in the bin file, and you need to flash the ME section to enable or disable ME.

[wessel-novacustom]

Dasharo users should know the difference between Intel ME disabled state and neutralised ME. We receive quite a lot of demands if we can neutralise Intel ME (which is not possible (yet)). If anyone reads this and believe that this is an important function for the future, please comment!

[Anth0rx]

I think being able to neutralize the Intel ME backdoor is of great importance. What has to be done in order to move forward regarding this task?

[angelocar]

I'd like to comment that I think it certainly be a very important function for Dasharo to either neutralise or at least disable Intel ME. Intel ME is an obscure system that has privileged access and thus presents very grave security and privacy issues. I pay Intel for their chips, but I don't want that to come with potential backdoors into my computer!

[mkopec]

Looks like somebody discovered the HAP location for newer ME versions: https://github.com/corna/me_cleaner/pull/384

[mkopec]

Did a quick test on NovaCustom NV4x with Dasharo v1.2.1, and it seems to work correctly. As expeted with TGL-U, disabling ME breaks suspend mode (prevents the CPU package from going into C-state C10, causing high power usage), but I imagine some users would accept that as a tradeoff

As for Z690, unfortunately that PR does not implement Alder Lake support.

[renehoj]

Yes, it doesn't work with the Z690 / ME v16

I tried it on the Z690 dump, and it just fails while processing the rom

[XutaxKamay]

If you're ready to make some tests and not afraid to potentially (very low risk I believe) damage your motherboard (flashing externally is crucial in case it doesn't boot), I can try to find the HAP bit for Intel ME 16 and add support to me_cleaner if you send me your BIOS, we can maybe figure this out.

We can talk about this in XMPP, IRC or anything.

[renehoj]

You can download my rom here https://drive.proton.me/urls/TJTSPK5960#8asKbIr7icmg

The external programming is a bit more difficult, I have a handheld wson test probe, but I need to completely disassemble my desktop PC to use it.

[XutaxKamay]

You can download my rom here https://drive.proton.me/urls/TJTSPK5960#8asKbIr7icmg

The external programming is a bit more difficult, I have a handheld wson test probe, but I need to completely disassemble my desktop PC to use it.

I see, sadly you would need to probably flash it around 10-20 times to be sure it's working. It seems that Intel ME 16 has changed again their structures compared to 15 (maybe not much), I'll try to figure that out.

Though once it's done, I'll send you a new BIOS ROM to test with, the idea to find it will be mostly simple if I'm allowed to say it legally, but I tested this method on my laptop before and it worked.

The problem will be later to find the real HAP bit location, which will need probably around 7-8 flashes, depends really on the location of the HAP bit offset so it can be used with me_cleaner this way.

[XutaxKamay]

This may work, if it doesn't or it doesn't boot, let me know, I'll try something different.

https://xutaxkamay.com/bios_test_hap.rom

Using XMPP (you can use Dino or Gajim) might be easier you can contact me at admin@xutaxkamay.com

[renehoj]

I assume I only need to flash the ifd section of the rom?, not having to flash the full 32 MB image would make it a lot easier.

I can try to flash it tomorrow when I get home from work.

[XutaxKamay]

I assume I only need to flash the ifd section of the rom?, not having to flash the full 32 MB image would make it a lot easier.

I can try to flash it tomorrow when I get home from work.

Yes you only need to flash the IFD region (0x1000 bytes at address 0). :)

I believe to have found for Intel ME 16, redownload the BIOS again, and tell me if it works.

[renehoj]

I wasn't able to read the ifd with the eprom programmer I have, which makes not want to try and flash the firmware, at least not until I found some way to recover in case it fails. I'm pretty sure flipping 0x1DE has already been tested, and it results in a boot loop.

The official flashrom says the ifd is skylake and 17mhz is the only valid frequency, and the dasharo flashrom doesn't support the ch341a_spi programmer I'm using.

[XutaxKamay]

I wasn't able to read the ifd with the eprom programmer I have, which makes not want to try and flash the firmware, at least not until I found some way to recover in case it fails. I'm pretty sure flipping 0x1DE has already been tested, and it results in a boot loop.

The official flashrom says the ifd is skylake and 17mhz is the only valid frequency, and the dasharo flashrom doesn't support the ch341a_spi programmer I'm using.

That's not what causes the boot loop I think, the boot loop is a different problem as dt-zero said on my pull request here: https://github.com/corna/me_cleaner/pull/384#issuecomment-1203320604

Basically your BIOS could have been signed and that's why it could boot loop.

If you can't externally program, there's indeed no safe way to do it. Sorry to say.

[renehoj]

This guy tried 0x1DE with the stock msi firmware https://github.com/corna/me_cleaner/pull/282#issuecomment-1089792641

But you could be right, and it could possibly work with coreboot firmware, but I do think this is a big maybe.

It did make me wonder if the stock firmware has some recovery option, it at least didn't seem like he bricked his motherboard and was able to just reflash the stock firmware.

[XutaxKamay]

This guy tried 0x1DE with the stock msi firmware corna/me_cleaner#282 (comment)

But you could be right, and it could possibly work with coreboot firmware, but I do think this is a big maybe.

It did make me wonder if the stock firmware has some recovery option, it at least didn't seem like he bricked his motherboard and was able to just reflash the stock firmware.

I didn't know it was found before, but if it boot loops, if you looked correctly on dt-zero post, even if boards mismatch, I highly believe that your BIOS has a self integrity mechanism In SMM to avoid evil-maid attacks/boot-kits.

If it just doesn't boot at all then yes in that case it might be the wrong offset and this is possible according to my research due to different chipsets or ME subversions apparently.

Usually desktop motherboards have a pin header which connects to SPI flash chip so that you can connect with a raspberrypi or something similar, it is probably not documented but it should be visible.

EDIT: If you plan to use the programmer you told me about, you can always try to build from upstream, they seem sometimes to have more updates.

[renehoj]

The Dasharo documentation explains how to connect to the flash using the pins on the motherboard, but for it to work, you need to solder a wire to pin 1 on the flash. I would prefer not having to solder the wire to the motherboard, the chip is the wson style and the solder pad is very small.

https://docs.dasharo.com/variants/msi_z690/development/#hardware-connection

There is also no way to know if a raspberry pie is going to have the same issue as the ch341a.

I did try using the latest git version of flashrom, it gave me the same error.

The Dasharo documentation says you need to define the spi speed when using an external programmer, I'll try that today and see if it makes a difference.

https://docs.dasharo.com/variants/msi_z690/recovery/

[wessel-novacustom]

Is it a WSON-8 BIOS chip? I successfully flashed one of our laptops with such a BIOS chip without soldering by using this clip and the ch341a programmer.

https://www.aliexpress.com/item/1005001830846980.html?spm=a2g0o.order_list.0.0.7fd91802wpld5n

(Version WSON 8x6 strengthen)

But I am not sure if that motherboard has a WSON-8 BIOS chip. Also, I am not sure if the particular BIOS chip is supported by flashrom.

[renehoj]

I'm using a similar test probe, and flashrom detects the chip. It says the chip type is experimental, but it seems to work.

My main issue is that hold the probe by hand for the full 32 MB flash is extremely difficult, for any chance of this to work I would need to fully disassemble the desktop system and take out the motherboard, and even then it would be difficult to hold the probe perfectly still for the full duration.

Flashing an 8 MB chip with the probe often takes me more than one try, but 32 MB make it exponentially more difficult to hold the probe for that long.

I was testing the ch341a with --ifd, and it was given me a warning that it couldn't read ifd. If I can read ifd I was hoping I would do something --ifd -i ifd to only flash the ifd region.

When I use --ifd it just says the chip looks like skylake, but it can't read the ifd at 17mhz, and that 17mhz is the only valid setting for skylake.

[wessel-novacustom]

I believe it's difficult because there are no 'pins' that keep the programmer clip on the right place?

With the clip I mentioned, I added another retaining clip and put something that weights a bit on that so that I didn't need to hold the clip with my hand. Admittedly, it was a pain to get it on the exact right place but it's feasible. If you would like, I can try again and send you a picture.

[renehoj]

I got it working, I was using --ifd -i ifd and not -i fd

Now I can read and write only the fd region without any issue.

I tried flipping 0x1DE, it seems to work, I can't see mei is /sys/class or with lsmod

I'll leave the system running for 30 min to see if the CPU locks.

[XutaxKamay]

. . . xD

Well let me know. It sounds good though.

[renehoj]

This is from my initial test running Linux/Ubuntu, the CPU didn't lock and mei is removed

In Qubes OS, I have iwlmei that is trying to use mei, but there is no device reference i /sys/class/mei and the onboard wifi is no longer working.

I personally don't use the onboard wifi, so I don't are about that issue, and everything else seems to be working.

[wessel-novacustom]

Looks good! I hope it is stable!

[dt-zero]

@renehoj Just to confirm, you are succeeding with flipping that 0x1DE bit on coreboot? Not OEM firmware?

I'm starting to lean on the side of this "boot loop" thing some people are experiencing is probably the result of some new validation in the OEM firmware. I don't necessarily mean the capsule signing, as that should not affect the PCH strap region where the HAP bit is located, but some other interaction from a UEFI driver.

[renehoj]

I have only tested with Dasharo/coreboot v1.0.0, I have not tested the MSI firmware, and I used an external programmer til update the fd region.

I don't know if it matters, but maybe the person who flashed the OEM firmware used the manufacture's tools to write the rom, maybe it doesn't work if you manipulate the bin file.

[renehoj]

Trying to suspend the system resulted in a critical crash.

The system fails to return from suspended state, forced reset result in red POST LED signal and there is no way to boot the system.

Only way to recover from this state, shorting the JBAT1 jumper on the motherboard to reset the cmos.

[XutaxKamay]

Trying to suspend the system resulted in a critical crash.

The system fails to return from suspended state, forced reset result in red POST LED signal and there is no way to boot the system.

Only way to recover from this state, shorting the JBAT1 jumper on the motherboard to reset the cmos.

That's sad to hear. Is it really related to HAP? Hmm, maybe a more convienient way to reset CMOS: keep the power button for more than 30 secs ? (some motherboards blink the LED when CMOS has been reset, just under the battery)

[renehoj]

Suspend works as expected without HAP set, I don't see how it wouldn't be related to setting HAP, but it could be the combination of running Dasharo with HAP set.

I tried most options I could think of, turning off the PC, unplug power cable and hold down power button, removing the graphics card, removing the memory, flashing the ROM to re-enabling IME, nothing worked.

Resetting the CMOS was what the way I was able to boot the system after suspend, which makes me think something gets corrupted. If this was just the HAP bit, I would assume that re-enabling IME would solve the issue, but it didn't.

At this point, I'm tempted to try and flash the MSI firmware just to see how it behaves, if it fails in the same way it would make it less like that Dasharo is part of the problem.

[XutaxKamay]

Suspend works as expected without HAP set, I don't see how it wouldn't be related to setting HAP, but it could be the combination of running Dasharo with HAP set.

I tried most options I could think of, turning off the PC, unplug power cable and hold down power button, removing the graphics card, removing the memory, flashing the ROM to re-enabling IME, nothing worked.

Resetting the CMOS was what the way I was able to boot the system after suspend, which makes me think something gets corrupted. If this was just the HAP bit, I would assume that re-enabling IME would solve the issue, but it didn't.

At this point, I'm tempted to try and flash the MSI firmware just to see how it behaves, if it fails in the same way it would make it less like that Dasharo is part of the problem.

I sadly don't really know but if you can test with MSI firmware it would be nice. (I also doubt Dasharo be the problem here, but just in case, cause suspend works correctly here)

However I think to reset CMOS you don't need to unplug everything, just keeping the power button is enough in most cases (with plugged power cable so that the motherboard can reset CMOS, though it maybe just doesn't work anymore that way but I have some older MSI motherboards and you can still do it with everything plugged which resets CMOS).

[pietrushnic]

Are we sure ME has nothing to do with S0ix? I assume S0ix is used on ADL for "S3"

[mkopec]

Are we sure ME has nothing to do with S0ix? I assume S0ix is used on ADL for "S3"

S3 is still supported in platforms with a separate PCH like ADL-S and some mobile chips. We use S3 exclusively on MSI Z690.

Disabling ME does indeed break S0ix as it was observed on TGL-U laptops (CPU won't go into package C-states deeper than C8)

[zirblazer]

Wouldn't that be potentially fixeable by making the Firmware not advertise support for S3 / Sleep via ACPI or something? Meaning that running with HAP Bit enabled should also involve some sane Firmware side settings to not use the now-broken features.

[renehoj]

The system also can't reboot if HAP is set, the red status LED turns on and the system never turns back on.

This happens both when I exit the bios settings and reboot the OS.

This can be fixed by powering off the system, and doesn't need the CMOS to be reset.

[renehoj]

I found a solution to the MSI firmware boot loop, before setting HAP I disabled TPM and secure boot, and enabled CSM. I think the boot loop is because the MSI firmware has TPM enabled as default.

I couldn't test suspend, but reboot works with the MSI firmware, which makes me think suspend also would work.

[GoldenDawn]

I found a solution to the MSI firmware boot loop, before setting HAP I disabled TPM and secure boot, and enabled CSM. I think the boot loop is because the MSI firmware has TPM enabled as default.

I couldn't test suspend, but reboot works with the MSI firmware, which makes me think suspend also would work.

Hey, I have the same board as you, but am not successful in disabling ME. The board would bootloop without even the ability to go into bios. Luckily, I was able to get out of that situation with the flash button.

Did you do anything in particular to get it to work?

[renehoj]

I disabled TPM before patching the firmware, I also disabled secure boot and enabled CSM, but I don't know if this is needed.

Don't know how stable it will be, but it booted, ME was disabled, and reset worked. You probably need to be very careful if you change any bios settings, or you risk rebooting into the boot loop.

[mkopec]

Implemented in https://github.com/Dasharo/DasharoModulePkg/pull/6 and https://github.com/Dasharo/coreboot/pull/255:

Both soft-disable and HAP methods are supported.

[miczyg1]

Cool. Adding two more patches to keep PCIe 5.0 working if ME is disabled: https://review.coreboot.org/c/coreboot/+/68987 https://review.coreboot.org/c/coreboot/+/68988

[zirblazer]

Did you tested with suspend/sleep to make sure the board doesn't self-brick itself with ME disabled like prevously reported?

Anyways, congratulations on implementing a rather major feature.

[miczyg1]

If you suspend and cannot wake up, you will simply need to shutdown and power on back. I wouldn't call it a brick.

[renehoj]

In version 1.0.0 I needed to reset the CMOS to recover from suspend, you can't power on the system, I assume that is what they mean.

It didn't brick the system, but it made suspend impossible to use.

[miczyg1]

Understood. One has to deal with side-effects when enabling HAP. That's just how it is. Maybe if we debug where it hangs during resume, we would get some pointers if it is fixable.

[renehoj]

I was having similar issues with both reboot and suspend, there was no way to power on the system without resetting the CMOS. Shutdown was the only way I was sure I could turn the system back on.

When the system locks up, one of the red POST LEDs on the motherboard lights up.

I didn't do a lot of testing of the MSI firmware, but reboot seemed to work with HAP set, but the MSI firmware has other more critical issues with TPM and disabling ME.

[pietrushnic]

We definitely need Dasharo Community to test this feature. We can test to some extent, but we don't have budget for extensive test scope.

With your support, debug logs and communication on Dasharo Matrix Space we can improve this feature if it needs more love.

[phodina]

Hi I do have the Z690 board flashed with Dasharo Coreboot.

I can definitely participate in order to verify the disabling of ME.

I'll just need to backup my machine and read the notes how to do this. I have external HW programmer and Pomona clip or Pogo pins (not sure if it will be aplicable to this package).

Is there something I should be aware of and definitely not do?

What logs or support do you need to be stored and shared?

[XutaxKamay]

If you have an external programmer in case of a brick, you should be fine in most cases.

For the soft-disable and HAP, try to use MEInfo (Intel System Tools) that you can get here: https://winraid.level1techs.com/c/special-topics/intel-management-engine/24

and run ./MEInfo -FWSTS

On HAP, you should get either "Disabled" or "Alt Disabled" being prompted somewhere, or having an error that it can't find the MEI driver or something similar (Intel ME Interface should not be present anymore).

On soft-disable, you should get "Temporarily Disabled" if my memories are correct.

[pietrushnic]

@phodina thanks for joining group of brave people that flashed Dasharo. As always we are very interested know use cases of our community members to push project in correct direction. So what brought you to Dasharo and dealing with ME? Do you have specific use case or workload ? What other features would be most wanted features for you?

[phodina]

Intel System Tools

I'm familiar with this tool. Is the one you suggest tool for Windows? And does it mean it can be disabled from "userspace" - like just telling the kernel to write something at some memory address? No need for higher ring or doing it after boot? I'm not that familiar with Intel x86 boot flow after reset - more familiar with Trust Zone from ARM and these settings would be handled by SVC so unpriviliged insecure code can't modify it.