Disable ME by setting HDA_SDO pin high?

corna / me_cleaner

Tool for partial deblobbing of Intel ME/TXE firmware images

GNU General Public License v3.0

4.49k stars 278 forks source link

Disable ME by setting HDA_SDO pin high? #135

Closed probonopd closed 6 years ago

probonopd commented 6 years ago

By searching around, I find references to disabling ME by setting the HDA_SDO pin high at boot, which is supposed to allow full SPI flashing. Does anyone have more information on/experience with this?

skochinsky commented 6 years ago

It works similar to HAP/AltMeDisable (ME checks the pin on startup and halts if it's high), except in addition it overrides all flash descriptor permissions (SDO=SPI Descriptor Override), giving the host (CPU) access to the full flash (including ME and descriptor regions).

probonopd commented 6 years ago

Thanks @skochinsky. Does this mean that by setting the HDA_SDO pin high at boot one can flash a new firmware from the running system using flashrom without having to access the flash chip's SPI lines physically?

corna commented 6 years ago

There may still be issues with flashrom (like the vendor firmware setting a restricted set of opcodes, different from the ones required by flashrom) but technically yes.