MetalMonday/me_cleaner
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Tool for partial deblobbing of Intel ME/TXE firmware images. me_cleaner is a Python script able to modify an Intel ME firmware image with the final purpose of reducing its ability to interact with the system. Intel ME Intel ME is a co-processor integrated in all post-2006 Intel boards, which is the base hardware for many Intel features like Intel AMT, Intel Boot Guard, Intel PAVP and many others. To provide such features, it requires full access to the system, including memory (through DMA) and network access (transparent to the user). Unlike many other firmware components, the Intel ME firmware can't be neither disabled nor reimplemented, as it is tightly integrated in the boot process and it is signed. This poses an issue both to the free firmware implementations like coreboot, which are forced to rely on a proprietary, obscure and always-on blob, and to the privacy-aware users, who are reasonably worried about such firmware, running on the lowest privilege ring on x86. What can be done Before Nehalem (ME version 6, 2008/2009) the ME firmware could be removed completely from the flash chip by setting a couple of bits inside the flash descriptor, effectively disabling it. Starting from Nehalem the Intel ME firmware can't be removed anymore: without a valid firmware the PC shuts off forcefully after 30 minutes, probably as an attempt to enforce the Intel Anti-Theft policies. However, while Intel ME can't be turned off completely, it is still possible to modify its firmware up to a point where Intel ME is active only during the boot process, effectively disabling it during the normal operation, which is what me_cleaner tries to accomplish.
42 commits 2 branches 3 tags 217 KiB
Python 100%
Find a file
Nicola Corna 250b2ec123 Add safety margin on truncation 
It seems that Intel ME requires some data after the last valid byte, as
truncating the image just after the last byte does not work.
For now this "safety margin" has been set to 4 blocks (16 kB).
2017-02-17 13:50:40 +01:00
COPYING Initial commit 2016-11-14 13:32:12 +01:00
me_cleaner.py Add safety margin on truncation 2017-02-17 13:50:40 +01:00
README.md Relocate FTPR to the top of the ME region 2017-01-28 23:44:33 +01:00

README.md

ME cleaner

A cleaner for Intel ME/TXE images.

This tools removes any unnecessary partition from an Intel ME/TXE firmware, reducing its size and its ability to interact with the system. It should work both with coreboot and with the factory firmware.

Currently this tool:

  • Scans the FPT (partition table) and checks that everything is correct
  • Removes any partition entry (except for FTPR) from FPT
  • Removes any partition except for the fundamental one (FTPR)
  • Removes the EFFS presence flag
  • Corrects the FPT checksum
  • Removes any non-essential LZMA or Huffman compressed module from the FTPR partition (pre-Skylake only)
  • Relocates the remaining parts of the FTPR partition to the top of the ME region (pre-Skylake only)
  • Checks the validity of the RSA signature of the FTPR partition

Don't forget to power cycle your PC after flashing the modified ME/TXE image (power off and power on, not just reboot).

See the current status or a more detailed description of me_cleaner.

Special thanks to Federico Amedeo Izzo for his help during the study of Intel ME.