[Nottingham] Fwd: Neutralize ME firmware

VM vadim+NLUG at mankevich.co.uk
Fri Jan 13 23:11:15 UTC 2017 

Yay! Have done it to my "Think Different" Yoga that is now used to being
my guinea pig and it's a success!
=====================
[root at archie alarm]# python ./me_cleaner.py factory_yoga.bin
Full image detected
The ME region goes from 0x1000 to 0x1fffff
Found FPT header at 0x1010
Found 21 partition(s)
ME firmware version 9.5.15.1730
Found FTPR header: FTPR partition spans from 0x4c000 to 0xd2000
Removing extra partitions...
Removing extra partition entries in FPT...
Removing EFFS presence flag...
Correcting checksum (0x04)...
Reading FTPR modules list...
Wiping LZMA section (0xb19a5 - 0xd2000)
 UPDATE           (LZMA,    0x0b19a5 - 0x0b1aaf): removed
 ROMP             (Huffman, 0x052740 - 0x052b03): NOT removed, essential
 BUP              (Huffman, 0x052b03 - 0x06662c): NOT removed, essential
 KERNEL           (Huffman, 0x06662c - 0x099368): removed
 POLICY           (Huffman, 0x099368 - 0x0b19a5): removed
 FTPM             (LZMA,    0x0b1aaf - 0x0bfc38): removed
 HOSTCOMM         (LZMA,    0x0bfc38 - 0x0c826c): removed
 TDT              (LZMA,    0x0c826c - 0x0cd59d): removed
 FPF              (LZMA,    0x0cd59d - 0x0cf0b5): removed
Done! Good luck!
======================

So overall more time was spent trying to figure out how to enable SPI on
BeagleBoneBlack under Archlinux then actually doing this operation :) I
believe I have disabled updates, low- and high-level APIs (KERNEL,
POLICY), antitheft (TDT), communications to host (HOSTCOMM),firmware TPM
(FTPM), and something called FPF (I actually hope it is the link to
Intel Wifi card). ME still functions independently but it's
functionality is reduced. There is no longer PCI device for two-way
communication with ME and mei_me module is not loaded as confirmed by
lspci and lsmod.
The patient did not pass out after 30 minutes of uptime and is in a
stable condition. Need to check power management because that could be
somehow affected. If ok, my main Yoga will be the next patient. :)

VM

On 01/10/2017 01:55 PM, Martin via Nottingham wrote:
> Vadim,
> 
> Thanks for that. Interesting...
> 
> And as always, more time is needed in the day.
> 
> But then again... Why are we having to waste our time 'working around'
> proprietary 'coercive silliness'...
> 
> 
> More time needed!
> 
> Cheers,
> Martin
> 
> 
> 
> On 10/01/17 10:47, VM via Nottingham wrote:
>>
>>
>> Finally there's hope for those who'd like more power over their own PC than Intel currently has.
>>
>> http://hardenedlinux.org/firmware/2016/11/17/neutralize_ME_firmware_on_sandybridge_and_ivybridge.html
>>
>>
>> When Martin flashes Libreboot (at last) I might borrow the programming clip. Or was it not necessary for that Chromebook?
>> --
>> vadim at mankevich.co.uk PGP key fingerprint
>> 0xC046022A3A91455AF0C9BB2404BF882B1905C772
>> Retrieve from hkps://pgp.mit.edu
> 
> 
>

More information about the Nottingham mailing list