Software ME disable and HAP bit in BIOS setup #111
Comments
|
I'm very interested in this feature for the Z690 board. If it is easier in terms of development, I think most people who want this feature are fine HAP being set in the bin file, and you need to flash the ME section to enable or disable ME. |
|
Dasharo users should know the difference between Intel ME disabled state and neutralised ME. We receive quite a lot of demands if we can neutralise Intel ME (which is not possible (yet)). If anyone reads this and believe that this is an important function for the future, please comment! |
|
I think being able to neutralize the Intel ME backdoor is of great importance. What has to be done in order to move forward regarding this task? |
|
I'd like to comment that I think it certainly be a very important function for Dasharo to either neutralise or at least disable Intel ME. Intel ME is an obscure system that has privileged access and thus presents very grave security and privacy issues. I pay Intel for their chips, but I don't want that to come with potential backdoors into my computer! |
|
Looks like somebody discovered the HAP location for newer ME versions: corna/me_cleaner#384 |
|
Did a quick test on NovaCustom NV4x with Dasharo v1.2.1, and it seems to work correctly. As expeted with TGL-U, disabling ME breaks suspend mode (prevents the CPU package from going into C-state C10, causing high power usage), but I imagine some users would accept that as a tradeoff As for Z690, unfortunately that PR does not implement Alder Lake support. |
|
Yes, it doesn't work with the Z690 / ME v16 I tried it on the Z690 dump, and it just fails while processing the rom |
|
If you're ready to make some tests and not afraid to potentially (very low risk I believe) damage your motherboard (flashing externally is crucial in case it doesn't boot), I can try to find the HAP bit for Intel ME 16 and add support to me_cleaner if you send me your BIOS, we can maybe figure this out. We can talk about this in XMPP, IRC or anything. |
|
You can download my rom here https://drive.proton.me/urls/TJTSPK5960#8asKbIr7icmg The external programming is a bit more difficult, I have a handheld wson test probe, but I need to completely disassemble my desktop PC to use it. |
I see, sadly you would need to probably flash it around 10-20 times to be sure it's working. Though once it's done, I'll send you a new BIOS ROM to test with, the idea to find it will be mostly simple if I'm allowed to say it legally, but I tested this method on my laptop before and it worked. The problem will be later to find the real HAP bit location, which will need probably around 7-8 flashes, depends really on the location of the HAP bit offset so it can be used with me_cleaner this way. |
|
This may work, if it doesn't or it doesn't boot, let me know, I'll try something different. https://xutaxkamay.com/bios_test_hap.rom Using XMPP (you can use Dino or Gajim) might be easier you can contact me at admin@xutaxkamay.com |
|
I assume I only need to flash the ifd section of the rom?, not having to flash the full 32 MB image would make it a lot easier. I can try to flash it tomorrow when I get home from work. |
Yes you only need to flash the IFD region (0x1000 bytes at address 0). :) I believe to have found for Intel ME 16, redownload the BIOS again, and tell me if it works. |
|
I wasn't able to read the ifd with the eprom programmer I have, which makes not want to try and flash the firmware, at least not until I found some way to recover in case it fails. I'm pretty sure flipping 0x1DE has already been tested, and it results in a boot loop. The official flashrom says the ifd is skylake and 17mhz is the only valid frequency, and the dasharo flashrom doesn't support the ch341a_spi programmer I'm using. |
That's not what causes the boot loop I think, the boot loop is a different problem as dt-zero said on my pull request here: corna/me_cleaner#384 (comment) Basically your BIOS could have been signed and that's why it could boot loop. If you can't externally program, there's indeed no safe way to do it. Sorry to say. |
|
This guy tried 0x1DE with the stock msi firmware corna/me_cleaner#282 (comment) But you could be right, and it could possibly work with coreboot firmware, but I do think this is a big maybe. It did make me wonder if the stock firmware has some recovery option, it at least didn't seem like he bricked his motherboard and was able to just reflash the stock firmware. |
I didn't know it was found before, but if it boot loops, If it just doesn't boot at all then yes in that case it might be the wrong offset and this is possible according to my research due to different chipsets or ME subversions apparently. Usually desktop motherboards have a pin header which connects to SPI flash chip so that you can connect with a raspberrypi or something similar, it is probably not documented but it should be visible. EDIT: |
|
The Dasharo documentation explains how to connect to the flash using the pins on the motherboard, but for it to work, you need to solder a wire to pin 1 on the flash. I would prefer not having to solder the wire to the motherboard, the chip is the wson https://docs.dasharo.com/variants/msi_z690/development/#hardware-connection There is also no way to know if a raspberry pie is going to have the same issue as the ch341a. I did try using the latest git version of flashrom, it gave me the same error. The Dasharo documentation says you need to define the spi speed when using an external programmer, I'll try that today and see if it makes a difference. |
