Does internal oem bios flashing require Intel ME Region Write Access and Intel ME Region Read Access to be enabled?

corna / me_cleaner

Tool for partial deblobbing of Intel ME/TXE firmware images

GNU General Public License v3.0

4.49k stars 278 forks source link

Does internal oem bios flashing require Intel ME Region Write Access and Intel ME Region Read Access to be enabled? #145

Closed ghost closed 6 years ago

ghost commented 6 years ago

Me cleaner failed for me using oem bios flashing, but then I read the instructions to internal coreboot flashing and it says that these two settings need to be enabled for it work.

Is the same thing required for oem bios flashing? (Mine were disabled, so I'm guessing that's why it didn't work. :( )

By the way, this is the bios for the laptop I tried it on: http://www.dell.com/support/home/us/en/04/Drivers/DriversDetails?driverId=RM8PG

corna commented 6 years ago

Which settings?

If you mean the R/W access to the ME region: IIRC during the power on all the regions can be read/written freely, then the BIOS locks them and they can't be written anymore until the next boot. In this way the BIOS can freely write the updates and then lock the regions.

If you have the ME region locked you can only flash:

through the OEM BIOS (but it seems that it's not possible in your case, are the firmware updates signed?)
externally

ghost commented 6 years ago

OK thanks. Yea I've tried flashing the modified file through the OEM BIOS step, but what I seem to end up with is no different than the normal BIOS, even though the actual me_cleaner shrinking step gives me a "success," "good luck" message. I guess I'll try flashing it externally.