You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm having difficulty disabling ME on a Lenovo T470 updated to the latest UEFI firmware 1.78. I can see from the status reports that a couple of people have accomplished this but I haven't been able to find a guide yet.
The chip I'm reading is the W25Q128.V identified as U49 on the motherboard. I can produce consistent dumps using a SOIC8 clip, but any changes I make to the dumps break the boot process and the device won't pass POST. So far I've tried using the -S option and using no option. I haven't tested with -s yet because I'd prefer to neuter ME completely rather than trust the HAP setting indefinitely.
Here's the output of ifdtool on the dumps before I make any changes:
region sizes in the FLREGn section:
descriptor 4095 Bytes (4KiB)
BIOS, 7340032 Bytes (7.00MiB)
ME, 7327743 Bytes (6.99MiB)
GbE, 4096 Bytes (4KiB)
This looks appropriate so far, I think.
However, according to the me_cleaner wiki, each region in the FLMSTRn section should have RW access at least to itself. In my case, each item in each of the regions is marked disabled. This doesn't seem right but I don't know how to resolve it.
Here's the output of me_cleaner -c on the dumps:
Full image detected
Found FPT header at 0x3010
Found 11 partition(s)
Found FTPR header: FTPR partition spans from 0x1000 to 0xa8000 (684032 Bytes)
ME/TXE firmware version 11.8.86.3909 (generation 3)
Public key match: Intel ME, firmware versions 11.x.x.x
The HAP bit is NOT SET
Checking the FTPR RSA signature... VALID
This all looks good to my eyes.
Here's the output when I mod the dumps with me_cleaner -S. The output without the-S switch is identical except for the Setting the HAP bit message at the end, as you'd expect:
Full image detected
Found FPT header at 0x3010
Found 11 partition(s)
Found FTPR header: FTPR partition spans from 0x1000 to 0xa8000
Found FTPR manifest at 0x1478
ME/TXE firmware version 11.8.86.3909 (generation 3)
Public key match: Intel ME, firmware versions 11.x.x.x
The HAP bit is NOT SET
Reading partitions list...
FTPR (0x00001000 - 0x0000a8000, 0x000a7000 total bytes): NOT removed
FTUP (0x00110000 - 0x0001bc000, 0x000ac000 total bytes): removed
DLMP (0x000a6000 - 0x0000a9000, 0x00003000 total bytes): removed
PSVN (0x00000e00 - 0x000001000, 0x00000200 total bytes): removed
IVBP (0x0010c000 - 0x000110000, 0x00004000 total bytes): removed
MFS (0x000a8000 - 0x00010c000, 0x00064000 total bytes): removed
NFTP (0x00110000 - 0x0001bc000, 0x000ac000 total bytes): removed
ROMB ( no data here , 0x00000000 total bytes): nothing to remove
FLOG (0x001bc000 - 0x0001bd000, 0x00001000 total bytes): removed
UTOK (0x001bd000 - 0x0001bf000, 0x00002000 total bytes): removed
ISHC ( no data here , 0x00000000 total bytes): nothing to remove
Removing partition entries in FPT...
Removing EFFS presence flag...
Correcting checksum (0xf2)...
Reading FTPR modules list...
FTPR.man (uncompressed, 0x001478 - 0x002064): NOT removed, partition manif.
rbe.met (uncompressed, 0x002064 - 0x0020fa): NOT removed, module metadata
fptemp.met (uncompressed, 0x0020fa - 0x002132): NOT removed, module metadata
kernel.met (uncompressed, 0x002132 - 0x0021c0): NOT removed, module metadata
syslib.met (uncompressed, 0x0021c0 - 0x002224): NOT removed, module metadata
bup.met (uncompressed, 0x002224 - 0x0027e6): NOT removed, module metadata
pm.met (uncompressed, 0x0027e6 - 0x002894): NOT removed, module metadata
vfs.met (uncompressed, 0x002894 - 0x0031c0): NOT removed, module metadata
evtdisp.met (uncompressed, 0x0031c0 - 0x00334e): NOT removed, module metadata
loadmgr.met (uncompressed, 0x00334e - 0x003476): NOT removed, module metadata
busdrv.met (uncompressed, 0x003476 - 0x0037fa): NOT removed, module metadata
gpio.met (uncompressed, 0x0037fa - 0x003944): NOT removed, module metadata
prtc.met (uncompressed, 0x003944 - 0x003af4): NOT removed, module metadata
policy.met (uncompressed, 0x003af4 - 0x003cb4): NOT removed, module metadata
crypto.met (uncompressed, 0x003cb4 - 0x003e3e): NOT removed, module metadata
heci.met (uncompressed, 0x003e3e - 0x00400a): NOT removed, module metadata
storage.met (uncompressed, 0x00400a - 0x004306): NOT removed, module metadata
pmdrv.met (uncompressed, 0x004306 - 0x00442a): NOT removed, module metadata
maestro.met (uncompressed, 0x00442a - 0x004514): NOT removed, module metadata
fpf.met (uncompressed, 0x004514 - 0x00462c): NOT removed, module metadata
hci.met (uncompressed, 0x00462c - 0x00472e): NOT removed, module metadata
fwupdate.met (uncompressed, 0x00472e - 0x004836): NOT removed, module metadata
ptt.met (uncompressed, 0x004836 - 0x004942): NOT removed, module metadata
touch_fw.met (uncompressed, 0x004942 - 0x004a80): NOT removed, module metadata
rbe (Huffman , 0x004a80 - 0x007940): NOT removed, essential
fptemp (LZMA/uncomp., 0x007940 - 0x009940): removed
kernel (Huffman , 0x009940 - 0x019980): NOT removed, essential
syslib (Huffman , 0x019980 - 0x02abc0): NOT removed, essential
bup (Huffman , 0x02abc0 - 0x054640): NOT removed, essential
pm (LZMA/uncomp., 0x054640 - 0x056900): removed
vfs (LZMA/uncomp., 0x056900 - 0x05ec00): removed
evtdisp (LZMA/uncomp., 0x05ec00 - 0x0605c0): removed
loadmgr (LZMA/uncomp., 0x0605c0 - 0x063440): removed
busdrv (LZMA/uncomp., 0x063440 - 0x064cc0): removed
gpio (LZMA/uncomp., 0x064cc0 - 0x065dc0): removed
prtc (LZMA/uncomp., 0x065dc0 - 0x066940): removed
policy (LZMA/uncomp., 0x066940 - 0x06b680): removed
crypto (LZMA/uncomp., 0x06b680 - 0x079340): removed
heci (LZMA/uncomp., 0x079340 - 0x07d200): removed
storage (LZMA/uncomp., 0x07d200 - 0x081640): removed
pmdrv (LZMA/uncomp., 0x081640 - 0x0827c0): removed
maestro (LZMA/uncomp., 0x0827c0 - 0x084540): removed
fpf (LZMA/uncomp., 0x084540 - 0x085f00): removed
hci (LZMA/uncomp., 0x085f00 - 0x086780): removed
fwupdate (LZMA/uncomp., 0x086780 - 0x08b4c0): removed
ptt (LZMA/uncomp., 0x08b4c0 - 0x0a0e00): removed
touch_fw (LZMA/uncomp., 0x0a0e00 - 0x0a8000): removed
The ME minimum size should be 364544 bytes (0x59000 bytes)
The ME region can be reduced up to:
00003000:0005bfff me
Setting the HAP bit in PCHSTRP0 to disable Intel ME...
Checking the FTPR RSA signature... VALID
Done! Good luck!
The behaviour on the T470 after I flash the modded dumps back is a black screen on boot along with a diagnostic tone sequence. There is no splash screen and the device refuses to boot at all. When I flash back the unmodified dump everything reverts to normal.
I can see the activity on the repo is low but if anyone who's successfully flashed a T470 could offer their ten cents I'd appreciate it.
The text was updated successfully, but these errors were encountered:
I'm having difficulty disabling ME on a Lenovo T470 updated to the latest UEFI firmware 1.78. I can see from the status reports that a couple of people have accomplished this but I haven't been able to find a guide yet.
The chip I'm reading is the W25Q128.V identified as U49 on the motherboard. I can produce consistent dumps using a SOIC8 clip, but any changes I make to the dumps break the boot process and the device won't pass POST. So far I've tried using the
-Soption and using no option. I haven't tested with-syet because I'd prefer to neuter ME completely rather than trust the HAP setting indefinitely.Here's the output of ifdtool on the dumps before I make any changes:
This looks appropriate so far, I think.
However, according to the me_cleaner wiki, each region in the
FLMSTRnsection should have RW access at least to itself. In my case, each item in each of the regions is markeddisabled. This doesn't seem right but I don't know how to resolve it.Here's the output of
me_cleaner -con the dumps:This all looks good to my eyes.
Here's the output when I mod the dumps with
me_cleaner -S. The output without the-Sswitch is identical except for theSetting the HAP bitmessage at the end, as you'd expect:The behaviour on the T470 after I flash the modded dumps back is a black screen on boot along with a diagnostic tone sequence. There is no splash screen and the device refuses to boot at all. When I flash back the unmodified dump everything reverts to normal.
I can see the activity on the repo is low but if anyone who's successfully flashed a T470 could offer their ten cents I'd appreciate it.
The text was updated successfully, but these errors were encountered: