me_cleaner
me_cleaner copied to clipboard
corna
me_cleaner status
Please comment here if me_cleaner works on your device. If this tool does not work on your PC (or it does not behave as expected), don't comment here but open an issue instead. Specify:
- CPU architecture
- CPU model
- Laptop/motherboard
- OEM BIOS or coreboot?
- If you used the
-s/-Sflag in me_cleaner
Thanks
Working on:
- Intel Core i5-2520M
- Sandy Bridge
- Lenovo Thinkpad X220
- coreboot
- both with and without the
-Sflag
Working for more than a month now. Everything works perfectly, and the MEI device has disappeared from the PCI bus.
- Sandy Bridge
- Lenovo Thinkpad X220
- coreboot
I can confirm it works on the Lenovo Thinkpad X220, but coreboot then recognizes only one of my two 8GB RAM modules. I'm currently investigating.
- Intel Celeron 2955U
- Haswell
- Chromebook C720p
- coreboot
Hey there, I build and flashed an image of coreboot for my chromebook (C720p) running a Haswell 2955U.
There is no MEI entry in the lspci list. Not sure what other tests I can run to see the ME's state, open to running other tests, just tell me.
Passed the 30 minutes mark, seems to work. Thanks
Working on:
- Intel i5-6500
- Skylake
- MSI Bazooka B150M
- Stock AMI Bios
- https://github.com/corna/me_cleaner/commit/61fd606155c54d0ed8a54fe3c4a499f0645434e3
Everything works, the HECI (formerly MEI) device disapperars, a screen at boot notifies that the ME firmware is corrupted, but pressing F2 lets the boot continue.
- Intel
- Core i5-2540M
- Lenovo Thinkpad X220
- Coreboot
- 48deb6c
^^ Yes that's right, the experimental branch works on this board folks! No lzma modules!
Working on
- Intel Core i5 3320M
- Ivy Bridge
- Lenovo Thinkpad X230
- Coreboot
- d2e2308
Working on
- Intel Core i5 3320M
- Ivy Bridge
- Lenovo Thinkpad X230
- Stock BIOS
- https://github.com/corna/me_cleaner/commit/d2e2308588b906f386b5e7bfaffa9ef66b371945
- Intel Core i7 4790k
- Haswell
- Desktop, ASRock Z97 Pro4
- Modded Bios (see below)
- ffe60d8
ASRock's bios packages are all in a proprietary format, but Windows based tools, specifically the UBU pack (http://www.win-raid.com/t154f16-Tool-Guide-News-quot-UEFI-BIOS-Updater-quot-UBU.html), allow them to be extracted and the firmware inside upgraded or downgraded. One may flash this modified file directly from the UEFI settings themselves, as it doesn't validate them.
It is unclear whether or not ME is properly disabled, as the kernel module loads but is not really usable, and the tools to check ME status segfault.
Removing extra partitions...
Removing extra partition entries in FPT...
Removing EFFS presence flag...
Reading FTPR modules list...
Wiping LZMA section (0xa7680 - 0xcf000)
UPDATE: removed (0xa7680 - 0xa78aa)
ROMP: removal of Huffman modules is not supported yet, skipping
BUP: removal of Huffman modules is not supported yet, skipping
KERNEL: removal of Huffman modules is not supported yet, skipping
POLICY: removal of Huffman modules is not supported yet, skipping
HOSTCOMM: removed (0xa78aa - 0xafbb5)
TDT: removed (0xafbb5 - 0xb4f71)
FPF: removed (0xb4f71 - 0xb6a77)
Correcting checksum (0xea)...
Done! Good luck!
