search

corna / me_cleaner

Tool for partial deblobbing of Intel ME/TXE firmware images
GNU General Public License v3.0
4.43k stars 275 forks source link

TXE 4.x (intel N4100 celeron): help me_cleaner to find me_start entry point in fw #348

Open muellpi opened 3 years ago

muellpi commented 3 years ago

Hello, recently I had success cleaning some older intel fw systems and namely a newer intel I5-8250 desktop cpu, all with ME firmware and external SOIC flashing. But I had no success when appying me_cleaner to a TXE 4.x fw image from a N4100 celeron cpu. With surely active TXE image me_cleaner gave me this output:

Full image detected
The ME region in this image has already been disabled
The HAP bit is NOT SET
Reading partitions list...
Traceback (most recent call last):
  File "me_cleaner.py", line 772, in <module>
    for i in range(entries):
NameError: name 'entries' is not defined

After debugging me_cleaner.py a bit, I found, that it was not able to read or assemble the correct me_start and me_end region from fw header.

def flreg_to_start_end(flreg):
    return (flreg & 0x7fff) << 12, (flreg >> 4 & 0x7fff000 | 0xfff) + 1
...
-->
        f.seek(frba) #64 for me
        **flreg = unpack("<III", f.read(12))**
        ...
        me_start, me_end = flreg_to_start_end(**flreg[2]**)

While flreq[0] and flreg[1] seem to converge to some reasonable values, namely file descriptor start..end = 0..4096 bytes Bios 4096..6652k me bytes seem to be odd.

`In [1]: me_start Out[1]: 134213632

In [2]: me_end Out[2]: 4096 ` I am not sure if the fw layout changed and flreg[2] is not the right place to look for me region or if

return (flreg & 0x7fff) << 12, (flreg >> 4 & 0x7fff000 | 0xfff) + 1 is no more the right way to decode flreg[2].

I have two questions :

  1. Could someone give me a cue how to help me_cleaner to find my me region and allow it to proceed in wipe process ?

  2. could somebody explain me what these operations calculate ? return (flreg & 0x7fff) << 12, (flreg >> 4 & 0x7fff000 | 0xfff) + 1

In the meantime I managed to soft disable ME with coreboot ifdtool, but it would be nice to remove.

Some additional information:

hexeditor output of my fw header relevant first part:

okteta GD25LQ64_org.rom

Relevant 6 bytes for flreq :

0000:0060 | FF 7F 00 00 FF FF | ..ÿ.ÿ...ÿÿÿÿÿÿÿÿ

complete header: 

0000:0000 | 01 78 00 34  80 7A 00 7E  00 00 00 55  FF FF FF FF | .x.4.z.~...Uÿÿÿÿ
0000:0010 | 5A A5 F0 0F  03 00 04 00  08 02 10 17  00 00 00 00 | Z¥ð.............
0000:0020 | FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF | ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0000:0030 | F4 82 58 12  21 42 60 AD  B7 B9 C4 C7  FF FF FF FF | ô.X.!B`.·¹ÄÇÿÿÿÿ
0000:0040 | 00 00 00 00  01 00 7E 06  FF 7F 00 00  FF 7F 00 00 | ......~.ÿ...ÿ...
0000:0050 | FF 7F 00 00  7F 06 7F 07  FF 7F 00 00  FF 7F 00 00 | ÿ.......ÿ...ÿ...
0000:0060 | 80 07 FF 07  FF 7F 00 00  FF FF FF FF  FF FF FF FF | ..ÿ.ÿ...ÿÿÿÿÿÿÿÿ
0000:0070 | FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF | ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0000:0080 | 00 FF FF FF  00 FF FF FF  00 FF F7 7F  00 00 00 00 | .ÿÿÿ.ÿÿÿ.ÿ÷.....
0000:0090 | 00 FF FF FF  00 00 00 00  FF FF FF FF  FF FF FF FF | .ÿÿÿ....ÿÿÿÿÿÿÿÿ
0000:00A0 | FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF | ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0000:00B0 | FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF | ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0000:00C0 | FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF | ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0000:00D0 | FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF | ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0000:00E0 | FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF | ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0000:00F0 | FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF | ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0000:0100 | A1 00 00 00  00 00 FF 00  80 00 00 D8  65 06 00 00 | ¡.....ÿ....Øe...
0000:0110 | 00 00 00 00  04 03 60 00  00 00 50 00  12 00 00 00 | ......`...P.....
0000:0120 | 07 50 00 00  00 00 00 00  20 00 00 00  00 00 00 00 | .P...... .......
0000:0130 | 04 00 05 00  00 40 00 00  00 00 00 00  00 40 00 00 | .....@.......@..
0000:0140 | 00 00 00 00  00 00 00 00  00 F0 FF C3  09 C1 01 00 | .........ðÿÃ.Á..
0000:0150 | 00 00 00 00  00 00 00 00  00 00 00 00  FF FF FF FF | ............ÿÿÿÿ
0000:0160 | FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF | ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ

some ipython debugging


---------------------------------------------------------------------------
NameError                                 Traceback (most recent call last)
me_cleaner/me_cleaner.py in <module>()
    770                 whitelist += args.whitelist.split(",")
    771 
--> 772             for i in range(entries):
    773                 partition = partitions[i * 0x20:(i + 1) * 0x20]
    774                 flags = unpack("<I", partition[0x1c:0x20])[0]

NameError: name 'entries' is not defined

In [1]: me_start
Out[1]: 134213632

In [2]: me_end
Out[2]: 4096

In [3]: flreg
Out[3]: (0, 108920833, 32767)

In [4]: bios_start
Out[4]: 4096

In [5]: bios_end
Out[5]: 6811648

NameError: name 'magi0' is not defined

In [7]: magic0
Out[7]: '\x01x\x004'

In [8]: magic10
Out[8]: 'Z\xa5\xf0\x0f'

In [14]: flmap0
Out[14]: 262147

In [15]: flmap1
Out[15]: 386925064

In [16]: flmap2
Out[16]: 0

In [18]: frba
Out[18]: 64

In [19]: fmba
Out[19]: 128

In [20]: fisba
Out[20]: 256

In [21]: fmba
Out[21]: 128

In [22]: fmsba
Out[22]: 0

In [24]: fd_start
Out[24]: 0

In [25]: fd_end
Out[25]: 4096

In [26]: flreg
Out[26]: (0, 108920833, 32767)

In [27]: bios_start
Out[27]: 4096

In [28]: bios_end
Out[28]: 6811648

In [29]: bios_end/1024
Out[29]: 6652.0

In [30]: me_start
Out[30]: 134213632

In [31]: me_end
Out[31]: 4096

In [32]: me_start/1024
Out[32]: 131068.0

In [33]: fd_start
Out[33]: 0

In [34]: fd_end
Out[34]: 4096

In [35]: magic10
Out[35]: 'Z\xa5\xf0\x0f'

Output of MEAnalyser python tool:

