search

corna / me_cleaner

Tool for partial deblobbing of Intel ME/TXE firmware images
GNU General Public License v3.0
4.47k stars 278 forks source link

me_cleaner status #3

Open corna opened 7 years ago

corna commented 7 years ago

Please comment here if me_cleaner works on your device. If this tool does not work on your PC (or it does not behave as expected), don't comment here but open an issue instead. Specify:

Thanks

corna commented 7 years ago

Working on:

Working for more than a month now. Everything works perfectly, and the MEI device has disappeared from the PCI bus.

afics commented 7 years ago

I can confirm it works on the Lenovo Thinkpad X220, but coreboot then recognizes only one of my two 8GB RAM modules. I'm currently investigating.

philmb3487 commented 7 years ago

Hey there, I build and flashed an image of coreboot for my chromebook (C720p) running a Haswell 2955U.

There is no MEI entry in the lspci list. Not sure what other tests I can run to see the ME's state, open to running other tests, just tell me.

Passed the 30 minutes mark, seems to work. Thanks

f-izzo commented 7 years ago

Working on:

Everything works, the HECI (formerly MEI) device disapperars, a screen at boot notifies that the ME firmware is corrupted, but pressing F2 lets the boot continue. me_message_small

zamaudio commented 7 years ago

^^ Yes that's right, the experimental branch works on this board folks! No lzma modules!

simonepsp commented 7 years ago

Working on

tlaurion commented 7 years ago

Working on

ilikenwf commented 7 years ago

ASRock's bios packages are all in a proprietary format, but Windows based tools, specifically the UBU pack (http://www.win-raid.com/t154f16-Tool-Guide-News-quot-UEFI-BIOS-Updater-quot-UBU.html), allow them to be extracted and the firmware inside upgraded or downgraded. One may flash this modified file directly from the UEFI settings themselves, as it doesn't validate them.

It is unclear whether or not ME is properly disabled, as the kernel module loads but is not really usable, and the tools to check ME status segfault.

Removing extra partitions...
Removing extra partition entries in FPT...
Removing EFFS presence flag...
Reading FTPR modules list...
Wiping LZMA section (0xa7680 - 0xcf000)
 UPDATE: removed (0xa7680 - 0xa78aa)
 ROMP: removal of Huffman modules is not supported yet, skipping
 BUP: removal of Huffman modules is not supported yet, skipping
 KERNEL: removal of Huffman modules is not supported yet, skipping
 POLICY: removal of Huffman modules is not supported yet, skipping
 HOSTCOMM: removed (0xa78aa - 0xafbb5)
 TDT: removed (0xafbb5 - 0xb4f71)
 FPF: removed (0xb4f71 - 0xb6a77)
Correcting checksum (0xea)...
Done! Good luck!
ghost commented 7 years ago

BIOS file name must be same as Instant Flash bios name, or else instant flash in bios does not detect it. In this case, Z97Ex62.70

/dev/mei0 does not exist, intelmetool reports it doesnt support my system (maybe it doesn't?), mei/mei_me modules still required by some ASRock Intel ME pci listing

Of note, Intel's own "Intel® Management Engine Verification Utility" in windows is perpetually spinning, which I should have tested beforehand. Looks like that only works if your cpu supports vPro. Tested on another Intel based machine with ME still in bios.

But everything seems to be working properly so far.

Full image detected

The ME region goes from 0x3000 to 0x1fffff

Found FPT header at 0x3010

Found 20 partition(s)
ME firmware version 9.1.10.1000
Found FTPR header: FTPR partition spans from 0x4a000 to 0xd2000
Removing extra partitions...
Removing extra partition entries in FPT...
Removing EFFS presence flag...
Reading FTPR modules list...
Wiping LZMA section (0xaa680 - 0xd2000)
 UPDATE          : removed (0xaa680 - 0xaa8aa)
 ROMP            : removal of Huffman modules is not supported yet, skipping
 BUP             : removal of Huffman modules is not supported yet, skipping
 KERNEL          : removal of Huffman modules is not supported yet, skipping
 POLICY          : removal of Huffman modules is not supported yet, skipping
 HOSTCOMM        : removed (0xaa8aa - 0xb2bb5)
 TDT             : removed (0xb2bb5 - 0xb7f71)
 FPF             : removed (0xb7f71 - 0xb9a77)
Correcting checksum (0xea)...
Done! Good luck!
nilesr commented 7 years ago

I can try to cat /dev/mei0 and I get "no such device" as root...so I guess that's good?

On my system that I've never flashed before (I haven't used me_cleaner yet) I get the same message when trying to read from /dev/mei0. It does not mean that the ME is disabled

n1zzo commented 7 years ago

Working on

MEI is no more present in lspci output. However, the ethernet card does not show up anymore on "ip a" output.

dmesg says:

e1000e: Intel(R) PRO/1000 Network Driver - 3.2.6-k
e1000e: Copyright(c) 1999 - 2015 Intel Corporation.
e1000e 0000:00:19.0: Interrupt Throttling Rate (ints/sec) set to dynamic conservative mode
e1000e: probe of 0000:00:19.0 failed with error -e

The problem seems identical to the one reported by this user: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/984404 and as he suggests just rebooting the machine temporarily fixes the problem. When a power cycle is performed again (power off+power on) the ethernet card is gone again.

This is the related bug on the ubuntu kernel bug tracker: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1576953

citypw commented 7 years ago

Working on:

OEM BIOS: MEI device has disappeared from the PCI bus. Coreboot: MEI device won't go away and confirmed that ME is broken:

**Bad news, you have a B75 Express Chipset LPC Controller so you have ME hardware on board and you can't control or disable it, continuing...

MEI not hidden on PCI, checking if visible MEI found: [8086:1e3a] 7 Series/C210 Series Chipset Family MEI Controller #1

ME Status : 0x304181 ME Status 2 : 0x153b0160

ME: FW Partition Table : OK ME: Bringup Loader Failure : NO ME: Firmware Init Complete : NO ME: Manufacturing Mode : NO ME: Boot Options Present : NO ME: Update In Progress : NO ME: Current Working State : Initializing ME: Current Operation State : Bring up ME: Current Operation Mode : Normal ME: Error Code : Debug Failure ME: Progress Phase : BUP Phase ME: Power Management Event : Intel ME reset due to exception ME: Progress Phase State : 0x3b

ME: Extend Register not valid

ME: has a broken implementation on your board with this BIOS ME: failed to become ready ME: failed to become ready ME: GET FW VERSION message failed ME: failed to become ready ME: failed to become ready ME: GET FWCAPS message failed **

citypw commented 7 years ago

Working on:

MEI device has disappeared from the PCI bus.

persmule commented 7 years ago

Working on:

Sadly I failed to extract a valid OEM BIOS image this time. MEI device has disappeared from the PCI bus initially, but after programming back from the scheme below the MEI reappears and keeps present. ME is confirmed broken. It seems whether ME remains present on desktop depends on the content of nvram.

persmule commented 7 years ago

Working on:

MEI device won't go away and confirmed that ME is broken, and integrated graphic card conpletely ceases to work, and goes away.

ehmry commented 7 years ago

Works on:

jantatje commented 7 years ago

Everything works, but laptop hangs for \~15 seconds after suspend. I also updated coreboot, so not 100% sure this is me_cleaners fault. 100% working now.

persmule commented 7 years ago

Works on:

MEI device has disappeared from the PCI bus. However, the ethernet card needs a warm reboot to be functional.

persmule commented 7 years ago

Working on

MEI is no more present in lspci output. However, the ethernet card needs a warm reboot to be functional.

Kokokokoka commented 7 years ago

Working on:

persmule commented 7 years ago

Working on

MEI is no more present in lspci output. However, the ethernet card needs a warm reboot to be functional.

