Clean ME (Intel Management Engine) v 4 - 6 #ME-03

byWayfinderGuide -

 

How To?:

Clean the Initialized DATA section within ME/TXE Regions


Management Engine 4 - 6



>> Watch on YouTube <<

NoteFlash image tools download links available at the end of this article.


Management Engine 4 - 6 :

In this section we have taken as an example a SPI/BIOS image dump of a model which comes with ME firmware version 9.1.x.xxxx and SKU 1.5MB. However, the same applies to ME 4 - 6 firmware.

1. From Intel Management Engine: Drivers, Firmware & System Tools 4.1k thread, make sure you have downloaded the correct System Tools package and extract it.

Start1_Pic.PNG


2. From Intel (CS)ME, CS(TXE), CS(SPS), PMC, PHY & PCHC Firmware Repositories 3.5k thread, make sure you have downloaded the correct Repository pack based on major/minor version and extract it.

Start2_Pic.PNG


3. Open the dumped SPI/BIOS image with ME Analyzer to see what major/minor version we need as well as SKU. In this case we have:

MEA_Pic.PNG


So our SPI/BIOS image dump has a ME 9.1 firmware with 1.5MB SKU.

4. Browse the Repository pack, copy the same (or as similar as possible) ME RGN firmware of the same SKU and major/minor version (as instructed above) somewhere and then rename it to "ME Region.bin". In this case:

Repo_Pic.PNG


So we pick the firmware file 9.1.25.1005_1.5MB_PRD_RGN which matches perfectly what we saw at ME Analyzer. If for example the dumped SPI/BIOS image had ME 9.1.37.1002, we would have picked ME 9.1.32.1002 instead because the one we wanted is EXTR and not RGN. Thus, we rename the "9.1.25.1005_1.5MB_PRD_RGN.bin" copy to "ME Region.bin".

5. From the System Tools folder, go to Flash Image Tool subfolder and run fitc.exe. Drag & drop the dumped SPI/BIOS image you want to clean. After it is done loading:

  • Go to Build > Build Settings... , untick the option to "Generate intermediate build files", leave all other settings intact and click OK.

    FITC4_Pic.PNG


  • If you are working on an Engine region only (extracted via Flash Programming Tool with "-me" parameter or via UEFITool > ME region > Extract as is...) and not a full SPI/BIOS image (Flash Descriptor + Engine + BIOS), go to "Flash Image > Descriptor Region > Descriptor Map" and set "Number of Flash Components" to "0".

    FITC4F_Pic.PNG


  • If you are working on ME 5 - 6, go to Flash Image > Configuration > "Features Supported" or "Intel Anti-Theft Technology" and set "Intel (R) Anti-Theft Technology Permanently Disabled?" to "Yes" or "Enable Intel Anti-Theft Technology" to "false". Intel Anti-Theft Technology has been EOL since January 2015 and can cause issues if left activated nowadays.

    FITC4C_Pic.PNG



    FITC4D_Pic.PNG


6. Keep the FITC window open. At the FITC folder there should now be a folder named after the inputted file, in this case it's named "Z97OCF1.80". Enter "Decomp" subfolder. There should be a number of files there (BIOS Region, Flash Descriptor, OEM Region etc) including a "ME Region.bin" file. Take the previous "ME Region.bin" file you saved at step 4 and copy it where the current "ME Region.bin" file is, effectively replacing it.

FITC5_Pic.PNG


7. Go to the already open FITC window, click the "Build Image" icon (or "Build > Build Image") and it should complete successfully.

FITC7_Pic.PNG


8. At the FITC folder you should now see a file named "outimage.bin" which is the dumped full SPI/BIOS (or ME) image with an Engine region which has a Configured DATA section without any unneeded "Initialization" information stored.

End_Pic.PNG


9. Now, you need to verify that the resulting image has the same configured DATA settings as the imported one.

  • Remove any leftover temporary files from FITC's directory (folders, fitc.ini, fitc.log). Run FITC and drag & drop the output file. Go to "File > Save As" and save the configuration xml file with a descriptive name such as "after.xml". Afterwards, close the FITC window. Repeat this step for the original image and you should end up with two configuration xml files, in this case they are named "before.xml" and "after.xml". Open these two files in any comparison tool that supports XML and check for any differences. All settings should be identical apart from "InputFile" fields and possibly Intel Anti-Theft related ones such as "SmBusMctpAddrEn", "SmBusMctpAddr" & "ATPerm", if those required changes at step 5.

    XML0_Pic.PNG



    XML1_Pic.PNG



    XML2_Pic.PNG


  • If you are working on ME 6, remove any leftover temporary files from FITC's directory (folders, fitc.ini, fitc.log, before.xml, after.xml etc). Run FITC and drag & drop the output file. Rename the file "ConfigParams.txt" to "before.txt" and close FITC. Run FITC and drag & drop the original file. Rename the file "ConfigParams.txt" to "after.txt" and close FITC. You should end up with two configuration txt files, in this case they are named "before.txt" and "after.txt". Open these two files in any comparison tool and check for any differences. All settings should be identical apart from any Intel Anti-Theft related ones, if those required changes at step 5.

  • If you are working on ME 4 - 5, remove any leftover temporary files from FITC's directory (folders, fitc.ini, fitc.log, before.xml, after.xml etc). Run FITC, drag & drop the output file and close it. Run FITC, drag & drop the original file and close it. At the FITC folder there should now be two folders named after the inputted files. At each input file folder, enter "Decomp" subfolder, copy "Configuration.txt" (ME 5) or "NVARs.txt" (ME 4) file and rename them to "before.txt" and "after.txt" respectively. You should end up with two configuration txt files, in this case they are named "before.txt" and "after.txt". Open these two files in any comparison tool and check for any differences. All settings should be identical apart from any Intel Anti-Theft related ones, if those required changes at step 5.

  • Import the output file to ME Analyzer and check if the Major/Minor versions & SKU are the same as before. Also, make sure the Type is reported as "Extracted" which means that the inputted image is OEM/FITC configured. Whether the DATA section is now Configured and not Initialized cannot be checked/verified by ME Analyzer but if you followed the above steps properly you should not be having any issues.

    MEA_End_Pic.PNG


  • As an extra verification step, you can open your original SPI/BIOS image dump in one FITC window and the output image in another and manually check quickly if the Engine Region settings are identical at both. This method is not needed if you have already checked via the configuration xml & txt files, it is not recommended because some settings are not visible at the FITC window but only at the configuration files and it requires a lot of time for manual comparisons.

    FITC_End.PNG


10. Last but not least, if you are working on ME 5 - 6, once your new cleaned+configured full SPI/BIOS dump or Engine region is flashed on the target system, run Flash Programming Tool with command fpt -greset and wait for the system to reset (no settings are lost). This step is very important because it forces the Engine co-processor to re-initialize and properly accept any changes to its SPI/BIOS image region counterpart.

FPT_GR_Pic.PNG


Tags:
Previous Post Next Post
Share to other apps
Copy Post Link

Contact Form