search

corna / me_cleaner

Tool for partial deblobbing of Intel ME/TXE firmware images
GNU General Public License v3.0
4.43k stars 275 forks source link

Running me_cleaner on Intense PC (Ivy Bridge) breaks SATA #119

Open halmartin opened 6 years ago

halmartin commented 6 years ago

I have run me_cleaner on the original UEFI firmware from CompuLab. The computer still boots, and intelmetool -s reports that the ME is disabled.

intelmetool with vendor firmware:

# ./intelmetool -s
Bad news, you have a `HM76 Express Chipset LPC Controller` so you have ME hardware on board and you can't control or disable it, continuing...

MEI found: [8086:1e3a] 7 Series/C216 Chipset Family MEI Controller #1

ME Status   : 0x4192
ME Status 2 : 0x1642015a

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : NO
ME: Manufacturing Mode      : YES
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Recovery
ME: Current Operation State : Bring up
ME: Current Operation Mode  : Normal
ME: Error Code              : Debug Failure
ME: Progress Phase          : BUP Phase
ME: Power Management Event  : Pseudo-global reset
ME: Progress Phase State    : 0x42

ME: Extend SHA-256: 6b831b4a9c0dd9630b2578792d3929d7b5560a4cb9b886b559572d1f2446c3d8

ME: has a broken implementation on your board withthis firmware
ME: failed to become ready
ME: failed to become ready
ME: GET FW VERSION message failed
ME: failed to become ready
ME: failed to become ready
ME: GET FWCAPS message failed

However without the ME firmware, the built-in SATA ports no longer function: no devices are detected by BIOS/coreboot, and devices plugged in after Linux has booted are unusable due to SATA link errors.

I also have coreboot working on this platform. Removing the ME firmware results in the same behaviour, the SATA controller seems to cease functioning. Removing the internal SATA hard drive and booting via a SATA to USB bridge is possible.

This doesn't seem to be a coreboot specific issue as it also affects the manufacturer's firmware.

The SATA controller is still present in lspci: 00:1f.2 SATA controller: Intel Corporation 7 Series Chipset Family 6-port SATA Controller [AHCI mode] (rev 04)

Running intelmetool -s with coreboot returns output identical to the output above (vendor firmware), except the following difference: ME Status 2 : 0x1642017a

Here is the coreboot output for the ME init process:

PCH type: HM76, device id: 1e59, rev id 4
Intel ME early init
Intel ME firmware is ready
ME: Requested 32MB UMA
Starting native Platform init
...
Done MRS commands
t123: 1767, 6000, 7620
ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : NO
ME: Manufacturing Mode      : YES
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Recovery
ME: Current Operation State : Bring up
ME: Current Operation Mode  : Normal
ME: Error Code              : Debug Failure
ME: Progress Phase          : BUP Phase
ME: Power Management Event  : Pseudo-global reset
ME: Progress Phase State    : 0x42
ME: HFS error : 4
ME: FWS2: 0x1642017a
ME:  Bist in progress: 0x0
ME:  ICC Status      : 0x1
ME:  Invoke MEBx     : 0x1
ME:  CPU replaced    : 0x1
ME:  MBP ready       : 0x1
ME:  MFS failure     : 0x1
ME:  Warm reset req  : 0x0
ME:  CPU repl valid  : 0x1
ME:  (Reserved)      : 0x0
ME:  FW update req   : 0x0
ME:  (Reserved)      : 0x0
ME:  Current state   : 0x42
ME:  Current PM event: 0x6
ME:  Progress code   : 0x1
Full training required
PASSED! Tell ME that DRAM is ready
ME: FWS2: 0x1642017a
ME:  Bist in progress: 0x0
ME:  ICC Status      : 0x1
ME:  Invoke MEBx     : 0x1
ME:  CPU replaced    : 0x1
ME:  MBP ready       : 0x1
ME:  MFS failure     : 0x1
ME:  Warm reset req  : 0x0
ME:  CPU repl valid  : 0x1
ME:  (Reserved)      : 0x0
ME:  FW update req   : 0x0
ME:  (Reserved)      : 0x0
ME:  Current state   : 0x42
ME:  Current PM event: 0x6
ME:  Progress code   : 0x1
ME: Requested BIOS Action: No DID Ack received
ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : NO
ME: Manufacturing Mode      : YES
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Recovery
ME: Current Operation State : Bring up
ME: Current Operation Mode  : Normal
ME: Error Code              : Debug Failure
ME: Progress Phase          : BUP Phase
ME: Power Management Event  : Pseudo-global reset
ME: Progress Phase State    : 0x42
...
TOUUD 0x27b600000 TOLUD 0x82a00000 TOM 0x200000000
MEBASE 0x1fe000000
IGD decoded, subtracting 32M UMA and 2M GTT

