Add manpage
This commit is contained in:
parent
5ce039affa
commit
d2b417b576
2 changed files with 325 additions and 0 deletions
159
man/me_cleaner.1
Normal file
159
man/me_cleaner.1
Normal file
|
@ -0,0 +1,159 @@
|
|||
.TH me_cleaner 1 "MARCH 2018"
|
||||
.SH me_cleaner
|
||||
.PP
|
||||
me_cleaner \- Tool for partial deblobbing of Intel ME/TXE firmware images
|
||||
.SH SYNOPSIS
|
||||
.PP
|
||||
\fB\fCme_cleaner.py\fR [\-h] [\-v] [\-O output_file] [\-S | \-s] [\-r] [\-k]
|
||||
[\-w whitelist | \-b blacklist] [\-d] [\-t] [\-c] [\-D output_descriptor]
|
||||
[\-M output_me_image] \fIfile\fP
|
||||
.SH DESCRIPTION
|
||||
.PP
|
||||
\fB\fCme_cleaner\fR is a tool able to disable parts of Intel ME/TXE by:
|
||||
.RS
|
||||
.IP \(bu 2
|
||||
removing most of the code from its firmware
|
||||
.IP \(bu 2
|
||||
setting a special bit to force it to disable itself after the hardware
|
||||
initialization
|
||||
.RE
|
||||
.PP
|
||||
Using both the modes seems to be the most reliable way on many platforms.
|
||||
.PP
|
||||
The resulting modified firmware needs to be flashed (in most of the cases) with
|
||||
an external programmer, often a dedicated SPI programmer or a Linux board with
|
||||
a SPI master interface.
|
||||
.PP
|
||||
\fB\fCme_cleaner\fR works at least from Nehalem to Coffee Lake (for Intel ME) and on
|
||||
Braswell/Cherry Trail (for Intel TXE), but may work as well on newer or
|
||||
different architectures.
|
||||
.PP
|
||||
While \fB\fCme_cleaner\fR have been tested on a great number of platforms, fiddling
|
||||
with the Intel ME/TXE firmware is \fIvery dangerous\fP and can easily lead to a
|
||||
dead PC.
|
||||
.PP
|
||||
\fIYOU HAVE BEEN WARNED.\fP
|
||||
.SH POSITIONAL ARGUMENTS
|
||||
.TP
|
||||
\fB\fCfile\fR
|
||||
ME/TXE image or full dump.
|
||||
.SH OPTIONAL ARGUMENTS
|
||||
.TP
|
||||
\fB\fC\-h\fR, \fB\fC\-\-help\fR
|
||||
Show the help message and exit.
|
||||
.TP
|
||||
\fB\fC\-v\fR, \fB\fC\-\-version\fR
|
||||
Show program's version number and exit.
|
||||
.TP
|
||||
\fB\fC\-O\fR, \fB\fC\-\-output\fR
|
||||
Save the modified image in a separate file, instead of modifying the
|
||||
original file.
|
||||
.TP
|
||||
\fB\fC\-S\fR, \fB\fC\-\-soft\-disable\fR
|
||||
In addition to the usual operations on the ME/TXE firmware, set the
|
||||
MeAltDisable bit or the HAP bit to ask Intel ME/TXE to disable itself after
|
||||
the hardware initialization (requires a full dump).
|
||||
.TP
|
||||
\fB\fC\-s\fR, \fB\fC\-\-soft\-disable\-only\fR
|
||||
Instead of the usual operations on the ME/TXE firmware, just set the
|
||||
MeAltDisable bit or the HAP bit to ask Intel ME/TXE to disable itself after
|
||||
the hardware initialization (requires a full dump).
|
||||
.TP
|
||||
\fB\fC\-r\fR, \fB\fC\-\-relocate\fR
|
||||
Relocate the FTPR partition to the top of the ME region to save even more
|
||||
space.
|
||||
.TP
|
||||
\fB\fC\-t\fR, \fB\fC\-\-truncate\fR
|
||||
Truncate the empty part of the firmware (requires a separated ME/TXE image or
|
||||
\fB\fC\-\-extract\-me\fR).
|
||||
.TP
|
||||
\fB\fC\-k\fR, \fB\fC\-\-keep\-modules\fR
|
||||
Don't remove the FTPR modules, even when possible.
|
||||
.TP
|
||||
\fB\fC\-w\fR, \fB\fC\-\-whitelist\fR
|
||||
Comma separated list of additional partitions to keep in the final image.
|
||||
This can be used to specify the MFS partition for example, which stores PCIe
|
||||
and clock settings.
|
||||
.TP
|
||||
\fB\fC\-b\fR, \fB\fC\-\-blacklist\fR
|
||||
Comma separated list of partitions to remove from the image. This option
|
||||
overrides the default removal list.
|
||||
.TP
|
||||
\fB\fC\-d\fR, \fB\fC\-\-descriptor\fR
|
||||
Remove the ME/TXE Read/Write permissions to the other regions on the flash
|
||||
from the Intel Flash Descriptor (requires a full dump).
|
||||
.TP
|
||||
\fB\fC\-D\fR, \fB\fC\-\-extract\-descriptor\fR
|
||||
Extract the flash descriptor from a full dump; when used with \fB\fC\-\-truncate\fR
|
||||
save a descriptor with adjusted regions start and end.
|
||||
.TP
|
||||
\fB\fC\-M\fR, \fB\fC\-\-extract\-me\fR
|
||||
Extract the ME firmware from a full dump; when used with \fB\fC\-\-truncate\fR save a
|
||||
truncated ME/TXE image.
|
||||
.TP
|
||||
\fB\fC\-c\fR, \fB\fC\-\-check\fR
|
||||
Verify the integrity of the fundamental parts of the firmware and exit.
|
||||
.SH SUPPORTED PLATFORMS
|
||||
.PP
|
||||
Currently \fB\fCme_cleaner\fR has been tested on the following platforms:
|
||||
.TS
|
||||
allbox;
|
||||
cb cb cb cb
|
||||
c c c c
|
||||
c c c c
|
||||
c c c c
|
||||
c c c c
|
||||
c c c c
|
||||
c c c c
|
||||
c c c c
|
||||
c c c c
|
||||
.
|
||||
PCH CPU ME SKU
|
||||
Ibex Peak * Nehalem/Westmere 6.0 Ignition
|
||||
Ibex Peak * Nehalem/Westmere 6.x 1.5/5 MB
|
||||
Cougar Point Sandy Bridge 7.x 1.5/5 MB
|
||||
Panther Point Ivy Bridge 8.x 1.5/5 MB
|
||||
Lynx/Wildcat Point Haswell/Broadwell 9.x 1.5/5 MB
|
||||
Wildcat Point LP Broadwell Mobile 10.0 1.5/5 MB
|
||||
Sunrise Point Skylake/Kabylake 11.x CON/COR
|
||||
Union Point Kabylake 11.x CON/COR
|
||||
.TE
|
||||
.TS
|
||||
allbox;
|
||||
cb cb cb
|
||||
c c c
|
||||
.
|
||||
SoC TXE SKU
|
||||
Braswell/Cherry Trail 2.x 1.375 MB
|
||||
.TE
|
||||
.PP
|
||||
* Not working on coreboot
|
||||
.PP
|
||||
All the reports are available on the project's GitHub page \[la]https://github.com/corna/me_cleaner/issues/3\[ra]\&.
|
||||
.SH EXAMPLES
|
||||
.PP
|
||||
Check whether the provided image has a valid structure and signature:
|
||||
.IP
|
||||
\fB\fCme_cleaner.py \-c dumped_firmware.bin\fR
|
||||
.PP
|
||||
Remove most of the Intel ME firmware modules but don't set the HAP/AltMeDisable
|
||||
bit:
|
||||
.IP
|
||||
\fB\fCme_cleaner.py \-S \-O modified_me_firmware.bin dumped_firmware.bin\fR
|
||||
.PP
|
||||
Remove most of the Intel ME firmware modules and set the HAP/AltMeDisable bit,
|
||||
disable the Read/Write access of Intel ME to the other flash region, then
|
||||
relocate the code to the top of the image and truncate it, extracting a modified
|
||||
descriptor and ME image:
|
||||
.IP
|
||||
\fB\fCme_cleaner.py \-S \-r \-t \-d \-D ifd_shrinked.bin \-M me_shrinked.bin \-O modified_firmware.bin full_dumped_firmware.bin\fR
|
||||
.SH BUGS
|
||||
.PP
|
||||
Bugs should be reported on the project's GitHub page \[la]https://github.com/corna/me_cleaner\[ra]\&.
