Clean ME (Intel Management Engine) The Basics #ME-01

 


Learn How To Clean DUMPS with Intel Engine (CS)ME or (CS)TXE Regions

Basics






Guide-How To:
Clean Dumped Intel Engine (CS)ME/(CS)TXE
Regions with Data Initialization



This guide is relevant to those who need to clean the DATA section of an Engine (CSME, ME, CSTXE, TXE) Region, which is part of a dumped SPI/BIOS image, in order to flash the latter on a different machine of the same OEM model. It is not meant as a guide on how to completely transform a dumped Engine region into a stock Intel-provided one. Although the guide can be used for that sometimes, the goal is not to update the firmware but to clean the already existing one inside the dumped SPI/BIOS image from any system-specific data while maintaining any configuration settings applied by the OEM of the given model. In this guide, the term "system" means an individual user machine whereas "model" refers to all those "systems" released by the OEM.

A. About Engine Regions & Configuration

The SPI/BIOS chip firmware is divided into regions which control different aspects of an Intel-based system. The mandatory regions are the Flash Descriptor 1.1k (FD, controls read/write access between the regions among other things), the (Converged Security) Management or Trusted Execution Engine (CSME/CSTXE/ME/TXE, holds the Engine firmware which has been configured for a specific system) and the BIOS. The Type of each (CS)ME/(CS)TXE firmware Region can be either Stock (RGN, clean/stock/unconfigured images provided by Intel to OEMs) or Extracted (EXTR, dirty/extracted/configured images from various SPI/BIOS). The (CS)ME or (CS)TXE firmware at the system's SPI/BIOS chip is always EXTR, generated by the OEM after configuring the equivalent RGN at the factory via Intel Flash Image Tool (FIT).

The Engine firmware Regions (RGN/EXTR) consist of two sections: CODE and DATA. CODE is the actual Engine firmware whereas DATA is where all the system-specific settings are stored, as configured by the OEM at the factory via Intel Flash Image Tool. The Engine firmware is not static as it holds system-specific configuration and can additionally be slightly configured by the Engine co-processor while the system is running in order to provide the proper support and functionality. Any such changes are written into the DATA section of the Engine Region and the firmware is considered initialized. That means that the DATA section can be in one of three states: UnconfiguredConfigured or Initialized. Unconfigured means that the Engine firmware image is the stock one Intel provides and not configured at all (RGN). Configured means that the OEM has applied model specific settings and the Engine region is ready for deployment (EXTR). Initialized means that the Engine region comes from a system which was already running and thus the Engine co-processor has further configured the DATA section to suit that particular system better (system specific or dirty EXTR).

ME_DATA.PNG


A dumped SPI/BIOS image comes from a system which was already operating so the contained Engine Region should have a Initialized DATA section. In order for that dump to be usable on another system of the same OEM model we need to clean the "Initialization" extra data and thus end up with an Engine Region which has a Configured-only DATA section. This is important because on some cases these small dumped "initialization" changes made by the Engine co-processor of a system can lead to a malfunctioning or a corrupted Engine Region when transferred to another system even one of the same OEM model.

B. Helpful Resources

First you need to identify what Engine firmware the dumped SPI/BIOS image has inside. For that you can use ME Analyzer 1.7k tool which is capable of telling you the version, sku, release, type etc of any inputted Engine firmware. You can use it to analyze both the dumped SPI/BIOS image you plan to clean and the firmware with which you plan to achieve that. The latter can be retrieved from Intel (CS)ME, CS(TXE), CS(SPS), PMC, PHY & PCHC Firmware Repositories 3.5k thread which includes all Engine (CSME, ME, CSTXE, TXE) firmware that we have gathered for such cases.

Before proceeding, make sure to also check the dedicated Intel Management Engine: Drivers, Firmware & System Tools 4.1k and Intel Trusted Execution Engine: Drivers, Firmware & System Tools 721 threads first. There you can find some more information about each firmware's chipset compatibility as well as the Engine System Tools packages which include the Flash Image Tool (FIT/FITC/FTOOLC) which we will be using for the cleanup process. You will also understand various terms which are used throughout the guide such as FIT, FITC, FTOOLC, CSE, CSME, CSTXE, RGN, EXTR, UPD, FD and so on.

C. Method Compatibility

This method has been tested to work on (CS)ME 2 - 15 and (CS)TXE 1 - 4. The process depending on the generation, so the guide differs. It has not been tested on any (CS)SPS firmware.

Since the purpose of the guide is to clean the DATA section, it is important to choose a clean RGN Engine firmware from the Intel Engine Firmware Repositories thread and not EXTR which is extracted from various SPI/BIOS images/dumps and considered dirty as far as the DATA section is concerned. Moreover, a full RGN Engine Region is required and not an Update (UPD) image. That means that you should look only for Engine firmware of this structure at the Repositories:

Major.Minor.Hotfix.Build_SKU_PRD_RGN

As previously mentioned, the goal is not necessarily to update the Engine firmware so you can choose any RGN firmware of the same SKU as long as the major and minor versions are the same. It is usually recommended to take the exact same RGN firmware from the repositories, otherwise the closest you can find in case that one doesn't exist or it's not RGN, same SKU etc.




Previous Post Next Post

Contact Form