Hi, All ! Tell me, please, can I take the ME region, which is protected, without SPI Programmer? I tried several soft for this (Intel FPT, Copernicus, Chipsec), tried to use InsydeFlash with creation backup existing rom. In all cases i received ME Region, filled with 0x00 or 0xFF... P.s.: FPT result with error "The host CPU does not have read access to the target flash areas..." Some information about my Insyde H2O) Spoiler Intel (R) Flash Programming Tool. Version: 8.1.51.1476 Copyright (c) 2007 - 2013, Intel Corporation. All rights reserved. Number of LPC Devices supported: 174 LPC Device Id: 1E57. Platform: Intel(R) HM77 Express Chipset Initializing SPI utilities Reading HSFSTS register... Flash Descriptor: Valid Region Limits as programmed into the SPI Registers FREG0 - DESC Region:Base Address: 0x000000 Limit : 0x000FFF FREG1 - BIOS Region:Base Address: 0x180000 Limit : 0x5FFFFF FREG2 - ME Region:Base Address: 0x001000 Limit : 0x17FFFF FREG3 - GbE Region:Base Address: 0x1FFF000 Limit : 0x000FFF FREG4 - PDR Region:Base Address: 0x1FFF000 Limit : 0x000FFF Address Limit 0x600000 Maximum Memory 6144kB --- Flash Devices Found --- W25Q32BV ID:0xEF4016 Size: 4096KB (32768Kb) W25Q16BV ID:0xEF4015 Size: 2048KB (16384Kb) Using hardware sequencing. Reading region information from flash descriptor. Base: 0x000000, Limit: 0x000FFF Base: 0x180000, Limit: 0x5FFFFF Base: 0x001000, Limit: 0x17FFFF FW Status Register1: 0x1E000245 FW Status Register2: 0x300A0106 --- Flash Image Information -- Signature: VALID Number of Flash Components: 2 Component 1 - 4096KB (32768Kb) Component 2 - 2048KB (16384Kb) Regions: Descriptor - Base: 0x000000, Limit: 0x000FFF BIOS - Base: 0x180000, Limit: 0x5FFFFF ME - Base: 0x001000, Limit: 0x17FFFF GbE - Not present PDR - Not present Master Region Access: CPU/BIOS - ID: 0x0000, Read: 0x0B, Write: 0x0A ME - ID: 0x0000, Read: 0x0D, Write: 0x0C GbE - ID: 0x0118, Read: 0x08, Write: 0x08 Total Accessable SPI Memory: 6144KB, Total Installed SPI Memory : 6144KB FW Status Register1: 0x1E000245 FW Status Register2: 0x300A0106 Current ME State ( 0x3 ) : Policy FPT Operation Passed Spoiler Intel(R) MEInfo Version: 8.1.56.1541 Copyright(C) 2005 - 2014, Intel Corporation. All rights reserved. FW Status Register1: 0x1E000245 FW Status Register2: 0x300A0106 CurrentState: Normal ManufacturingMode: Disabled FlashPartition: Valid OperationalState: M0 with UMA InitComplete: Complete BUPLoadState: Success ErrorCode: No Error ModeOfOperation: Normal ICC: Valid OEM data, ICC programmed Get ME FWU OEM Id command...done FW Capabilities value is 0x1101C60 Feature enablement is 0x1101C60 Platform type is 0x12420321 GBE Region does not exist. Intel(R) ME code versions: BIOS Version: F.25 MEBx Version: 0.0.0.0000 Gbe Version: Unknown VendorID: 8086 PCH Version: 4 FW Version: 8.1.0.1248 UNS Version: 8.1.10.1300 LMS Version: 8.1.10.1300 MEI Driver Version: 8.1.10.1275 Wireless Hardware Version: 0.2.70 Wireless Driver Version: 15.4.1.1 FW Capabilities: 0x01101C60 Intel(R) Anti-Theft Technology - PRESENT/ENABLED Intel(R) Capability Licensing Service - PRESENT/ENABLED Protect Audio Video Path - PRESENT/ENABLED Intel(R) Dynamic Application Loader - PRESENT/ENABLED Level III Manageability Upgrade State: Upgrade Capable CPU Upgrade State: Not Upgradable Cryptography Support: Disabled Last ME reset reason: Power up Local FWUpdate: Enabled Get BIOS flash lockdown status...done BIOS Config Lock: Enabled Get flash master region access