|
||||
.SH AUTHOR
|
||||
.PP
|
||||
Nicola Corna \[la]nicola@corna.info\[ra]
|
||||
.SH SEE ALSO
|
||||
.PP
|
||||
.BR flashrom (8),
|
||||
me_cleaner's Wiki \[la]https://github.com/corna/me_cleaner/wiki\[ra]
|
166
man/me_cleaner.md
Normal file
166
man/me_cleaner.md
Normal file
|
@ -0,0 +1,166 @@
|
|||
[//]: # (Use md2man to generate the man page from this Markdown)
|
||||
[//]: # (https://github.com/sunaku/md2man)
|
||||
|
||||
me_cleaner 1 "MARCH 2018"
|
||||
=======================================
|
||||
|
||||
me\_cleaner
|
||||
----
|
||||
|
||||
me\_cleaner - Tool for partial deblobbing of Intel ME/TXE firmware images
|
||||
|
||||
SYNOPSIS
|
||||
--------
|
||||
|
||||
`me_cleaner.py` [-h] [-v] [-O output\_file] [-S | -s] [-r] [-k]
|
||||
[-w whitelist | -b blacklist] [-d] [-t] [-c] [-D output\_descriptor]
|
||||
[-M output\_me\_image] *file*
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
|
||||
`me_cleaner` is a tool able to disable parts of Intel ME/TXE by:
|
||||
|
||||
* removing most of the code from its firmware
|
||||
* setting a special bit to force it to disable itself after the hardware
|
||||
initialization
|
||||
|
||||
Using both the modes seems to be the most reliable way on many platforms.
|
||||
|
||||
The resulting modified firmware needs to be flashed (in most of the cases) with
|
||||
an external programmer, often a dedicated SPI programmer or a Linux board with
|
||||
a SPI master interface.
|
||||
|
||||
`me_cleaner` works at least from Nehalem to Coffee Lake (for Intel ME) and on
|
||||
Braswell/Cherry Trail (for Intel TXE), but may work as well on newer or
|
||||
different architectures.
|
||||
|
||||
While `me_cleaner` have been tested on a great number of platforms, fiddling
|
||||
with the Intel ME/TXE firmware is *very dangerous* and can easily lead to a
|
||||
dead PC.
|
||||
|
||||
*YOU HAVE BEEN WARNED.*
|
||||
|
||||
POSITIONAL ARGUMENTS
|
||||
--------------------
|
||||
|
||||
`file`
|
||||
ME/TXE image or full dump.
|
||||
|
||||
OPTIONAL ARGUMENTS
|
||||
------------------
|
||||
|
||||
`-h`, `--help`
|
||||
Show the help message and exit.
|
||||
|
||||
`-v`, `--version`
|
||||
Show program's version number and exit.
|
||||
|
||||
`-O`, `--output`
|
||||
Save the modified image in a separate file, instead of modifying the
|
||||
original file.
|
||||
|
||||
`-S`, `--soft-disable`
|
||||
In addition to the usual operations on the ME/TXE firmware, set the
|
||||
MeAltDisable bit or the HAP bit to ask Intel ME/TXE to disable itself after
|
||||
the hardware initialization (requires a full dump).
|
||||
|
||||
`-s`, `--soft-disable-only`
|
||||
Instead of the usual operations on the ME/TXE firmware, just set the
|
||||
MeAltDisable bit or the HAP bit to ask Intel ME/TXE to disable itself after
|
||||
the hardware initialization (requires a full dump).
|
||||
|
||||
`-r`, `--relocate`
|
||||
Relocate the FTPR partition to the top of the ME region to save even more
|
||||
space.
|
||||
|
||||
`-t`, `--truncate`
|
||||
Truncate the empty part of the firmware (requires a separated ME/TXE image or
|
||||
`--extract-me`).
|
||||
|
||||
`-k`, `--keep-modules`
|
||||
Don't remove the FTPR modules, even when possible.
|
||||
|
||||
`-w`, `--whitelist`
|
||||
Comma separated list of additional partitions to keep in the final image.
|
||||
This can be used to specify the MFS partition for example, which stores PCIe
|
||||
and clock settings.
|
||||
|
||||
`-b`, `--blacklist`
|
||||
Comma separated list of partitions to remove from the image. This option
|
||||
overrides the default removal list.
|
||||
|
||||
`-d`, `--descriptor`
|
||||
Remove the ME/TXE Read/Write permissions to the other regions on the flash
|
||||
from the Intel Flash Descriptor (requires a full dump).
|
||||
|
||||
`-D`, `--extract-descriptor`
|
||||
Extract the flash descriptor from a full dump; when used with `--truncate`
|
||||
save a descriptor with adjusted regions start and end.
|
||||
|
||||
`-M`, `--extract-me`
|
||||
Extract the ME firmware from a full dump; when used with `--truncate` save a
|
||||
truncated ME/TXE image.
|
||||
|
||||
`-c`, `--check`
|
||||
Verify the integrity of the fundamental parts of the firmware and exit.
|
||||
|
||||
SUPPORTED PLATFORMS
|
||||
-------------------
|
||||
|
||||
Currently `me_cleaner` has been tested on the following platforms:
|
||||
|
||||
| PCH | CPU | ME | SKU |
|
||||
|:-----------------:|:-----------------:|:----:|:--------:|
|
||||
| Ibex Peak * | Nehalem/Westmere | 6.0 | Ignition |
|
||||
| Ibex Peak * | Nehalem/Westmere | 6.x | 1.5/5 MB |
|
||||
| Cougar Point | Sandy Bridge | 7.x | 1.5/5 MB |
|
||||
| Panther Point | Ivy Bridge | 8.x | 1.5/5 MB |
|
||||
| Lynx/Wildcat Point| Haswell/Broadwell | 9.x | 1.5/5 MB |
|
||||
| Wildcat Point LP | Broadwell Mobile | 10.0 | 1.5/5 MB |
|
||||
| Sunrise Point | Skylake/Kabylake | 11.x | CON/COR |
|
||||
| Union Point | Kabylake | 11.x | CON/COR |
|
||||
|
||||
| SoC | TXE | SKU |
|
||||
|:---------------------:|:---:|:--------:|
|
||||
| Braswell/Cherry Trail | 2.x | 1.375 MB |
|
||||
|
||||
\* Not working on coreboot
|
||||
|
||||
All the reports are available on the [project's GitHub page](
|
||||
https://github.com/corna/me_cleaner/issues/3).
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
||||
Check whether the provided image has a valid structure and signature:
|
||||
|
||||
`me_cleaner.py -c dumped_firmware.bin`
|
||||
|
||||
Remove most of the Intel ME firmware modules but don't set the HAP/AltMeDisable
|
||||
bit:
|
||||
|
||||
`me_cleaner.py -S -O modified_me_firmware.bin dumped_firmware.bin`
|
||||
|
||||
Remove most of the Intel ME firmware modules and set the HAP/AltMeDisable bit,
|
||||
disable the Read/Write access of Intel ME to the other flash region, then
|
||||
relocate the code to the top of the image and truncate it, extracting a modified
|
||||
descriptor and ME image:
|
||||
|
||||
`me_cleaner.py -S -r -t -d -D ifd_shrinked.bin -M me_shrinked.bin -O modified_firmware.bin full_dumped_firmware.bin`
|
||||
|
||||
BUGS
|
||||
----
|
||||
|
||||
Bugs should be reported on the [project's GitHub page](
|
||||
https://github.com/corna/me_cleaner).
|
||||
|
||||
AUTHOR
|
||||
------
|
||||
|
||||
Nicola Corna <nicola@corna.info>
|
||||
|
||||
SEE ALSO
|
||||
--------
|
||||
|
||||
flashrom(8), [me\_cleaner's Wiki](https://github.com/corna/me_cleaner/wiki)
|
Loading…
Reference in a new issue