JohnnyLeone commented 7 years ago

Working on

al3xtjames commented 7 years ago

Working on:

The MEI Controller device still appears in lspci. I am unsure of the status of the Intel 82579V Ethernet controller, as I haven't gotten it to work yet (e1000e: probe of 0000:00:19.0 failed with error -3; this remains the same with normal ME or cleaned ME). The ME appears to have been disabled:

[   19.881125] mei_me 0000:00:16.0: wait hw ready failed
[   19.881131] mei_me 0000:00:16.0: hw_start failed ret = -62
[   19.881144] mei_me 0000:00:16.0: H_RST is set = 0x80000015
[   21.929169] mei_me 0000:00:16.0: wait hw ready failed
[   21.929175] mei_me 0000:00:16.0: hw_start failed ret = -62
[   21.929188] mei_me 0000:00:16.0: H_RST is set = 0x80000015
[   23.977227] mei_me 0000:00:16.0: wait hw ready failed
[   23.977233] mei_me 0000:00:16.0: hw_start failed ret = -62
[   23.977236] mei_me 0000:00:16.0: reset: reached maximal consecutive resets: disabling the device
[   23.977238] mei_me 0000:00:16.0: reset failed ret = -19
[   23.977239] mei_me 0000:00:16.0: link layer initialization failed.
[   23.977241] mei_me 0000:00:16.0: init hw failure.
[   23.977366] mei_me 0000:00:16.0: initialization failed.
Bad news, you have a `Z77 Express Chipset LPC Controller` so you have ME hardware on board and it is very difficult to remove, continuing...
RCBA at 0xfed1c000
MEI not hidden on PCI, checking if visible
MEI found: [8086:1e3a] 7 Series/C216 Chipset Family MEI Controller #1

ME Status   : 0x4181
ME Status 2 : 0x163b0160

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : NO
ME: Manufacturing Mode      : NO
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Initializing
ME: Current Operation State : Bring up
ME: Current Operation Mode  : Normal
ME: Error Code              : Debug Failure
ME: Progress Phase          : BUP Phase
ME: Power Management Event  : Pseudo-global reset
ME: Progress Phase State    : 0x3b

PCI READ [bc] : 0x000000bc
ME: Extend Register not valid

ME has a broken implementation on your board with this BIOS
ME: failed to become ready
WRITE    [00] : CB: 0x80040007
WRITE    [00] : CB: 0x000002ff
ME: failed to become ready
ME: GET FW VERSION message failed
ME: failed to become ready
WRITE    [00] : CB: 0x80080007
WRITE    [00] : CB: 0x00000203
WRITE    [00] : CB: 0x00000000
ME: failed to become ready
ME: GET FWCAPS message failed
exiting
persmule commented 7 years ago

Working on:

After the KERNEL module of ME is removed, the integrated NIC works after a COLD reboot now.

Kokokokoka commented 7 years ago
cryptofuture commented 7 years ago
persmule commented 7 years ago

Working on:

After the KERNEL module of ME is removed, the integrated NIC works after a COLD reboot now.

drkhsh commented 7 years ago

Everything works perfectly for one day now!

citypw commented 7 years ago

Working on:

CSME HECI won't go away but ME is neutralized with no 30-minute-shutdown.

#lspci -vnnt
-[0000:00]-+-00.0  Intel Corporation Sky Lake Host Bridge/DRAM Registers [8086:1918]
           +-01.0-[01]--+-00.0  Advanced Micro Devices, Inc. [AMD/ATI] Tahiti XT [Radeon HD 7970/8970 OEM / R9 280X] [1002:6798]
           |            \-00.1  Advanced Micro Devices, Inc. [AMD/ATI] Tahiti XT HDMI Audio [Radeon HD 7970 Series] [1002:aaa0]
           +-13.0  Intel Corporation Sunrise Point-H Integrated Sensor Hub [8086:a135]
           +-14.0  Intel Corporation Sunrise Point-H USB 3.0 xHCI Controller [8086:a12f]
           +-14.2  Intel Corporation Sunrise Point-H Thermal subsystem [8086:a131]
           +-16.0  Intel Corporation Sunrise Point-H CSME HECI #1 [8086:a13a]
           +-16.1  Intel Corporation Sunrise Point-H CSME HECI #2 [8086:a13b]
           +-17.0  Intel Corporation Device [8086:a102]
           +-1c.0-[02]----00.0  Intel Corporation I210 Gigabit Network Connection [8086:1533]
           +-1c.5-[03]----00.0  Intel Corporation I210 Gigabit Network Connection [8086:1533]
           +-1f.0  Intel Corporation Sunrise Point-H LPC Controller [8086:a149]
           +-1f.2  Intel Corporation Sunrise Point-H PMC [8086:a121]
           +-1f.3  Intel Corporation Sunrise Point-H HD Audio [8086:a170]
           \-1f.4  Intel Corporation Sunrise Point-H SMBus [8086:a123]

