Tool for partial deblobbing of Intel ME/TXE firmware images. me_cleaner is a Python script able to modify an Intel ME firmware image with the final purpose of reducing its ability to interact with the system. Intel ME Intel ME is a co-processor integrated in all post-2006 Intel boards, which is the base hardware for many Intel features like Intel AMT, Intel Boot Guard, Intel PAVP and many others. To provide such features, it requires full access to the system, including memory (through DMA) and network access (transparent to the user). Unlike many other firmware components, the Intel ME firmware can't be neither disabled nor reimplemented, as it is tightly integrated in the boot process and it is signed. This poses an issue both to the free firmware implementations like coreboot, which are forced to rely on a proprietary, obscure and always-on blob, and to the privacy-aware users, who are reasonably worried about such firmware, running on the lowest privilege ring on x86. What can be done Before Nehalem (ME version 6, 2008/2009) the ME firmware could be removed completely from the flash chip by setting a couple of bits inside the flash descriptor, effectively disabling it. Starting from Nehalem the Intel ME firmware can't be removed anymore: without a valid firmware the PC shuts off forcefully after 30 minutes, probably as an attempt to enforce the Intel Anti-Theft policies. However, while Intel ME can't be turned off completely, it is still possible to modify its firmware up to a point where Intel ME is active only during the boot process, effectively disabling it during the normal operation, which is what me_cleaner tries to accomplish.
Find a file
2017-05-16 10:24:25 +02:00
COPYING Initial commit 2016-11-14 13:32:12 +01:00
me_cleaner.py Fix FPT checksum calculation for ME11 2017-05-04 15:55:21 +02:00
README.md Update README.md 2017-05-16 10:24:25 +02:00

me_cleaner Donation

Intel ME is a coprocessor integrated in all post-2006 Intel boards, for which this Libreboot page has an excellent description. The main component of Intel ME is Intel AMT, and I suggest you to read this Wikipedia page for more informations about it. In short, Intel ME is an unremovable environment with an obscure signed proprietary firmware, with full network and memory access, which poses a serious security threat. Even when disabled from the BIOS settings, Intel ME is active: the only way to be sure it is disabled is to remove its firmware from the flash chip.

Before Nehalem (ME version 6, 2008/2009) the ME firmware could be removed completely from the flash chip by setting a couple of bits inside the flash descriptor, without the need of reverse-engineer the ME firmware.

Starting from Nehalem the Intel ME firmware can't be removed anymore: without a valid firmware the PC shuts off forcefully after 30 minutes. This project is an attempt to remove as much code as possible from such firmware without falling into the 30 minutes window mode.

me_cleaner currently works on most architectures, see me_cleaner status (or its discussion) for more info about them. me_cleaner works also on the TXE and SPS firmware.

If you want to understand how me_cleaner works, you can read the "How does it work?" page.

If you want to apply me_cleaner on your plaform I suggest you to read the "How does it work?" page and then follow the guide "How to apply me_cleaner".

For pre-Skylake firmware (ME version < 11) this tool removes almost everything, leaving only the two fundamental modules needed for the correct boot, ROMP and BUP. The code size is reduced from 1.5 MB (non-AMT firmware) or 5 MB (AMT firmware) to ~90 kB of compressed code.

For Skylake and the later architectures (ME version >= 11), since the internal structure of the partitions is not yet known, the FTPR partition is left intact. The code size is reduced from 1.5 MB/5 MB to ~650 kB of compressed code.

This project is based on the work of the community; in particular I thank Igor Skochinsky, for the core informations about Intel ME and its firmware structure, and Federico Amedeo Izzo, for its help during the study of Intel ME.