status...done Host Read Access to ME: Disabled Host Write Access to ME: Disabled SPI Flash ID #1: EF4016 SPI Flash ID VSCC #1: 20052005 SPI Flash ID #2: EF4015 SPI Flash ID VSCC #2: 20052005 SPI Flash BIOS VSCC: 20052005 Protected Range Register Base #0 0x570 Protected Range Register Limit #0 0x5FF Protected Range Register Base #1 0x0 Protected Range Register Limit #1 0x0 Protected Range Register Base #2 0x0 Protected Range Register Limit #2 0x0 Protected Range Register Base #3 0x0 Protected Range Register Limit #3 0x0 Protected Range Register Base #4 0x0 Protected Range Register Limit #4 0x0 BIOS boot State: Post Boot OEM Id: 00000000-0000-0000-0000-000000000000 Capability Licensing Service: Enabled P.s.: 1. i'm not find in PCHInitDxe any checks bit №5 in BIOS_CNTL, only his initialization with some value; 2 RWEverything says, what BLE=1(Lock Enabled) and SMM_BWP=1 (BIOS region SMM protection is enabled) Thanks.
aler+, I do think such software can be found somewhere deep inside intel.com, but there is none I know or used. All motherboards I know capable of descriptor override are doing it by using GPIO line connected to HDA_SDO, i.e. built-in pinmod.
From readme for me_tools: "me_util.py ======== This script allows you to send HECI (MEI) messages to the ME..." From "Manufacturing with Intel ME 8.x on Intel 7 series / C216 chipset family" (11.2011): "HMRFPO = Host ME Region Flash Protection Override. This message allow the BIOS (or a software tool working through the BIOS) to request that the ME Region of SPI Flash be temporarily unlocked..." So I thought that I could send a message "HMRFPO" to the ME region and it will be temporarily unlocked. And i wanted to use for this me_tools... I mistaken? P.s.: about Igor works: i read his presentation from Breakpoint 2014 - very nice job...
Sorry to bother you @CodeRush, but I'm experiencing some problems flashing the patched BIOS. I get an error "failed, wrong image format". I'm running an MSI GE70 2OE File-names etc. are correct (same as org.) and the output of the path process is: patch: replaced 10 bytes at offset 0x00001366 75080FBAE80F89442430 -> EB080FBAE80F89442430 Image patched I appreciate any help, but totally understand if it's too much to ask. Kind regards, Peter
Thanks CodeRush. I've tried that, both the patched kernel and the KernelPM=true flag in Clover, still get early reboot. Installing osx works fine though. I'm a bit clueless right now...
Thanks for the DTS Key sticker i have one off a old board which no longer works i was going to use this but its 4 characters to sort do i just put some random numbers in front of it ?
I was going to use it to make a UUID but the DTS key is 4 characters to sort to use as a UUID thanks.
Umm after changing my MAC ADDRESS with the FD44Editor the driver will no longer load it says This device cannot start (Code 10) {Operation Failed} The requested operation was unsuccessful Could this be a problem with using the FD44Editor on my bios image flashing without editing the image using FD44Editor it works just fine? Note I'm using a programmer not DOS . Using a programmer should mean i don't need to run gberefl in DOS FD44Editor shouldn't corrupt the image. i get PDR Region does not exist when running gberefl and it doesn't fix the problem with my Internet controller. Any help on fixing this would be much appreciated i can go on using the default bios image from Asus but would like to get my Mac Address back if possible thanks.