|
Is it a WSON-8 BIOS chip? I successfully flashed one of our laptops with such a BIOS chip without soldering by using this clip and the ch341a programmer. https://www.aliexpress.com/item/1005001830846980.html?spm=a2g0o.order_list.0.0.7fd91802wpld5n (Version WSON 8x6 strengthen) But I am not sure if that motherboard has a WSON-8 BIOS chip. Also, I am not sure if the particular BIOS chip is supported by flashrom. |
|
I'm using a similar test probe, and flashrom detects the chip. It says the chip type is experimental, but it seems to work. My main issue is that hold the probe by hand for the full 32 MB flash is extremely difficult, for any chance of this to work I would need to fully disassemble the desktop system and take out the motherboard, and even then it would be difficult to hold the probe perfectly still for the full duration. Flashing an 8 MB chip with the probe often takes me more than one try, but 32 MB make it exponentially more difficult to hold the probe for that long. I was testing the ch341a with --ifd, and it was given me a warning that it couldn't read ifd. If I can read ifd I was hoping I would do something --ifd -i ifd to only flash the ifd region. When I use --ifd it just says the chip looks like skylake, but it can't read the ifd at 17mhz, and that 17mhz is the only valid setting for skylake. |
|
I believe it's difficult because there are no 'pins' that keep the programmer clip on the right place? With the clip I mentioned, I added another retaining clip and put something that weights a bit on that so that I didn't need to hold the clip with my hand. Admittedly, it was a pain to get it on the exact right place but it's feasible. If you would like, I can try again and send you a picture. |
|
I got it working, I was using --ifd -i ifd and not -i fd Now I can read and write only the fd region without any issue. I tried flipping 0x1DE, it seems to work, I can't see mei is /sys/class or with lsmod I'll leave the system running for 30 min to see if the CPU locks. |
|
. . . xD Well let me know. It sounds good though. |
|
This is from my initial test running Linux/Ubuntu, the CPU didn't lock and mei is removed In Qubes OS, I have iwlmei that is trying to use mei, but there is no device reference i /sys/class/mei and the onboard wifi is no longer working. I personally don't use the onboard wifi, so I don't are about that issue, and everything else seems to be working. |
|
Looks good! I hope it is stable! |
|
@renehoj Just to confirm, you are succeeding with flipping that 0x1DE bit on coreboot? Not OEM firmware? I'm starting to lean on the side of this "boot loop" thing some people are experiencing is probably the result of some new validation in the OEM firmware. I don't necessarily mean the capsule signing, as that should not affect the PCH strap region where the HAP bit is located, but some other interaction from a UEFI driver. |
|
I have only tested with Dasharo/coreboot v1.0.0, I have not tested the MSI firmware, and I used an external programmer til update the fd region. I don't know if it matters, but maybe the person who flashed the OEM firmware used the manufacture's tools to write the rom, maybe it doesn't work if you manipulate the bin file. |
|
Yes, we should. |
|
Nice. I move this issue to column DONE. |
|
Is it possible to implement this feature for our NovaCustom-Dasharo devices? |
|
@wessel-novacustom yes, it definitely is. Although some drawbacks will be probably inevitable (we saw HAP breaks the sleep functionality). |
|
Cool, definitely as a BIOS option! :-) I'll discuss the matter with @macpijan in our meeting tomorrow. For those who follow this post, I will leave an update here. |
@wessel-novacustom Any update? |
|
@davidhealey Our developer's are still working on this. An update is expected in February. Let's hope no stability issues will be found, we will have to test this extensively this month. |
Good morning. |
|
Good morning @sateuwdie , we have integrated the ME disable option into the Alder Lake laptop line, however we are struggling with different issues that delay our release at the moment. |
|
Thanks for answer, I have a i7-1260P. is Alder Lake? |
|
@sateuwdie yes, it is Alder Lake -P processor for mobile devices, also used in Novacsutom laptops. |
|
Thanks for answer, I will wait for the new bios release. |
Will this feature be possible in the Tiger Lake laptops also? |
Yes it is possible. However, we did not integrate it yet into TGL series. |
|
Do you plan on integrating it in the future? |
|
It is not on the priority list right now, but we might put it on the roadmap with @wessel-novacustom after we deal with the more urgent problems. |
|
We would need to know how many users are interested in this for our TGL devices. The effort (and thus the costs) are quite high, so it's only feasible if we have enough feedback of NovaCustom TGL device owners who want to have this feature. |
|
The firmware for NS5x/7x 12th Gen is finally Arrived! |
|
Here is how you can verify it: https://docs.dasharo.com/unified-test-documentation/dasharo-security/20F-me-neuter/ |
|
Thanks. must return nothing. And this one |
|
Just saying, sometimes, even if the PCI device is still present, ME might be still software disabled, I would use MEInfo for your specific Intel ME version where you can get from winraid: https://winraid.level1techs.com/c/special-topics/intel-management-engine/24//none
Here is a desirable output aswell, (it is actually better because you can really confirm to some extent that it has been disabled). I'm maybe also repeating myself, but sometimes, some CSME FPT Tools have versions where you can use -MEALTDISABLE option with another argument (which sets the HAP bit and doing some other things):
|
@Sbeve42 : It's financially unfeasible to realise this feature for our Tiger Lake devices as these devices are out of production, so the NV40 Series will be EOL once all units have been sold. The cost to integrate this feature will probably be somewhere between 500 and 2500 EUR. I will ask my team to make an estimation for this so we can discuss this. If we can get a few device owners together; all able to contribute to this feature, we would be happy to contribute as well and to actually integrate this feature. I think the first good step is to gather as many people as possible wanting this feature for our TGL laptops. I think everyone should reply on Github in public, right here ;-). |
Count me in! (you know I've purchased a NV40 TGL device from you due to recent communication ) :-) You and 3mdeb are doing great work; having modern and powerful hardware in combination with open firmware readily available at a reasonable price is very valuable, and we still see it too rarely, I think. It's completely understandable that contributing and integrating this feature for NV40 TGL would have a non-trivial cost associated with it, and that there is little, if any, financial incentive for you at this point. As a happy NV40 TGL device owner, I was waiting for this feature to land in an update, and reading this thread has seen me simultaneously disappointed and encouraged. Even if the devices are no longer produced, they may serve their owners for years to come still. I'm not ready to pay for all of it myself, unfortunately.. but maybe we can indeed get something going if enough people come forward here. There are probably also users who aren't even aware of IME and that it's in principle possible to disable it. If there was a pot where people could chip in to make this easier for Wessel, I would be happy to participate. Is there some way I could donate? :-) I'm a fairly technical-minded person and would be happy to help with testing in case something manifests. I have also thought about trying to build a modified image just for myself, since it looks like a lot can be gleaned from corna/me_cleaner#384 and Dasharo/coreboot#280 (the docs at https://docs.dasharo.com are also very insightful, thank you folks!). But that would be a waste since nobody else would benefit from it, since it would certainly void any previous warranty and support claims, and I certainly wouldn't want to, nor be able to provide any form of support for it as well. Sort of a side-argument, slightly nit-picky: And, on the one hand, https://configurelaptop.eu/coreboot-laptop/ says:
(emphasis mine) I ordered my device in accordance with the statement of 5 years of security updates, which was already on configurelaptop.eu when I ordered it. As far as IME specifically is concerned, one is justified in arguing that an option to turn it off is security-relevant—the quote above says this implicitly as well (although, granted, that paragraph did not yet mention the possibility when I ordered my device, and when it did, it did make the restriction that it's only provided for selected models). And on the other hand:
The Tiger Lake CPU generation itself was launched in 2020, so even by a generous calculation I would have expected security updates until sometime in 2025. Normally, when I think "EOL", I think "no updates whatsoever anymore", so that has me a bit confused now. Could you please clarify? Granted, labelling the introduction of an IME-off feature as a security update might be a bit of a stretch depending on your viewpoint (e.g. in the strict sense that no known CVE might be fixed this way)—but maybe such a feature could rightfully trade under the name of a "security update"? :-) |
|
@wessel-novacustom okay, makes sense. Thanks. |
|
@zollerd Intel ME disabling options will be added to Dasharo v1.5.0 (NV4x - Tiger Lake and NS5x - Tiger Lake). This is planned for release somewhere around September. |
|
@wessel-novacustom Wohoo, thank you so much! Looking forward to that update. Can't have that with your run-of-the-mill vendor/manufacturer. :D Rest assured that you or Dasharo-supported devices in general will be on my checklist when looking for hardware or recommending something. |
The problem you're addressing (if any)
Proprietary components are controversial, there is a need for a way to disable ME.
Describe the solution you'd like
Add an option to disable ME in the Dasharo setup.
Where is the value to a user, and who might that user be?
The community desires an option to disable ME due to privacy concerns and not only that.
Describe alternatives you've considered
None
Additional context
None
The text was updated successfully, but these errors were encountered: