me_cleaner icon indicating copy to clipboard operation
me_cleaner copied to clipboard

Published 20 hours ago verified publisher icon corna

Wiki article proposal: Internal flashing via FPT

Open mostav02 opened this issue 4 years ago • 1 comments

I have wrote an article that describes a method of internal flashing that was not fully described for disabling ME before, considering it would ideally fit as a new flashing method for me_cleaner wiki:

Neutralizing Intel ME via internal flashing with Intel FPT - https://github.com/mostav02/me_cleaner_wiki/blob/master/Internal-flashing-with-FPT.md

My intention to research this method was because I had some laptops around and wanted to disable Intel ME on them, but since I am a software developer that is not a big fan of messing with external programmers and hardware in general, I presumed that Intel Flash Programming Tool would be able to perform the same task as people do with external programmers.
Lurking around issues in this repo I have found the issue Disable ME by setting HDA_SDO pin high? #135, which made me reading some Intel datasheets that mention "HDA_SDO" and turned out there was a lot of information around on this already.
Since the main challenge of internal flashing is unlocking the flash descriptor, I have found that this method worked perfectly on all my machines (that I reported recently in #3) so I decided to make the detailed guide and I think this could serve a lot for people who are not familiar with external chip programming or just don't have the necessary hardware by hand.

Moreover, I think this method should be preferred over external programming due to its relative safety, let me show its cons and pros:

PROS:

  • Intel PCH SPI is the original and built-in programming interface for your motherboard, thus the risks are equal to upgrading the BIOS
  • Data consistency and integrity / Possibility of making an original full flash dump without garbled data
  • Increased simplicity
  • Programming speed
  • No risk of damage by overvoltage / reversed polatity / accident shorting / wrong pinout unlike during in-circuit external programming
  • No pins wear by soldering/unsoldering the chip unlike during off-circuit external programming
  • More ergonomic when performing a reverse engineering research (however, in that specific case an external programmer is still needed because bricks are inevitable)

CONS:

  • Less forgiving than doing external programming. In case of brick you will need to use an external programmer to restore the dump (which was supposed to be made)
  • Still requires an external programming if you're performing a reverse engineering task (however may require less interaction with the external programmer, depending on the bricking frequency, so it's a con at the same time)
  • FD unlocking method may be a subject to additional research

Please consider adding this guide to the wiki. (There is no way of making PR's for wiki in a repo on Github thus this needs to be done manually)

mostav02 avatar Apr 13 '20 14:04 mostav02

@mostav02 just wanted to say I followed your guide and was able to flash a HAP disable FD. The Linux FPT didn't work, but I created a bootable DOS disk and it did. Thanks!

pedrib avatar Apr 26 '20 17:04 pedrib