search

corna / me_cleaner

Tool for partial deblobbing of Intel ME/TXE firmware images
GNU General Public License v3.0
4.43k stars 275 forks source link

macbook pro 9,2 i5 3210m gen 3 #317

Closed 0rbadvent closed 4 years ago

0rbadvent commented 4 years ago

I am running Arch, was able to read firmware with flashrom no problem. Read and Write bits are enabled, checked everything with ifdtool and cleaned the rom. am I good to just flash this back internally?

I DO have chip clip and have used them on thinkpads, am i just being lazy or is this backup good? also will this mess with encrypted grub (lol no point with mei) nvram boot?

DMI: Apple Inc. MacBookPro9,2/Mac-6F01561E16C75D06, BIOS MBP91.88Z.00D3.B0E.1610201614 10/20/2016

File compare.bin is 8388608 bytes ICH Revision: 6 series Cougar Point FLMAP0: 0x02040003 NR: 2 FRBA: 0x40 NC: 1 FCBA: 0x30 FLMAP1: 0x12100206 ISL: 0x12 FPSBA: 0x100 NM: 2 FMBA: 0x60 FLMAP2: 0x00210120 PSL: 0x2101 FMSBA: 0x200 FLUMAP1: 0x00000adf Intel ME VSCC Table Length (VTL): 10 Intel ME VSCC Table Base Address (VTBA): 0x000df0

ME VSCC table: JID0: 0x0000471f SPI Componend Vendor ID: 0x1f SPI Componend Device ID 0: 0x47 SPI Componend Device ID 1: 0x00 VSCC0: 0x20152015 Lower Erase Opcode: 0x20 Lower Write Enable on Write Status: 0x06 Lower Write Status Required: No Lower Write Granularity: 64 bytes Lower Block / Sector Erase Size: 4KB Upper Erase Opcode: 0x20 Upper Write Enable on Write Status: 0x06 Upper Write Status Required: No Upper Write Granularity: 64 bytes Upper Block / Sector Erase Size: 4KB JID1: 0x001740ef SPI Componend Vendor ID: 0xef SPI Componend Device ID 0: 0x40 SPI Componend Device ID 1: 0x17 VSCC1: 0x20052005 Lower Erase Opcode: 0x20 Lower Write Enable on Write Status: 0x50 Lower Write Status Required: No Lower Write Granularity: 64 bytes Lower Block / Sector Erase Size: 4KB Upper Erase Opcode: 0x20 Upper Write Enable on Write Status: 0x50 Upper Write Status Required: No Upper Write Granularity: 64 bytes Upper Block / Sector Erase Size: 4KB JID2: 0x001720c2 SPI Componend Vendor ID: 0xc2 SPI Componend Device ID 0: 0x20 SPI Componend Device ID 1: 0x17 VSCC2: 0x20052005 Lower Erase Opcode: 0x20 Lower Write Enable on Write Status: 0x50 Lower Write Status Required: No Lower Write Granularity: 64 bytes Lower Block / Sector Erase Size: 4KB Upper Erase Opcode: 0x20 Upper Write Enable on Write Status: 0x50 Upper Write Status Required: No Upper Write Granularity: 64 bytes Upper Block / Sector Erase Size: 4KB JID3: 0x004b25bf SPI Componend Vendor ID: 0xbf SPI Componend Device ID 0: 0x25 SPI Componend Device ID 1: 0x4b VSCC3: 0x20092009 Lower Erase Opcode: 0x20 Lower Write Enable on Write Status: 0x50 Lower Write Status Required: Yes Lower Write Granularity: 1 bytes Lower Block / Sector Erase Size: 4KB Upper Erase Opcode: 0x20 Upper Write Enable on Write Status: 0x50 Upper Write Status Required: Yes Upper Write Granularity: 1 bytes Upper Block / Sector Erase Size: 4KB JID4: 0x0017ba20 SPI Componend Vendor ID: 0x20 SPI Componend Device ID 0: 0xba SPI Componend Device ID 1: 0x17 VSCC4: 0x20052005 Lower Erase Opcode: 0x20 Lower Write Enable on Write Status: 0x50 Lower Write Status Required: No Lower Write Granularity: 64 bytes Lower Block / Sector Erase Size: 4KB Upper Erase Opcode: 0x20 Upper Write Enable on Write Status: 0x50 Upper Write Status Required: No Upper Write Granularity: 64 bytes Upper Block / Sector Erase Size: 4KB

OEM Section: 00: 36 30 65 62 31 31 61 32 36 63 37 65 61 32 65 36 10: 62 62 66 38 36 34 30 38 36 36 38 65 32 65 36 37 20: 0a ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

Found Region Section FLREG0: 0x00000000 Flash Region 0 (Flash Descriptor): 00000000 - 00000fff FLREG1: 0x07ff0190 Flash Region 1 (BIOS): 00190000 - 007fffff FLREG2: 0x018f0001 Flash Region 2 (Intel ME): 00001000 - 0018ffff FLREG3: 0x00001fff Flash Region 3 (GbE): 00fff000 - 00000fff (unused) FLREG4: 0x00001fff Flash Region 4 (Platform Data): 00fff000 - 00000fff (unused)