#me_cleaner.py factory_p10s-m_ws.rom 
Full image detected
This image does not contains an ME firmware (NR = 0)

#ifdtool -x factory_p10s-m_ws.rom 
File factory_p10s-m_ws.rom is 16777216 bytes
  Flash Region 0 (Flash Descriptor): 00000000 - 00000fff 
  Flash Region 1 (BIOS): 00800000 - 00ffffff 
  Flash Region 2 (Intel ME): 00001000 - 007fffff 
  Flash Region 3 (GbE): 07fff000 - 00000fff (unused)
  Flash Region 4 (Platform Data): 07fff000 - 00000fff (unused)
  Flash Region 5 (Reserved): 07fff000 - 00000fff (unused)
  Flash Region 6 (Reserved): 07fff000 - 00000fff (unused)
  Flash Region 7 (Reserved): 07fff000 - 00000fff (unused)
  Flash Region 8 (EC): 07fff000 - 00000fff (unused)

#me_cleaner.py flashregion_2_intel_me.bin 
ME image detected
Found FPT header at 0x10
Found 15 partition(s)
ME firmware version 4.0.3.75
Found FTPR header: FTPR partition spans from 0xa000 to 0x6a000
Removing extra partitions...
Removing extra partition entries in FPT...
Removing EFFS presence flag...
Correcting checksum (0x3e)...
Modules removal in ME v11 or greater is not yet supported
Done! Good luck!

#intelmetool -s
Bad news, you have a `Sunrise Point-H CSME HECI #2` so you have ME hardware on board and it is very difficult to remove, continuing...
RCBA at 0x00000000
MEI not hidden on PCI, checking if visible
MEI found: [8086:a13b] Sunrise Point-H CSME HECI #2

ME Status   : 0x0
ME Status 2 : 0x0

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : NO
ME: Manufacturing Mode      : NO
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Reset
ME: Current Operation State : Preboot
ME: Current Operation Mode  : Normal
ME: Error Code              : No Error
ME: Progress Phase          : ROM Phase
ME: Power Management Event  : Clean Moff->Mx wake
ME: Progress Phase State    : BEGIN

PCI READ [bc] : 0x000000bc
ME: Extend Feature not present

ME seems okay on this board
ME: failed to become ready
WRITE    [00] : CB: 0x80040007
WRITE    [00] : CB: 0x000002ff
ME: failed to become ready
ME: GET FW VERSION message failed
ME: failed to become ready
WRITE    [00] : CB: 0x80080007
WRITE    [00] : CB: 0x00000203
WRITE    [00] : CB: 0x00000000
ME: failed to become ready
ME: GET FWCAPS message failed
exiting
mytbk commented 7 years ago

Working on:

Using the ME image from google/link, no issues found.

persmule commented 7 years ago

Working on:

MEI device has disappeared from the PCI bus initially, but after programming back from the scheme below the MEI reappears and keeps present. ME is confirmed broken with dmesg:

[ 5.578881] mei_me 0000:00:16.0: wait hw ready failed [ 5.578944] mei_me 0000:00:16.0: hw_start failed ret = -62 [ 5.579013] mei_me 0000:00:16.0: H_RST is set = 0x80000015 [ 7.594911] mei_me 0000:00:16.0: wait hw ready failed [ 7.594969] mei_me 0000:00:16.0: hw_start failed ret = -62 [ 7.595058] mei_me 0000:00:16.0: H_RST is set = 0x80000015 [ 9.610945] mei_me 0000:00:16.0: wait hw ready failed [ 9.611009] mei_me 0000:00:16.0: hw_start failed ret = -62 [ 9.611066] mei_me 0000:00:16.0: reset: reached maximal consecutive resets: disabling the device [ 9.611128] mei_me 0000:00:16.0: reset failed ret = -19 [ 9.611183] mei_me 0000:00:16.0: link layer initialization failed. [ 9.611240] mei_me 0000:00:16.0: init hw failure. [ 9.611449] mei_me 0000:00:16.0: initialization failed.

and #intelmetool -sd

Bad news, you have a HM65 Express Chipset Family LPC Controller so you have ME hardware on board and you can't control or disable it, continuing...

MEI not hidden on PCI, checking if visible MEI found: [8086:1c3a] 6 Series/C200 Series Chipset Family MEI ~�3

ME Status : 0x1e003052 ME Status 2 : 0x16320002

ME: FW Partition Table : OK ME: Bringup Loader Failure : NO ME: Firmware Init Complete : NO ME: Manufacturing Mode : YES ME: Boot Options Present : NO ME: Update In Progress : NO ME: Current Working State : Recovery ME: Current Operation State : M0 with UMA ME: Current Operation Mode : Normal ME: Error Code : Image Failure ME: Progress Phase : BUP Phase ME: Power Management Event : Pseudo-global reset ME: Progress Phase State : M0 kernel load

PCI READ [bc] : 0x000000bc ME: Extend SHA-256: da64ab79be833b0909c8a5d4214ba413744331d5e50f41bf3927fc53c0bf3b9b

ME: has a broken implementation on your board with this BIOS ME: failed to become ready WRITE [00] : CB: 0x80040007 WRITE [00] : CB: 0x000002ff ME: failed to become ready ME: GET FW VERSION message failed ME: failed to become ready WRITE [00] : CB: 0x80080007 WRITE [00] : CB: 0x00000203 WRITE [00] : CB: 0x00000000 ME: failed to become ready ME: GET FWCAPS message failed

persmule commented 7 years ago

Working on:

MEI device has disappeared from the PCI bus initially, but after programming back from the scheme below the MEI reappears and keeps present. ME is confirmed broken with dmesg:

[ 8.258125] mei_me 0000:00:16.0: wait hw ready failed [ 8.258178] mei_me 0000:00:16.0: hw_start failed ret = -62 [ 8.258232] mei_me 0000:00:16.0: H_RST is set = 0x80000015 [ 10.274168] mei_me 0000:00:16.0: wait hw ready failed [ 10.274217] mei_me 0000:00:16.0: hw_start failed ret = -62 [ 10.274268] mei_me 0000:00:16.0: H_RST is set = 0x80000015 [ 12.290189] mei_me 0000:00:16.0: wait hw ready failed [ 12.290238] mei_me 0000:00:16.0: hw_start failed ret = -62 [ 12.290271] mei_me 0000:00:16.0: reset: reached maximal consecutive resets: disabling the device [ 12.290318] mei_me 0000:00:16.0: reset failed ret = -19 [ 12.290347] mei_me 0000:00:16.0: link layer initialization failed. [ 12.290382] mei_me 0000:00:16.0: init hw failure. [ 12.290544] mei_me 0000:00:16.0: initialization failed.

and #intelmetool -sd

Bad news, you have a QM77 Express Chipset LPC Controller so you have ME hardware on board and you can't control or disable it, continuing...

MEI not hidden on PCI, checking if visible MEI found: [8086:1e3a] 8��z�

ME Status : 0x1e003052 ME Status 2 : 0x16320002

ME: FW Partition Table : OK ME: Bringup Loader Failure : NO ME: Firmware Init Complete : NO ME: Manufacturing Mode : YES ME: Boot Options Present : NO ME: Update In Progress : NO ME: Current Working State : Recovery ME: Current Operation State : M0 with UMA ME: Current Operation Mode : Normal ME: Error Code : Image Failure ME: Progress Phase : BUP Phase ME: Power Management Event : Pseudo-global reset ME: Progress Phase State : M0 kernel load

PCI READ [bc] : 0x000000bc ME: Extend SHA-256: da64ab79be833b0909c8a5d4214ba413744331d5e50f41bf3927fc53c0bf3b9b

ME: has a broken implementation on your board with this BIOS ME: failed to become ready WRITE [00] : CB: 0x80040007 WRITE [00] : CB: 0x000002ff ME: failed to become ready ME: GET FW VERSION message failed ME: failed to become ready WRITE [00] : CB: 0x80080007 WRITE [00] : CB: 0x00000203 WRITE [00] : CB: 0x00000000 ME: failed to become ready ME: GET FWCAPS message failed

9ary commented 7 years ago

Success

I tried patching the OEM firmware update and flashing it with the flashback feature, but that apparently didn't work. Ended up figuring out why flashrom wouldn't work (had to boot with iomem=relaxed), dumped, patched and flashed from userspace successfully. Not sure if flashback could have unprotected the ME section or if it's just not protected by default on my board.

No more /dev/mei0, no more ME in lspci, intelmetool from coreboot says it can't find the ME, system appears to work properly.

Edit: after more testing, it looks like some areas are write protected (they fail to erase), but flashrom is smart enough to leave them alone and rewrite only the parts that changed, and the ME section seems to be unprotected which is why I was successful in reflashing a patched dump.

XMP didn't work after the operation, I've flashed the latest BIOS update from Asus (was already running it though), and now it works just fine (update: memory OC functionality is completely lost after poweroff until the CMOS is cleared, with the Huffman modules in, it's working as intended). Not sure whether a simple CMOS reset would have helped with that or not, but the ME cleanup survived, which is a very good thing.

Edit 2: With this patch, I get the following output:

Bad news, you have a `Z77 Express Chipset LPC Controller` so you have ME hardware on board and you can't control or disable it, continuing...

MEI was hidden on PCI, now unlocked
MEI found: [8086:1e3a] 7 Series/C216 Chipset Family MEI Controller #1

ME Status   : 0x1e003052
ME Status 2 : 0x16320152

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : NO
ME: Manufacturing Mode      : YES
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Recovery
ME: Current Operation State : M0 with UMA
ME: Current Operation Mode  : Normal
ME: Error Code              : Image Failure
ME: Progress Phase          : BUP Phase
ME: Power Management Event  : Pseudo-global reset
ME: Progress Phase State    : M0 kernel load

ME: Extend SHA-256: 1184469a774dddb5fc671a60339db09bc5441794ea02c5e1731bd1d83cda295e

ME: has a broken implementation on your board with this BIOS
ME: failed to become ready
ME: failed to become ready
ME: GET FW VERSION message failed
ME: failed to become ready
ME: failed to become ready
ME: GET FWCAPS message failed
Re-hiding MEI device...done
nroach44 commented 7 years ago

All good (but it was run over an image that had previously been me_cleaned) (edit: no 30minute timeout either)

ME: FWS2: 0x164e0002
ME:  Bist in progress: 0x0
ME:  ICC Status      : 0x1
ME:  Invoke MEBx     : 0x0
ME:  CPU replaced    : 0x0
ME:  MBP ready       : 0x0
ME:  MFS failure     : 0x0
ME:  Warm reset req  : 0x0
ME:  CPU repl valid  : 0x0
ME:  (Reserved)      : 0x0
ME:  FW update req   : 0x0
ME:  (Reserved)      : 0x0
ME:  Current state   : 0x4e
ME:  Current PM event: 0x6
ME:  Progress code   : 0x1
Waited long enough, or CPU was not replaced, continue...
PASSED! Tell ME that DRAM is ready
ME: FWS2: 0x162c0002
ME:  Bist in progress: 0x0
ME:  ICC Status      : 0x1
ME:  Invoke MEBx     : 0x0
ME:  CPU replaced    : 0x0
ME:  MBP ready       : 0x0
ME:  MFS failure     : 0x0
ME:  Warm reset req  : 0x0
ME:  CPU repl valid  : 0x0
ME:  (Reserved)      : 0x0
ME:  FW update req   : 0x0
ME:  (Reserved)      : 0x0
ME:  Current state   : 0x2c
ME:  Current PM event: 0x6
ME:  Progress code   : 0x1
ME: Requested BIOS Action: Continue to boot
persmule commented 7 years ago