python3.7 MEA.py -dfpt -skip GD25LQ64_org.rom
╔═══════════════════════════════════════════╗
║         ME Analyzer v1.185.0 r227         ║
╚═══════════════════════════════════════════╝
╔════════════════════════════════════════════════════════════════════════════════╗
║                        Boot Partition Descriptor Table                         ║
╟─────────────┬──────┬───────────┬──────────┬──────────┬──────────┬──────┬───────╢
║     Name    │ Type │ Partition │  Start   │   Size   │   End    │  ID  │ Empty ║
╟─────────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────┼───────╢
║     DLMP    │  09  │  Primary  │          │          │          │ 0000 │  True ║
╟─────────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────┼───────╢
║     UEPB    │  10  │  Primary  │ 0x001200 │ 0x000010 │ 0x001210 │ 0000 │ False ║
╟─────────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────┼───────╢
║    S-BPDT   │  05  │  Primary  │ 0x1A3000 │ 0x170000 │ 0x313000 │ 0000 │ False ║
╟─────────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────┼───────╢
║     OBBP    │  06  │ Secondary │ 0x1A4000 │ 0x034000 │ 0x1D8000 │ 0000 │ False ║
╟─────────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────┼───────╢
║     ISHC    │  08  │ Secondary │ 0x1D8000 │ 0x040000 │ 0x218000 │ 0001 │ False ║
╟─────────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────┼───────╢
║     NFTP    │  07  │ Secondary │ 0x218000 │ 0x0FB000 │ 0x313000 │ 0000 │ False ║
╟─────────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────┼───────╢
║     RBEP    │  01  │  Primary  │ 0x004000 │ 0x00A000 │ 0x00E000 │ 0000 │ False ║
╟─────────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────┼───────╢
║   UFS PHY   │  12  │  Primary  │          │          │          │ 0000 │  True ║
╟─────────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────┼───────╢
║ UFS GPP LUN │  13  │  Primary  │          │          │          │ 0000 │  True ║
╟─────────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────┼───────╢
║     FTPR    │  02  │  Primary  │ 0x01D000 │ 0x05F000 │ 0x07C000 │ 0000 │ False ║
╟─────────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────┼───────╢
║     UEP     │  17  │  Primary  │ 0x001210 │ 0x000108 │ 0x001318 │ 0000 │ False ║
╟─────────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────┼───────╢
║     SMIP    │  00  │  Primary  │ 0x002000 │ 0x002000 │ 0x004000 │ 0000 │ False ║
╟─────────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────┼───────╢
║     PMCP    │  14  │  Primary  │ 0x00E000 │ 0x00F000 │ 0x01D000 │ 0001 │ False ║
╟─────────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────┼───────╢
║     UCOD    │  03  │  Primary  │ 0x07C000 │ 0x013000 │ 0x08F000 │ 0000 │ False ║
╟─────────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────┼───────╢
║     IBBP    │  04  │  Primary  │ 0x08F000 │ 0x112000 │ 0x1A1000 │ 0000 │ False ║
╟─────────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────┼───────╢
║     UTOK    │  11  │  Primary  │ 0x1A1000 │ 0x002000 │ 0x1A3000 │ 0000 │  True ║
╚═════════════╧══════╧═══════════╧══════════╧══════════╧══════════╧══════╧═══════╝

╔════════════════════════════════════════════════════════════════════════════════╗
║                        Boot Partition Descriptor Table                         ║
╟─────────────┬──────┬───────────┬──────────┬──────────┬──────────┬──────┬───────╢
║     Name    │ Type │ Partition │  Start   │   Size   │   End    │  ID  │ Empty ║
╟─────────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────┼───────╢
║     DLMP    │  09  │  Primary  │          │          │          │ 0000 │  True ║
╟─────────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────┼───────╢
║     UEPB    │  10  │  Primary  │          │          │          │ 0000 │  True ║
╟─────────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────┼───────╢
║    S-BPDT   │  05  │  Primary  │ 0x340200 │ 0x33DE00 │ 0x67E000 │ 0000 │ False ║
╟─────────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────┼───────╢
║     OBBP    │  06  │ Secondary │ 0x341000 │ 0x33D000 │ 0x67E000 │ 0000 │ False ║
╟─────────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────┼───────╢
║     RBEP    │  01  │  Primary  │          │          │          │ 0000 │  True ║
╟─────────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────┼───────╢
║   UFS PHY   │  12  │  Primary  │          │          │          │ 0000 │  True ║
╟─────────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────┼───────╢
║ UFS GPP LUN │  13  │  Primary  │          │          │          │ 0000 │  True ║
╟─────────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────┼───────╢
║     FTPR    │  02  │  Primary  │          │          │          │ 0000 │  True ║
╟─────────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────┼───────╢
║     UEP     │  17  │  Primary  │          │          │          │ 0000 │  True ║
╚═════════════╧══════╧═══════════╧══════════╧══════════╧══════════╧══════╧═══════╝

╔═════════════════════════════════════════════════════════════════════════════╗
║                            Flash Partition Table                            ║
╟──────┬───────┬──────────┬──────────┬──────────┬──────┬──────┬───────┬───────╢
║ Name │ Owner │  Start   │   Size   │   End    │ Type │  ID  │ Valid │ Empty ║
╟──────┼───────┼──────────┼──────────┼──────────┼──────┼──────┼───────┼───────╢
║ PSVN │       │ 0x67F800 │ 0x000100 │ 0x67F900 │ Data │ 0000 │  True │ False ║
╟──────┼───────┼──────────┼──────────┼──────────┼──────┼──────┼───────┼───────╢
║ UEP  │       │ 0x680000 │ 0x002000 │ 0x682000 │ Data │ 0000 │  True │ False ║
╟──────┼───────┼──────────┼──────────┼──────────┼──────┼──────┼───────┼───────╢
║ DNXP │       │ 0x67F900 │ 0x000060 │ 0x67F960 │ Data │ 0000 │  True │ False ║
╟──────┼───────┼──────────┼──────────┼──────────┼──────┼──────┼───────┼───────╢
║ NVMS │       │ 0x67FA00 │ 0x000100 │ 0x67FB00 │ Data │ 0000 │  True │  True ║
╟──────┼───────┼──────────┼──────────┼──────────┼──────┼──────┼───────┼───────╢
║ IVBP │       │ 0x682000 │ 0x002000 │ 0x684000 │ Data │ 0000 │  True │ False ║
╟──────┼───────┼──────────┼──────────┼──────────┼──────┼──────┼───────┼───────╢
║ FLOG │       │ 0x684000 │ 0x001000 │ 0x685000 │ Data │ 0000 │  True │ False ║
╟──────┼───────┼──────────┼──────────┼──────────┼──────┼──────┼───────┼───────╢
║ UTOK │       │ 0x685000 │ 0x002000 │ 0x687000 │ Data │ 0000 │  True │ False ║
╟──────┼───────┼──────────┼──────────┼──────────┼──────┼──────┼───────┼───────╢
║ DVLC │       │ 0x687000 │ 0x002000 │ 0x689000 │ Data │ 0000 │  True │  True ║
╟──────┼───────┼──────────┼──────────┼──────────┼──────┼──────┼───────┼───────╢
║ AFSP │       │ 0x689000 │ 0x0F0000 │ 0x779000 │ Data │ 0000 │  True │ False ║
╚══════╧═══════╧══════════╧══════════╧══════════╧══════╧══════╧═══════╧═══════╝

╔═══════════════════════════════════════════╗
║           GD25LQ64_org.rom (3/1)          ║
╟─────────────────────────────┬─────────────╢
║            Family           │   CSE TXE   ║
╟─────────────────────────────┼─────────────╢
║           Version           │  4.0.0.1235 ║
╟─────────────────────────────┼─────────────╢
║           Release           │  Production ║
╟─────────────────────────────┼─────────────╢
║             Type            │  Extracted  ║
╟─────────────────────────────┼─────────────╢
║       Chipset Stepping      │      B      ║
╟─────────────────────────────┼─────────────╢
║ TCB Security Version Number │      1      ║
╟─────────────────────────────┼─────────────╢
║ ARB Security Version Number │      1      ║
╟─────────────────────────────┼─────────────╢
║    Version Control Number   │      1      ║
╟─────────────────────────────┼─────────────╢
║       Production Ready      │     Yes     ║
╟─────────────────────────────┼─────────────╢
║      OEM Configuration      │     Yes     ║
╟─────────────────────────────┼─────────────╢
║             Date            │  2017-09-25 ║
╟─────────────────────────────┼─────────────╢
║      File System State      │ Initialized ║
╟─────────────────────────────┼─────────────╢
║       Flash Image Tool      │  4.0.0.1235 ║
╟─────────────────────────────┼─────────────╢
║       Chipset Support       │     GLK     ║
╟─────────────────────────────┼─────────────╢
║            Latest           │      No     ║
╚═════════════════════════════╧═════════════╝
╔═══════════════════════════════════════════╗
║        Power Management Controller        ║
╟─────────────────────────────┬─────────────╢
║            Family           │     PMC     ║
╟─────────────────────────────┼─────────────╢
║           Version           │   0.1.0.0   ║
╟─────────────────────────────┼─────────────╢
║           Release           │  Production ║
╟─────────────────────────────┼─────────────╢
║             Type            │ Independent ║
╟─────────────────────────────┼─────────────╢
║       Chipset Stepping      │      B      ║
╟─────────────────────────────┼─────────────╢
║ TCB Security Version Number │      0      ║
╟─────────────────────────────┼─────────────╢
║ ARB Security Version Number │      0      ║
╟─────────────────────────────┼─────────────╢
║    Version Control Number   │      0      ║
╟─────────────────────────────┼─────────────╢
║       Production Ready      │      No     ║
╟─────────────────────────────┼─────────────╢
║             Date            │  2017-10-16 ║
╟─────────────────────────────┼─────────────╢
║             Size            │    0xF000   ║
╟─────────────────────────────┼─────────────╢
║       Chipset Support       │     GLK     ║
╚═════════════════════════════╧═════════════╝

Finally Output from coreboot ifdtool:

./ifdtool -d GD25LQ64_org.rom
File ./GD25LQ64_org.rom is 8388608 bytes
PCH Revision: Gemini Lake: N5xxx, J5xxx, N4xxx, J4xxx
FLMAP0:    0x00040003
  NR:      0
  FRBA:    0x40
  NC:      1
  FCBA:    0x30
FLMAP1:    0x17100208
  ISL:     0x17
  FPSBA:   0x100
  NM:      2
  FMBA:    0x80
FLMAP2:    0x00000000
  PSL:     0x0000
  FMSBA:   0x0
FLUMAP1:   0x000002df
  Intel ME VSCC Table Length (VTL):        2
  Intel ME VSCC Table Base Address (VTBA): 0x000df0

ME VSCC table:
  JID0:  0x0000471f
    SPI Component Vendor ID:            0x1f
    SPI Component Device ID 0:          0x47
    SPI Component Device ID 1:          0x00
  VSCC0: 0x20152015
    Lower Erase Opcode:                 0x20
    Lower Write Enable on Write Status: 0x06
    Lower Write Status Required:        No
    Lower Write Granularity:            64 bytes
    Lower Block / Sector Erase Size:    4KB
    Upper Erase Opcode:                 0x20
    Upper Write Enable on Write Status: 0x06
    Upper Write Status Required:        No
    Upper Write Granularity:            64 bytes
    Upper Block / Sector Erase Size:    4KB

OEM Section:
00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
10: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
20: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
30: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

Found Region Section
FLREG0:    0x00000000
  Flash Region 0 (Flash Descriptor): 00000000 - 00000fff 
FLREG1:    0x067e0001
  Flash Region 1 (BIOS): 00001000 - 0067efff 
FLREG2:    0x00007fff
  Flash Region 2 (Intel ME): 07fff000 - 00000fff (unused)
FLREG3:    0x00007fff
  Flash Region 3 (GbE): 07fff000 - 00000fff (unused)
FLREG4:    0x00007fff
  Flash Region 4 (Platform Data): 07fff000 - 00000fff (unused)
FLREG5:    0x077f067f
  Flash Region 5 (Reserved): 0067f000 - 0077ffff 
FLREG8:    0x07ff0780
  Flash Region 8 (EC): 00780000 - 007fffff 

Found Component Section
FLCOMP     0x125882f4
  Dual Output Fast Read Support:       not supported
  Read ID/Read Status Clock Frequency: 48MHz
  Write/Erase Clock Frequency:         48MHz
  Fast Read Clock Frequency:           48MHz
  Fast Read Support:                   supported
  Read Clock Frequency:                30MHz
  Component 2 Density:                 UNUSED
  Component 1 Density:                 8MB
FLILL      0xad604221
  Invalid Instruction 3: 0xad
  Invalid Instruction 2: 0x60
  Invalid Instruction 1: 0x42
  Invalid Instruction 0: 0x21
FLPB       0xc7c4b9b7
  Flash Partition Boundary Address: 0x9b7000

Found PCH Strap Section
PCHSTRP0  : 0x000000a1
PCHSTRP1  : 0x00ff0000
PCHSTRP2  : 0xd8000080
PCHSTRP3  : 0x00000665
PCHSTRP4  : 0x00000000
PCHSTRP5  : 0x00600304
PCHSTRP6  : 0x00500000
PCHSTRP7  : 0x00000012
PCHSTRP8  : 0x00005007
PCHSTRP9  : 0x00000000
PCHSTRP10 : 0x00000020
PCHSTRP11 : 0x00000000
PCHSTRP12 : 0x00050004
PCHSTRP13 : 0x00004000
PCHSTRP14 : 0x00000000
PCHSTRP15 : 0x00004000
PCHSTRP16 : 0x00000000
PCHSTRP17 : 0x00000000
PCHSTRP18 : 0xc3fff000
PCHSTRP19 : 0x0001c109
PCHSTRP20 : 0x00000000
PCHSTRP21 : 0x00000000
PCHSTRP22 : 0x00000000
PCHSTRP23 : 0xffffffff
PCHSTRP24 : 0xffffffff
PCHSTRP25 : 0xffffffff
PCHSTRP26 : 0xffffffff
PCHSTRP27 : 0xffffffff
PCHSTRP28 : 0xffffffff
PCHSTRP29 : 0xffffffff
PCHSTRP30 : 0xffffffff
PCHSTRP31 : 0xffffffff
PCHSTRP32 : 0xffffffff
PCHSTRP33 : 0xffffffff
PCHSTRP34 : 0xffffffff
PCHSTRP35 : 0xffffffff
PCHSTRP36 : 0xffffffff
PCHSTRP37 : 0xffffffff
PCHSTRP38 : 0xffffffff
PCHSTRP39 : 0xffffffff
PCHSTRP40 : 0xffffffff
PCHSTRP41 : 0xffffffff
PCHSTRP42 : 0xffffffff
PCHSTRP43 : 0xffffffff
PCHSTRP44 : 0xffffffff
PCHSTRP45 : 0xffffffff
PCHSTRP46 : 0xffffffff
PCHSTRP47 : 0xffffffff
PCHSTRP48 : 0xffffffff
PCHSTRP49 : 0xffffffff
PCHSTRP50 : 0xffffffff
PCHSTRP51 : 0xffffffff
PCHSTRP52 : 0xffffffff
PCHSTRP53 : 0xffffffff
PCHSTRP54 : 0xffffffff
PCHSTRP55 : 0xffffffff
PCHSTRP56 : 0xffffffff
PCHSTRP57 : 0xffffffff
PCHSTRP58 : 0xffffffff
PCHSTRP59 : 0xffffffff
PCHSTRP60 : 0xffffffff
PCHSTRP61 : 0xffffffff
PCHSTRP62 : 0xffffffff
PCHSTRP63 : 0xffffffff
PCHSTRP64 : 0xffffffff
PCHSTRP65 : 0xffffffff
PCHSTRP66 : 0xffffffff
PCHSTRP67 : 0xffffffff
PCHSTRP68 : 0xffffffff
PCHSTRP69 : 0xffffffff
PCHSTRP70 : 0xffffffff
PCHSTRP71 : 0xffffffff
PCHSTRP72 : 0xffffffff
PCHSTRP73 : 0xffffffff
PCHSTRP74 : 0xffffffff
PCHSTRP75 : 0xffffffff
PCHSTRP76 : 0xffffffff
PCHSTRP77 : 0xffffffff
PCHSTRP78 : 0xffffffff
PCHSTRP79 : 0xffffffff
PCHSTRP80 : 0xffffffff
PCHSTRP81 : 0xffffffff
PCHSTRP82 : 0xffffffff
PCHSTRP83 : 0xffffffff
PCHSTRP84 : 0xffffffff
PCHSTRP85 : 0xffffffff
PCHSTRP86 : 0xffffffff
PCHSTRP87 : 0xffffffff
PCHSTRP88 : 0xffffffff
PCHSTRP89 : 0xffffffff
PCHSTRP90 : 0xffffffff
PCHSTRP91 : 0xffffffff
HAP bit is not set

Found Master Section
FLMSTR1:   0xffffff00 (Host CPU/BIOS)
  EC Region Write Access:            enabled
  Platform Data Region Write Access: enabled
  GbE Region Write Access:           enabled
  Intel ME Region Write Access:      enabled
  Host CPU/BIOS Region Write Access: enabled
  Flash Descriptor Write Access:     enabled
  EC Region Read Access:             enabled
  Platform Data Region Read Access:  enabled
  GbE Region Read Access:            enabled
  Intel ME Region Read Access:       enabled
  Host CPU/BIOS Region Read Access:  enabled
  Flash Descriptor Read Access:      enabled
FLMSTR2:   0xffffff00 (Intel ME)
  EC Region Write Access:            enabled
  Platform Data Region Write Access: enabled
  GbE Region Write Access:           enabled
  Intel ME Region Write Access:      enabled
  Host CPU/BIOS Region Write Access: enabled
  Flash Descriptor Write Access:     enabled
  EC Region Read Access:             enabled
  Platform Data Region Read Access:  enabled
  GbE Region Read Access:            enabled
  Intel ME Region Read Access:       enabled
  Host CPU/BIOS Region Read Access:  enabled
  Flash Descriptor Read Access:      enabled
FLMSTR3:   0x7ff7ff00 (GbE)
  EC Region Write Access:            enabled
  Platform Data Region Write Access: enabled
  GbE Region Write Access:           enabled
  Intel ME Region Write Access:      enabled
  Host CPU/BIOS Region Write Access: enabled
  Flash Descriptor Write Access:     enabled
  EC Region Read Access:             enabled
  Platform Data Region Read Access:  enabled
  GbE Region Read Access:            enabled
  Intel ME Region Read Access:       enabled
  Host CPU/BIOS Region Read Access:  enabled
  Flash Descriptor Read Access:      enabled
FLMSTR5:   0xffffff00 (EC)
  EC Region Write Access:            enabled
  Platform Data Region Write Access: enabled
  GbE Region Write Access:           enabled
  Intel ME Region Write Access:      enabled
  Host CPU/BIOS Region Write Access: enabled
  Flash Descriptor Write Access:     enabled
  EC Region Read Access:             enabled
  Platform Data Region Read Access:  enabled
  GbE Region Read Access:            enabled
  Intel ME Region Read Access:       enabled
  Host CPU/BIOS Region Read Access:  enabled
  Flash Descriptor Read Access:      enabled
Found Processor Strap Section
????:      0x34007801
????:      0x7e007a80
????:      0x55000000
????:      0xffffffff
????:      0x0ff0a55a
????:      0x00040003
????:      0x17100208
????:      0x00000000
akront commented 2 years ago

I have the same issue on a system with TXE 4.x Gemini Lake, I managed to use FIT to decompress the TXE region and ran me_cleaner against that region and seems to work.

now how do I inject the TXE region into the full dump rom ?