Found Component Section FLCOMP 0x64900024 Dual Output Fast Read Support: supported Read ID/Read Status Clock Frequency: 50MHz Write/Erase Clock Frequency: 50MHz Fast Read Clock Frequency: 50MHz Fast Read Support: supported Read Clock Frequency: 20MHz Component 2 Density: 8MB Component 1 Density: 8MB FLILL 0x00000000 Invalid Instruction 3: 0x00 Invalid Instruction 2: 0x00 Invalid Instruction 1: 0x00 Invalid Instruction 0: 0x00 FLPB 0x00000000 Flash Partition Boundary Address: 0x000000

Found PCH Strap Section PCHSTRP0: 0x0820d682 PCHSTRP1: 0x0000010f PCHSTRP2: 0x00560000 PCHSTRP3: 0x00000000 PCHSTRP4: 0x00c8e000 PCHSTRP5: 0x00000000 PCHSTRP6: 0x00000000 PCHSTRP7: 0x00000000 PCHSTRP8: 0x00000000 PCHSTRP9: 0x30000580 PCHSTRP10: 0x00c10044 PCHSTRP11: 0x87000089 PCHSTRP12: 0x00000000 PCHSTRP13: 0x00000000 PCHSTRP14: 0x00000000 PCHSTRP15: 0x0000c33e PCHSTRP16: 0x00000000 PCHSTRP17: 0x00000002 AltMeDisable bit is not set

Found Master Section FLMSTR1: 0xffff0000 (Host CPU/BIOS) Platform Data Region Write Access: enabled GbE Region Write Access: enabled Intel ME Region Write Access: enabled Host CPU/BIOS Region Write Access: enabled Flash Descriptor Write Access: enabled Platform Data Region Read Access: enabled GbE Region Read Access: enabled Intel ME Region Read Access: enabled Host CPU/BIOS Region Read Access: enabled Flash Descriptor Read Access: enabled Requester ID: 0x0000

FLMSTR2: 0xffff0000 (Intel ME) Platform Data Region Write Access: enabled GbE Region Write Access: enabled Intel ME Region Write Access: enabled Host CPU/BIOS Region Write Access: enabled Flash Descriptor Write Access: enabled Platform Data Region Read Access: enabled GbE Region Read Access: enabled Intel ME Region Read Access: enabled Host CPU/BIOS Region Read Access: enabled Flash Descriptor Read Access: enabled Requester ID: 0x0000

FLMSTR3: 0xffff0118 (GbE) Platform Data Region Write Access: enabled GbE Region Write Access: enabled Intel ME Region Write Access: enabled Host CPU/BIOS Region Write Access: enabled Flash Descriptor Write Access: enabled Platform Data Region Read Access: enabled GbE Region Read Access: enabled Intel ME Region Read Access: enabled Host CPU/BIOS Region Read Access: enabled Flash Descriptor Read Access: enabled Requester ID: 0x0118

Found Processor Strap Section ????: 0x00000000 ????: 0xffffffff ????: 0xffffffff ????: 0xffffffff ????: 0xffffffff ????: 0xffffffff ????: 0xffffffff ????: 0xffffffff

should i be concerned about processor strap section???

========================= below is diff of ifdtool -d output on original and modified ME rom.

< File compare.bin is 8388608 bytes

File modified_bb.bin is 8388608 bytes 144c144 < PCHSTRP10: 0x00c10044

PCHSTRP10: 0x00c100c4 152c152 < AltMeDisable bit is not set

AltMeDisable bit is set

0rbadvent commented 4 years ago

also modify grub for iomem=relaxed before soft flashing?

0rbadvent commented 4 years ago

so i flashed this internal. PR0: Warning: 0x00190000-0x0066ffff is read-only. PR1: Warning: 0x00692000-0x01ffffff is read-only.

rebooted, read the new firmware with flashrom, running diff between the original firmware, the me_cleaned firmware and the firmware i flashed (me_cleaned.bin) gives me 3 files all different. so apparently it flashed part of the firmware?

please advise!

ME seems okay on this board ME: failed to become ready WRITE [00] : CB: 0x80040007 WRITE [00] : CB: 0x000002ff ME: failed to become ready ME: GET FW VERSION message failed ME: failed to become ready WRITE [00] : CB: 0x80080007 WRITE [00] : CB: 0x00000203 WRITE [00] : CB: 0x00000000 ME: failed to become ready ME: GET FWCAPS message failed Re-hiding MEI device...done, exiting

lsmod |grep mei results in no modules loaded... running for 30 mins

0rbadvent commented 4 years ago

running idftool -d on new firmware (read internally with flashrom) results in <"AltMeDisable bit is set" after diffing them 05:47:18 up 30 min, 1 user, load average: 0.14, 0.39, 0.45 success!