Commit graph

89 commits

Author SHA1 Message Date
Nicola Corna
43612a630c Add ME 1.x-5.x to the manual 2018-10-07 10:24:52 +02:00
Nicola Corna
a994685cb2 Do not modify gen1 images when -c is passed 2018-09-09 18:12:27 +02:00
Nicola Corna
4f225808ff Update manual 2018-09-09 18:05:00 +02:00
Nicola Corna
57b3fc765e Add support for generation 1
On generation 1 (ME version <= 5), Intel ME can be disabled completely
by:

 * Wiping its firmware
 * Disabling the corresponding region
 * Setting the meDisable bits in ICHSTRP0 and MCHSTRP0

Optionally, with the usual -d flag, me_cleaner can remove the ME's RW
permissions to the other regions (but it probably has no effect, Intel
ME is disabled anyways).

Based on ich9deblob from the libreboot project.
2018-05-24 17:36:31 +02:00
Nicola Corna
d5b0806cdf Version 1.2 2018-03-31 10:27:12 +02:00
Nicola Corna
19eb7d0372 Print the value of the HAP/AltMeDisable bit 2018-03-30 22:46:51 +02:00
Nicola Corna
cf88e6968e Rewrite README.md 2018-03-30 22:46:51 +02:00
Nicola Corna
d2b417b576 Add manpage 2018-03-30 19:11:53 +02:00
Nicola Corna
5ce039affa Add setup.py 2018-03-30 19:11:53 +02:00
Nicola Corna
095bc8f06d Add --version 2018-03-30 19:11:47 +02:00
Nicola Corna
fedd85f48f Reorder argparse options 2018-03-30 19:04:12 +02:00
Nicola Corna
3c4ca946ad Fix ME 6 OutOfRegionException 2018-03-23 16:09:30 +01:00
Nicola Corna
9e1611fdf2 Fix region size
The region size was 1 Byte larger
2018-02-01 10:29:43 +01:00
Nicola Corna
3051107031 Style fixes 2018-01-31 09:56:29 +01:00
Nicola Corna
1299c87745 Wipe the firmware in case of a ME 6 Ignition image
Thanks to Plato Mavropoulos for discovering it
2018-01-31 09:29:19 +01:00
Nicola Corna
5bd27b36ba Remove the last partition in ME 6
The last partition in ME 6 has 0xffffffff as size and was previously
ignored by me_cleaner.
2018-01-31 09:23:08 +01:00
Michael Niewoehner
2d8b6192da Fix flash descriptor permissions
ME read access on the flash descriptor is (at least on some systems)
needed to complete boot process.
2018-01-17 19:18:24 +01:00
Nicola Corna
604e1bf812 Move the region offset inside RegionFile 2018-01-11 18:29:43 +01:00
Nicola Corna
80b00b9a74 Print Huffman modules size on generation 2 2018-01-11 18:11:54 +01:00
Nicola Corna
f8f2fc17f4 Replace sys.stdout.write with print 2018-01-11 18:11:54 +01:00
Nicola Corna
15e81288bc Add public key match
Now me_cleaner is able to distinguish between ME, TXE and SPS images.
This will be useful in future commits, where variant (or version)
specific fixes must be applied.
2018-01-11 18:11:54 +01:00
Nicola Corna
61a70b4112 Correctly remove the ME permissions on Skylake descriptors 2018-01-11 12:47:27 +01:00
Nicola Corna
2ff65c1ea7 Add partition removal whitelist/blacklist option 2017-11-25 11:38:21 +01:00
Nicola Corna
2ea338782a Use the partition flags to detect if a partition has data in ROM 2017-10-22 14:46:21 +02:00
Youness Alaoui
210adf030f Add support for selective partition removal
Check and remove partitions from $FPT based on their name instead of
removing all partitions different from FTPR and hardcoding the addition
of FTPR partition into $FPT.

This is required in order to add support for unremovable partitions,
other than FTPR, which is required on some machines.
2017-10-22 14:46:21 +02:00
Youness Alaoui
184ac81541 Remove invalid and unused header_len variable 2017-09-29 16:10:19 -04:00
Youness Alaoui
fa94786f65 Fix lenght->length typo in variable name 2017-09-29 16:09:44 -04:00
Nicola Corna
312ef02714 Merge pull request #55 from vanillajonathan/patch-1
Sort imports
2017-09-26 07:59:35 +02:00
Nicola Corna
d5705b62f8 Do not set the HAP/AltMeDisable bit by default
While some BIOS behaves better with the bit set, others don't. As
me_cleaner has been already tested on many platforms (and we don't want to
break things if it previously worked), revert to the default behaviour
and add an option (-S) to optionally set the HAP/AltMeDisable bit.

So now the situation is:
 -s: just set the HAP/AltMeDisable bit, without modifying the firmware
 -S: modify the firmware and set the HAP/AltMeDisable bit
 none of them: modify the firmware but don't set the HAP/AltMeDisable bit
2017-09-07 09:36:25 +02:00
Nicola Corna
72fff7a98e Fix the arguments interactions 2017-08-30 17:39:52 +02:00
Nicola Corna
93e65775bb Add -s
This option can be used to disable Intel ME by setting the HAP/MeAltDisable
bit, while keeping the ME firmware image untouched.
2017-08-30 17:09:09 +02:00
Jonathan
d4cc5783eb Sort imports 2017-08-30 11:54:05 +02:00
Nicola Corna
ced3b46ba2 Set the HAP bit (ME >= 11) or the AltMeDisable bit (ME < 11)
Positive Technologies discovered the presence of an undocumented HAP bit
in the PCHSTRP0 field of the descriptor which, when set to 1, disables
completely Intel ME just after the initialization. This is confirmed both
by an analysis of the status of Intel ME after the setting of the bit and
by reverse engineering the BUP module.

More information in their blog post:
http://blog.ptsecurity.com/2017/08/disabling-intel-me.html

Moreover Igor Skochinsky discovered a bit in the PCHSTRP10, which achieves
more or less the same result as the HAP bit for ME < 11.

With this commit one of these bits is set to 1: instead of halting due to
corrupted modules, Intel ME now halts before trying to load them, possibly
leading to a cleaner shutoff of the ME subsystem.
2017-08-30 09:51:09 +02:00
Nicola Corna
5ffeaffb40 Minor cleanup 2017-08-29 10:37:11 +02:00
Nicola Corna
2e8761ea8b Don't fail when trying to operate on a truncated ME 11 image 2017-08-08 21:53:15 +02:00
Nicola Corna
565dabcbc3 Minor bug fix 2017-08-08 21:47:10 +02:00
Nicola Corna
6e097a02d4 Add -D and -M
-D can be used to extract the flash descriptor from a full image. When used
with -t, it extracts the flash descriptor and modifies it to shrink the ME
region and expand the BIOS one.
-M can be used to extract the ME image. When used with -t it extracts a
truncated ME image.
2017-08-07 11:07:32 +02:00
Nicola Corna
7447c872d3 Fix wrong computation of region end address 2017-08-05 23:53:57 +02:00
Nicola Corna
f4e3d1401e Add full support for Skylake (ME 11) and following
This commit has been widely tested on an MSI H110M (Sunrise Point) with an
i3-6300T, on two different ME firmware:
 * 11.6.1.1142 CON (2.0 MB, no AMT)
 * 11.6.1.1142 COR (7.1 MB, AMT)

In particular:
 * The only fundamental FTPR modules seems to be rbe, kernel, syslib and
    bup. Incidentally, on CON images, these modules are the only ones
    Huffman-compressed. Removing any of these modules inhibits the correct
    powering on of the PC.
 * Now that the Huffman modules are not mixed together in a single Huffman
    stream, removing them is trivial and can be done in the same way as the
    LZMA/uncompressed modules.
 * For the same reason, as there isn't a LLUT header anymore, the
    partitions can be freely moved without any change in the content of the
    partition, thus the relocation option has been added.
 * The truncation information has been adjusted, like in the older ME
    versions. However, the correct functioning of a PC with a truncated ME
    region hasn't been tested yet.

With this commit me_cleaner is able to remove the majority of the FTPR
modules, going from the original code size of 2.0 MB (no AMT) or 6-7 MB
(AMT) to ~300 kB of compressed code.
2017-08-03 23:07:43 +02:00
Nicola Corna
4d0c002e41 Merge pull request #47 from vanillajonathan/patch-1
Fix capitalization of class name
2017-07-30 19:00:57 +02:00
Jonathan
c17a196216 Fix capitalization of class name 2017-07-25 02:18:56 +02:00
Nicola Corna
d527d809e9 Merge pull request #40 from movermeyer/patch-1
Minor typo fix
2017-07-01 17:20:59 +02:00
Michael Overmeyer
cc5a367aec minor typo 2017-06-03 10:46:44 -04:00
Nicola Corna
ab871afb9f Update README.md 2017-05-16 10:24:25 +02:00
Nicola Corna
518445323b Fix FPT checksum calculation for ME11 2017-05-04 15:55:21 +02:00
Nicola Corna
ba885fa9fc Remove NR >= 2 check
It seems that the NR value doesn't really matter, as it is equal to 0 in some
images. The presence of a particular region is tied to the condition
region_end > region_start.
2017-05-04 15:55:15 +02:00
Nicola Corna
0ac4b4bfd4 Add --truncate 2017-03-17 15:31:00 +01:00
Nicola Corna
250b2ec123 Add safety margin on truncation
It seems that Intel ME requires some data after the last valid byte, as
truncating the image just after the last byte does not work.
For now this "safety margin" has been set to 4 blocks (16 kB).
2017-02-17 13:50:40 +01:00
Nicola Corna
2987431acd Increase minimum FTPR offset to 0x400 2017-02-07 09:44:45 +01:00
Nicola Corna
3ef0b5570d Add --descriptor 2017-02-05 15:46:26 +01:00