Plugging in a SATA hard drive once booted results in continuous error messages in dmesg:

[   82.600892] ata3: SATA link down (SStatus 0 SControl 310)
[   82.600912] ata3: EH complete
[   82.610573] ata3: exception Emask 0x10 SAct 0x0 SErr 0x4000000 action 0xe frozen
[   82.610584] ata3: irq_stat 0x00000040, connection status changed
[   82.610589] ata3: SError: { DevExch }
[   82.610602] ata3: limiting SATA link speed to 1.5 Gbps
[   82.610607] ata3: hard resetting link
[   83.320932] ata3: SATA link down (SStatus 0 SControl 310)
[   83.320950] ata3: EH complete
[   83.332394] ata3: exception Emask 0x10 SAct 0x0 SErr 0x4000000 action 0xe frozen
[   83.332403] ata3: irq_stat 0x00000040, connection status changed
[   83.332409] ata3: SError: { DevExch }
[   83.332421] ata3: limiting SATA link speed to 1.5 Gbps
[   83.332425] ata3: hard resetting link
[   84.045045] ata3: SATA link down (SStatus 0 SControl 310)
[   84.045064] ata3: EH complete
[   84.054296] ata3: exception Emask 0x10 SAct 0x0 SErr 0x4000000 action 0xe frozen
[   84.054307] ata3: irq_stat 0x00000040, connection status changed
[   84.054312] ata3: SError: { DevExch }
[   84.054325] ata3: limiting SATA link speed to 1.5 Gbps
[   84.054329] ata3: hard resetting link
...

The SATA device does not create a device node and is not usable with the ME firmware removed.

Here is the log from me_cleaner:

Full image detected
The ME/TXE region goes from 0x3000 to 0xd00000
Found FPT header at 0x3010
Found 23 partition(s)
Found FTPR header: FTPR partition spans from 0x183000 to 0x24d000
ME/TXE firmware version 8.1.51.1471
Removing extra partitions...
Removing extra partition entries in FPT...
Removing EFFS presence flag...
Correcting checksum (0xed)...
Reading FTPR modules list...
 UPDATE           (LZMA   , 0x1cf4e9 - 0x1cf6a7): removed
 ROMP             (Huffman, fragmented data    ): NOT removed, essential
 BUP              (Huffman, fragmented data    ): NOT removed, essential
 KERNEL           (Huffman, fragmented data    ): removed
 POLICY           (Huffman, fragmented data    ): removed
 HOSTCOMM         (LZMA   , 0x1cf6a7 - 0x1d642f): removed
 RSA              (LZMA   , 0x1d642f - 0x1db715): removed
 CLS              (LZMA   , 0x1db715 - 0x1e0eaa): removed
 TDT              (LZMA   , 0x1e0eaa - 0x1e75a0): removed
 FTCS             (Huffman, fragmented data    ): removed
 ClsPriv          (LZMA   , 0x1e75a0 - 0x1e7981): removed
 SESSMGR          (LZMA   , 0x1e7981 - 0x1f62ab): removed
The ME minimum size should be 1667072 bytes (0x197000 bytes)
The ME region can be reduced up to:
 00003000:00199fff me
Checking the FTPR RSA signature... VALID
Done! Good luck!

Any idea why removing the ME firmware would lead to the on board SATA ports no longer functioning?

Lunarequest commented 3 years ago

from what I understand in this case the device handles a some pci stuff. disabling ME will disable the init of the pci functionality which means the SATA ports which run of the pci stuff handled by the ME device should stop working.