- Intel Core i7 4790k
- Haswell
- Desktop, ASRock Z97 Extreme6
- Modded bios -- see https://github.com/corna/me_cleaner/issues/3#issuecomment-267880212
- https://github.com/corna/me_cleaner/commit/ffe60d8f7248afd52fa1bb21465415497d54f74f
BIOS file name must be same as Instant Flash bios name, or else instant flash in bios does not detect it. In this case, Z97Ex62.70
/dev/mei0 does not exist, intelmetool reports it doesnt support my system (maybe it doesn't?), mei/mei_me modules still required by some ASRock Intel ME pci listing
~~Of note, Intel's own "Intel® Management Engine Verification Utility" in windows is perpetually spinning, which I should have tested beforehand.~~ Looks like that only works if your cpu supports vPro. Tested on another Intel based machine with ME still in bios.
But everything seems to be working properly so far.
Full image detected
The ME region goes from 0x3000 to 0x1fffff
Found FPT header at 0x3010
Found 20 partition(s)
ME firmware version 9.1.10.1000
Found FTPR header: FTPR partition spans from 0x4a000 to 0xd2000
Removing extra partitions...
Removing extra partition entries in FPT...
Removing EFFS presence flag...
Reading FTPR modules list...
Wiping LZMA section (0xaa680 - 0xd2000)
UPDATE : removed (0xaa680 - 0xaa8aa)
ROMP : removal of Huffman modules is not supported yet, skipping
BUP : removal of Huffman modules is not supported yet, skipping
KERNEL : removal of Huffman modules is not supported yet, skipping
POLICY : removal of Huffman modules is not supported yet, skipping
HOSTCOMM : removed (0xaa8aa - 0xb2bb5)
TDT : removed (0xb2bb5 - 0xb7f71)
FPF : removed (0xb7f71 - 0xb9a77)
Correcting checksum (0xea)...
Done! Good luck!
I can try to cat /dev/mei0 and I get "no such device" as root...so I guess that's good?
On my system that I've never flashed before (I haven't used me_cleaner yet) I get the same message when trying to read from /dev/mei0. It does not mean that the ME is disabled
Working on
- Intel Core i5 2520M
- Sandy Bridge
- Dell Latitude e6220
- OEM BIOS
- ffe60d8
MEI is no more present in lspci output. However, the ethernet card does not show up anymore on "ip a" output.
dmesg says:
e1000e: Intel(R) PRO/1000 Network Driver - 3.2.6-k
e1000e: Copyright(c) 1999 - 2015 Intel Corporation.
e1000e 0000:00:19.0: Interrupt Throttling Rate (ints/sec) set to dynamic conservative mode
e1000e: probe of 0000:00:19.0 failed with error -e
The problem seems identical to the one reported by this user: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/984404 and as he suggests just rebooting the machine temporarily fixes the problem. When a power cycle is performed again (power off+power on) the ethernet card is gone again.
This is the related bug on the ubuntu kernel bug tracker: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1576953
Working on:
- Intel Core i7-3770
- IvyBridge
- Motherboard: GA-B75M-D3V
- OEM BIOS and Coreboot
- ffe60d8f
OEM BIOS: MEI device has disappeared from the PCI bus. Coreboot: MEI device won't go away and confirmed that ME is broken:
**Bad news, you have a B75 Express Chipset LPC Controller so you have ME hardware on board and you can't control or disable it, continuing...
MEI not hidden on PCI, checking if visible MEI found: [8086:1e3a] 7 Series/C210 Series Chipset Family MEI Controller #1
ME Status : 0x304181 ME Status 2 : 0x153b0160
ME: FW Partition Table : OK ME: Bringup Loader Failure : NO ME: Firmware Init Complete : NO ME: Manufacturing Mode : NO ME: Boot Options Present : NO ME: Update In Progress : NO ME: Current Working State : Initializing ME: Current Operation State : Bring up ME: Current Operation Mode : Normal ME: Error Code : Debug Failure ME: Progress Phase : BUP Phase ME: Power Management Event : Intel ME reset due to exception ME: Progress Phase State : 0x3b
ME: Extend Register not valid
ME: has a broken implementation on your board with this BIOS ME: failed to become ready ME: failed to become ready ME: GET FW VERSION message failed ME: failed to become ready ME: failed to become ready ME: GET FWCAPS message failed **
Working on:
- Intel Core i3-2370m
- SandyBridge
- Motherboard: Thinkpad x220i
- OEM BIOS and Coreboot
- ffe60d8f
MEI device has disappeared from the PCI bus.
Working on:
- Intel Core i7-3770T
- IvyBridge
- Motherboard: GA-B75M-D3H
- Coreboot
- ffe60d8f
Sadly I failed to extract a valid OEM BIOS image this time. MEI device has disappeared from the PCI bus initially, but after programming back from the scheme below the MEI reappears and keeps present. ME is confirmed broken. It seems whether ME remains present on desktop depends on the content of nvram.
Working on:
- Intel Core i7-3770T
- IvyBridge
- Motherboard: GA-B75M-D3H
- Coreboot
- ffe60d8
- Neutralized ME from SnB/IvB laptop (e.g. samsung lumpy's ME image located at
3rdparty/blobs/mainboard/samsung/lumpy/me.bin, with ifd adjusted via modified layout file)
MEI device won't go away and confirmed that ME is broken, and integrated graphic card conpletely ceases to work, and goes away.
Works on:
- Core i5-2520M
- SandyBridge
- Lenovo Thinkpad T420
- OEM BIOS
- ffe60d8f7248afd52fa1bb21465415497d54f74f
- Intel Core i5-2520M
- Lenovo Thinkpad X220
- Coreboot-4.5
- Seabios 1.9.3
-
ffe60d8 - 1.5MiB Management Engine
- SPI replaced with a 128mbit chip, IFD layout changed to span entire chip and give all remaining space to CBFS.
Everything works, ~~but laptop hangs for ~15 seconds after suspend. I also updated coreboot, so not 100% sure this is me_cleaners fault.~~ 100% working now.
Works on:
- Core i5-2520M
- SandyBridge
- Lenovo Thinkpad T420
- Coreboot-4.5
- Seagrub scheme from libreboot
- 1.5MiB Management Engine
- ffe60d8
MEI device has disappeared from the PCI bus. However, the ethernet card needs a warm reboot to be functional.
Working on
- Intel Core i3 2330M
- Sandy Bridge
- Dell Latitude e6220
- OEM BIOS
- ffe60d8
MEI is no more present in lspci output. However, the ethernet card needs a warm reboot to be functional.
Working on:
- T420
- Intel core i7 3632qm
- Ivy Bridge
- Coreboot with seabios payload+windows screen goes blank after a while, running a background game app seems to help this somehow.
- X220
- Intel core i5 2540M
- Sandy Bridge
- Coreboot with linux payload+qubes, worked fine, don't remember the blank screen issue. using: 48deb6 on both laptops
Working on
- Intel Core i5 2520M
- Sandy Bridge
- HP EliteBook 8460P
- OEM BIOS
- ffe60d8
MEI is no more present in lspci output. However, the ethernet card needs a warm reboot to be functional.
Working on
- Intel Core i5 3320M
- Ivy Bridge
- Lenovo Thinkpad X230
- Coreboot
- ffe60d8
Working on:
- Intel Core i5-3570K (Ivy Bridge)
- Gigabyte GA-Z77X-UD5H
- coreboot with TianoCore UEFI payload
- ffe60d8
The MEI Controller device still appears in lspci. I am unsure of the status of the Intel 82579V Ethernet controller, as I haven't gotten it to work yet (e1000e: probe of 0000:00:19.0 failed with error -3; this remains the same with normal ME or cleaned ME). The ME appears to have been disabled:
[ 19.881125] mei_me 0000:00:16.0: wait hw ready failed
[ 19.881131] mei_me 0000:00:16.0: hw_start failed ret = -62
[ 19.881144] mei_me 0000:00:16.0: H_RST is set = 0x80000015
[ 21.929169] mei_me 0000:00:16.0: wait hw ready failed
[ 21.929175] mei_me 0000:00:16.0: hw_start failed ret = -62
[ 21.929188] mei_me 0000:00:16.0: H_RST is set = 0x80000015
[ 23.977227] mei_me 0000:00:16.0: wait hw ready failed
[ 23.977233] mei_me 0000:00:16.0: hw_start failed ret = -62
[ 23.977236] mei_me 0000:00:16.0: reset: reached maximal consecutive resets: disabling the device
[ 23.977238] mei_me 0000:00:16.0: reset failed ret = -19
[ 23.977239] mei_me 0000:00:16.0: link layer initialization failed.
[ 23.977241] mei_me 0000:00:16.0: init hw failure.
[ 23.977366] mei_me 0000:00:16.0: initialization failed.
Bad news, you have a `Z77 Express Chipset LPC Controller` so you have ME hardware on board and it is very difficult to remove, continuing...
RCBA at 0xfed1c000
MEI not hidden on PCI, checking if visible
MEI found: [8086:1e3a] 7 Series/C216 Chipset Family MEI Controller #1
ME Status : 0x4181
ME Status 2 : 0x163b0160
ME: FW Partition Table : OK
ME: Bringup Loader Failure : NO
ME: Firmware Init Complete : NO
ME: Manufacturing Mode : NO
ME: Boot Options Present : NO
ME: Update In Progress : NO
ME: Current Working State : Initializing
ME: Current Operation State : Bring up
ME: Current Operation Mode : Normal
ME: Error Code : Debug Failure
ME: Progress Phase : BUP Phase
ME: Power Management Event : Pseudo-global reset
ME: Progress Phase State : 0x3b
PCI READ [bc] : 0x000000bc
ME: Extend Register not valid
ME has a broken implementation on your board with this BIOS
ME: failed to become ready
WRITE [00] : CB: 0x80040007
WRITE [00] : CB: 0x000002ff
ME: failed to become ready
ME: GET FW VERSION message failed
ME: failed to become ready
WRITE [00] : CB: 0x80080007
WRITE [00] : CB: 0x00000203
WRITE [00] : CB: 0x00000000
ME: failed to become ready
ME: GET FWCAPS message failed
exiting
Working on:
- Intel Core i5-2520M
- Sandy Bridge
- Lenovo Thinkpad X220
- Coreboot
- 4e9fc2e
After the KERNEL module of ME is removed, the integrated NIC works after a COLD reboot now.
- Intel Core i5-2520M
- Sandy Bridge
- Lenovo Thinkpad X220 tablet
- Coreboot
- 4e9fc2e
Working on:
- Intel Core i5-2520M
- Sandy Bridge
- HP EliteBook 8460P
- OEM BIOS
- 4e9fc2e
After the KERNEL module of ME is removed, the integrated NIC works after a COLD reboot now.
- Intel Core i5-2520M
- Sandy Bridge
- Lenovo Thinkpad T420
- Coreboot
- 4e9fc2e
Everything works perfectly for one day now!
Working on:
- Intel Xeon E3-1230 v5
- Skylake
- Motherboard: P10S-M WS
- OEM BIOS
- 4e9fc2e
CSME HECI won't go away but ME is neutralized with no 30-minute-shutdown.
#lspci -vnnt
-[0000:00]-+-00.0 Intel Corporation Sky Lake Host Bridge/DRAM Registers [8086:1918]
+-01.0-[01]--+-00.0 Advanced Micro Devices, Inc. [AMD/ATI] Tahiti XT [Radeon HD 7970/8970 OEM / R9 280X] [1002:6798]
| \-00.1 Advanced Micro Devices, Inc. [AMD/ATI] Tahiti XT HDMI Audio [Radeon HD 7970 Series] [1002:aaa0]
+-13.0 Intel Corporation Sunrise Point-H Integrated Sensor Hub [8086:a135]
+-14.0 Intel Corporation Sunrise Point-H USB 3.0 xHCI Controller [8086:a12f]
+-14.2 Intel Corporation Sunrise Point-H Thermal subsystem [8086:a131]
+-16.0 Intel Corporation Sunrise Point-H CSME HECI #1 [8086:a13a]
+-16.1 Intel Corporation Sunrise Point-H CSME HECI #2 [8086:a13b]
+-17.0 Intel Corporation Device [8086:a102]
+-1c.0-[02]----00.0 Intel Corporation I210 Gigabit Network Connection [8086:1533]
+-1c.5-[03]----00.0 Intel Corporation I210 Gigabit Network Connection [8086:1533]
+-1f.0 Intel Corporation Sunrise Point-H LPC Controller [8086:a149]
+-1f.2 Intel Corporation Sunrise Point-H PMC [8086:a121]
+-1f.3 Intel Corporation Sunrise Point-H HD Audio [8086:a170]
\-1f.4 Intel Corporation Sunrise Point-H SMBus [8086:a123]
#me_cleaner.py factory_p10s-m_ws.rom
Full image detected
This image does not contains an ME firmware (NR = 0)
#ifdtool -x factory_p10s-m_ws.rom
File factory_p10s-m_ws.rom is 16777216 bytes
Flash Region 0 (Flash Descriptor): 00000000 - 00000fff
Flash Region 1 (BIOS): 00800000 - 00ffffff
Flash Region 2 (Intel ME): 00001000 - 007fffff
Flash Region 3 (GbE): 07fff000 - 00000fff (unused)
Flash Region 4 (Platform Data): 07fff000 - 00000fff (unused)
Flash Region 5 (Reserved): 07fff000 - 00000fff (unused)
Flash Region 6 (Reserved): 07fff000 - 00000fff (unused)
Flash Region 7 (Reserved): 07fff000 - 00000fff (unused)
Flash Region 8 (EC): 07fff000 - 00000fff (unused)
#me_cleaner.py flashregion_2_intel_me.bin
ME image detected
Found FPT header at 0x10
Found 15 partition(s)
ME firmware version 4.0.3.75
Found FTPR header: FTPR partition spans from 0xa000 to 0x6a000
Removing extra partitions...
Removing extra partition entries in FPT...
Removing EFFS presence flag...
Correcting checksum (0x3e)...
Modules removal in ME v11 or greater is not yet supported
Done! Good luck!
#intelmetool -s
Bad news, you have a `Sunrise Point-H CSME HECI #2` so you have ME hardware on board and it is very difficult to remove, continuing...
RCBA at 0x00000000
MEI not hidden on PCI, checking if visible
MEI found: [8086:a13b] Sunrise Point-H CSME HECI #2
ME Status : 0x0
ME Status 2 : 0x0
ME: FW Partition Table : OK
ME: Bringup Loader Failure : NO
ME: Firmware Init Complete : NO
ME: Manufacturing Mode : NO
ME: Boot Options Present : NO
ME: Update In Progress : NO
ME: Current Working State : Reset
ME: Current Operation State : Preboot
ME: Current Operation Mode : Normal
ME: Error Code : No Error
ME: Progress Phase : ROM Phase
ME: Power Management Event : Clean Moff->Mx wake
ME: Progress Phase State : BEGIN
PCI READ [bc] : 0x000000bc
ME: Extend Feature not present
ME seems okay on this board
ME: failed to become ready
WRITE [00] : CB: 0x80040007
WRITE [00] : CB: 0x000002ff
ME: failed to become ready
ME: GET FW VERSION message failed
ME: failed to become ready
WRITE [00] : CB: 0x80080007
WRITE [00] : CB: 0x00000203
WRITE [00] : CB: 0x00000000
ME: failed to become ready
ME: GET FWCAPS message failed
exiting
Working on:
- Intel Core i5 3320M (Ivy Bridge)
- Lenovo Thinkpad X230
- coreboot
- 4e9fc2e
Using the ME image from google/link, no issues found.