Working on:

MEI device won't go away and confirmed that ME is broken, and the machine survives beyond 30 minutes.

ilikenwf commented 7 years ago

Stripped and flashed, no issues.

lpereira commented 7 years ago

Working on:

mfc commented 7 years ago

working on:

htruong commented 7 years ago

Working on:

MEI device won't go away and confirmed that ME is broken, and the machine survives beyond 30 minutes.

corna commented 7 years ago

Working on:

gnustomp commented 7 years ago

Working on:

No Secure Boot or overclocking issues.

flacks commented 7 years ago

Working on:

Running me_cleaner on this machine is redundant, seeing as this board has a jumper to disable the ME. When set, all flash regions become unlocked, so I was able to write to the EEPROM without an external programmer.

protozone commented 7 years ago

It would be nice to know the trace that the jumper turns on/off. -:)

On Thu, Mar 16, 2017 at 1:28 PM, Jean Lucas notifications@github.com wrote:

Working on:

No issues. MEI not showing in lspci. This machine's particular motherboard has a jumper setting labelled ME disable. When set, all flash regions become unlocked, so I was able to write to the IC without an external programmer.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/corna/me_cleaner/issues/3#issuecomment-287181243, or mute the thread https://github.com/notifications/unsubscribe-auth/AZMhOuaeu1CmB-XsgN8c0GKqTWhpIhDOks5rmZtfgaJpZM4K-Q52 .

crat0z commented 7 years ago

@Kokokokoka, sorry to ask but have you got TPM/VT-d/SLAT on your X220 with Qubes installed and the new ME firmware? I have a T420s which has full Qubes hardware support that I want to try this on, but I still want full hardware support (which on Qubes requires TXT I believe..).

ghost commented 7 years ago

Working on:

Thanks for your work on this :)

eugenezastrogin commented 7 years ago

Seems to be working on:

Flashed from OEM F7 to me_cleaned BIOS image of F10b via UEFI settings, no SPI flasher used. Survived 30 minute, nothing in lspci, intelmetools -s returns:

MEI was hidden on PCI, now unlocked
MEI found: [8086:8c3a] 8 Series/C220 Series Chipset Family MEI Controller #1

ME Status   : 0x1e003052
ME Status 2 : 0x16322106

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : NO
ME: Manufacturing Mode      : YES
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Recovery
ME: Current Operation State : M0 with UMA
ME: Current Operation Mode  : Normal
ME: Error Code              : Image Failure
ME: Progress Phase          : BUP Phase
ME: Power Management Event  : Pseudo-global reset
ME: Progress Phase State    : M0 kernel load

ME: Extend SHA-256: 393ffb341d635e1b11e5f5d155496bfed996e7435a367e564740b8bb4038796a

ME: has a broken implementation on your board with this BIOS
ME: failed to become ready
ME: failed to become ready
ME: GET FW VERSION message failed
ME: failed to become ready
ME: failed to become ready
ME: GET FWCAPS message failed
Re-hiding MEI device...done

P.S. Update: Had to rollback because of this.

Works flawlessly with an -s option though, F10b BIOS! No issues with suspend anymore, intelmetools returns:


sudo intelmetool -s
MEI was hidden on PCI, now unlocked
MEI found: [8086:8c3a] 8 Series/C220 Series Chipset Family MEI Controller #1

ME Status   : 0x1e020191
ME Status 2 : 0x164d2106

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : NO
ME: Manufacturing Mode      : YES
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Initializing
ME: Current Operation State : Bring up
ME: Current Operation Mode  : Debug
ME: Error Code              : No Error
ME: Progress Phase          : BUP Phase
ME: Power Management Event  : Pseudo-global reset
ME: Progress Phase State    : 0x4d

ME: Extend SHA-256: 393ffb341d635e1b11e5f5d155496bfed996e7435a367e564740b8bb4038796a

ME: failed to become ready
ME: failed to become ready
ME: GET FW VERSION message failed
ME: failed to become ready
ME: failed to become ready
ME: GET FWCAPS message failed
Re-hiding MEI device...done
albsod commented 7 years ago

Working on:

Here is the me_cleaner output:

ME/TXE image detected
Found FPT header at 0x10
Found 19 partition(s)
Found FTPR header: FTPR partition spans from 0xcc000 to 0x142000
ME/TXE firmware version 7.1.20.1119
Removing extra partitions...
Removing extra partition entries in FPT...
Removing EFFS presence flag...
Correcting checksum (0xed)...
Reading FTPR modules list...
 UPDATE           (LZMA   , 0x1101c5 - 0x110257): removed
 BUP              (Huffman, fragmented data    ): NOT removed, essential
 KERNEL           (Huffman, fragmented data    ): removed
 POLICY           (Huffman, fragmented data    ): removed
 HOSTCOMM         (LZMA   , 0x110257 - 0x11580c): removed
 RSA              (LZMA   , 0x11580c - 0x11a2bd): removed
 CLS              (LZMA   , 0x11a2bd - 0x11eccf): removed
 TDT              (LZMA   , 0x11eccf - 0x124e7a): removed
 FTCS             (Huffman, fragmented data    ): removed
The ME minimum size should be 917504 bytes (0xe0000 bytes)
Checking FTPR RSA signature... VALID
Done! Good luck!

Working very well since a few days. The only issue I've noticed is that resume from suspend stopped to turn the LCD back on in Debian GNU/Linux 9. Since I switched directly from factory BIOS to Coreboot+Seabios (git master) with a cleaned ME I don't know which component caused the regression. I've worked around the issue by using pm-suspend --quirk-dpms-on together with acpid.

Update: I rebuilt coreboot without enabling "Support Intel PCI-e WiFi adapters" and have since no more resume-from-suspend issues.

Aglezabad commented 7 years ago

Using me_cleaner on a BIOS dump file and flashing it using Q-Flash utility (included on Gigabyte boards).

EDIT (2017-03-30): Possible issue: Removing ME disables Intel Turbo Boost. I can't get faster clock than 3.2 GHz on 100% system load. I think that it won't be a problem in my case (Unlocked multiplier).

EDIT (2017-04-02): Turbo Boost issue is not related with the result of me_cleaner. It's a Gigabyte UEFI bug.

Output intelmetool:

sudo ./intelmetool -s
Bad news, you have a `Z68 Express Chipset Family LPC Controller` so you have ME hardware on board and you can't control or disable it, continuing...

MEI was hidden on PCI, now unlocked
MEI found: [8086:1c3a] 6 Series/C200 Series Chipset Family MEI Controller #1

ME Status   : 0x1e003052
ME Status 2 : 0x16320142

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : NO
ME: Manufacturing Mode      : YES
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Recovery
ME: Current Operation State : M0 with UMA
ME: Current Operation Mode  : Normal
ME: Error Code              : Image Failure
ME: Progress Phase          : BUP Phase
ME: Power Management Event  : Pseudo-global reset
ME: Progress Phase State    : M0 kernel load

ME: Extend SHA-256: 909157238d4c57219f5d5ce4e3c6697bff1cc6546fe8eec7b7eed76768f25d59

ME: has a broken implementation on your board with this BIOS
ME: failed to become ready
ME: failed to become ready
ME: GET FW VERSION message failed
ME: failed to become ready
ME: failed to become ready
ME: GET FWCAPS message failed
Re-hiding MEI device...done
flacks commented 7 years ago

Working on:

nariox commented 7 years ago

Working on: