MetalMonday/me_cleaner
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Tool for partial deblobbing of Intel ME/TXE firmware images. me_cleaner is a Python script able to modify an Intel ME firmware image with the final purpose of reducing its ability to interact with the system. Intel ME Intel ME is a co-processor integrated in all post-2006 Intel boards, which is the base hardware for many Intel features like Intel AMT, Intel Boot Guard, Intel PAVP and many others. To provide such features, it requires full access to the system, including memory (through DMA) and network access (transparent to the user). Unlike many other firmware components, the Intel ME firmware can't be neither disabled nor reimplemented, as it is tightly integrated in the boot process and it is signed. This poses an issue both to the free firmware implementations like coreboot, which are forced to rely on a proprietary, obscure and always-on blob, and to the privacy-aware users, who are reasonably worried about such firmware, running on the lowest privilege ring on x86. What can be done Before Nehalem (ME version 6, 2008/2009) the ME firmware could be removed completely from the flash chip by setting a couple of bits inside the flash descriptor, effectively disabling it. Starting from Nehalem the Intel ME firmware can't be removed anymore: without a valid firmware the PC shuts off forcefully after 30 minutes, probably as an attempt to enforce the Intel Anti-Theft policies. However, while Intel ME can't be turned off completely, it is still possible to modify its firmware up to a point where Intel ME is active only during the boot process, effectively disabling it during the normal operation, which is what me_cleaner tries to accomplish.
20 commits 2 branches 3 tags 217 KiB
Python 100%
Find a file
Nicola Corna 42ba8e84ab Find and remove the fragmented Huffman chunks 
Previously the Huffman modules were removed by wiping all the data between
the first and the last chunk. Unfortunately the modules are often
fragmented: the chunks are not in a linear order, sometimes repeated and
sometimes shared between different modules.

This commit removes each chunk individually, after checking it's not used
by a fundamental module.
2017-01-17 11:33:18 +01:00
COPYING Initial commit 2016-11-14 13:32:12 +01:00
me_cleaner.py Find and remove the fragmented Huffman chunks 2017-01-17 11:33:18 +01:00
README.md Minor README.md fix 2017-01-05 11:25:46 +01:00

README.md

ME cleaner

A cleaner for Intel ME images.

This tools removes any unnecessary partition from an Intel ME firmware, reducing its size and its ability to interact with the system. It should work both with Coreboot and with the factory BIOS.

Currently this tool:

  • Scans the FPT (partition table) and checks that everything is correct
  • Removes any partition entry (except for FTPR) from FPT
  • Removes any partition except for the fundamental one (FTPR)
  • Removes the EFFS presence flag
  • Corrects the FPT checksum
  • Removes any LZMA-compressed module (pre-Skylake only)
  • Removes most of the Huffman-compressed modules (pre-Skylake only)

Don't forget to power cycle your PC after flashing the modified ME image (power off and power on, not just reboot).

See the current status in the wiki.

Special thanks to Federico Amedeo Izzo for his help during the study of Intel ME.