On Intel Cannonlake H (300) Series chipsets such as QM370, Q370, B360, H370, H310, Z390, C242, C246, HM370, CM246 and QMS380 with Intel ME 12, the High Assurance Platform bit has been moved to PCHSTRP32.

My testing board is an ASROCK H370M-ITX/ac. With this patch, I get the usual good signs of ME disablement. ME disappeared from the PCI bus and the OEM bios shows ME version 0.0.0.0.

This patch is the very definition of bare minimum. A proper implementation would consist of parsing the CSE Partition Layout Table to locate the Boot Partition Descriptor Table and then finding a type 2 entry (FTPR). (Like how @platomav 's wonderful MEAnalyzer does)

Other than that, we would probably benefit from a cleaner way of tracking the HAP bit and matching that to specific chipsets. I think the best option there involves parsing the MFS and checking the "008"/"Home Directory" partition's "bup/bup_sku/plat_n_sku", which holds an SKU identifier inside the BIOS image. My current understanding is that any SKU identifier corresponds to a set PCH strap layout and hence a HAP bit position in the rom.

I can confirm that this works on Clevo/Sager P95XER series notebooks (Tested with a P955ER) with ME12.

Original BIOS backup (using Intel FPT)

python ./me_cleaner.py -c ORIGINAL_BIOS.bin
Full image detected
Found FPT header at 0x2000
Found 7 partition(s)
Found FTPR header: FTPR partition spans from 0x88000 to 0x88000
Found FTPR manifest at 0x88250
ME/TXE firmware version 12.0.40.1433 (generation 4)
Public key match: Intel ME, firmware versions 12.x.x.x
The HAP bit is NOT SET
Checking the FTPR RSA signature... VALID

Applying me_cleaner with this pull request #282

python ./me_cleaner.py -s -O PATCHED_BIOS.bin ORIGINAL_BIOS.bin
Full image detected
Found FPT header at 0x2000
Found 7 partition(s)
Found FTPR header: FTPR partition spans from 0x88000 to 0x88000
Found FTPR manifest at 0x88250
ME/TXE firmware version 12.0.40.1433 (generation 4)
Public key match: Intel ME, firmware versions 12.x.x.x
The HAP bit is NOT SET
Setting the HAP bit in PCHSTRP32 to disable Intel ME...
Checking the FTPR RSA signature... VALID
Done! Good luck!

Backup after flashing me_cleaner patched BIOS (patched BIOS flashed using Intel FPT, backup using Intel FPT)

python ./me_cleaner.py -c NEW_BACKUP.bin
Full image detected
Found FPT header at 0x2000
Found 7 partition(s)
Found FTPR header: FTPR partition spans from 0x88000 to 0x88000
Found FTPR manifest at 0x88250
ME/TXE firmware version 12.0.40.1433 (generation 4)
Public key match: Intel ME, firmware versions 12.x.x.x
The HAP bit is SET
Checking the FTPR RSA signature... VALID

Output of Intel CSME MEInfo after flashing me_cleaner patched BIOS

sudo ./MEInfo
Intel (R) MEInfo Version: 12.0.40.1433
Copyright (C) 2005 - 2019, Intel Corporation. All rights reserved.


Error 198: ME disabled.

Per #3 (comment), this PR was required and works fine for me on a Coffee Lake system.

Hi!

I have a brand new Lenovo E490 with ME 12.0.1427.35

• Whiskey Lake
• i7-8565U
• tested with -s and -s

The bios chip is very easy to access. So i have created a dump with flashrom.

After flashing the patched image.
lspci shows:

• 00:16.0 Communication controller: Intel Corporation Device (rev 30) 0x9de0

Intelmetool say on the first device 0x9de0:

MEI found: [8086:9de0] Device 9de0

ME Status   : 0xa0000245
ME Status 2 : 0xf10506

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : YES
ME: Manufacturing Mode      : NO
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Normal
ME: Current Operation State : M0 with UMA
ME: Current Operation Mode  : Normal
ME: Error Code              : No Error
ME: Progress Phase          : ROM Phase
ME: Power Management Event  : Clean Moff->Mx wake
ME: Progress Phase State    : (null)

ME: Extend Register not valid

ME: Firmware Version 12.0.1427.35 (code) 12.0.1427.35 (recovery) 12.0.1427.35 (fitc)

ME Capability: Full Network manageability                 : OFF
ME Capability: Regular Network manageability              : OFF
ME Capability: Manageability                              : OFF
ME Capability: Small business technology                  : OFF
ME Capability: Level III manageability                    : OFF
ME Capability: IntelR Anti-Theft (AT)                     : OFF
ME Capability: IntelR Capability Licensing Service (CLS)  : ON
ME Capability: IntelR Power Sharing Technology (MPC)      : OFF
ME Capability: ICC Over Clocking                          : OFF
ME Capability: Protected Audio Video Path (PAVP)          : ON
ME Capability: IPV6                                       : OFF
ME Capability: KVM Remote Control (KVM)                   : OFF
ME Capability: Outbreak Containment Heuristic (OCH)       : OFF
ME Capability: Virtual LAN (VLAN)                         : ON
ME Capability: TLS                                        : OFF
ME Capability: Wireless LAN (WLAN)                        : OFF

Laptop is working normaly, no shutdown after 30 mins. 

I think, ME12 is ignoring the HAP Bit.

Hi @roema ! :)
I think it is unlikely that any ME versions lack the HAP bit behaviour. I'm suspecting that the Whiskey Lake PCH layout is different. Can you send me your original BIOS dump?

Hi @dt-zero !!

Thanks for you message!
Yes! Here is the link E490

Thanks for your work!!

@roema Okay, I see what happened here :)

This is the Cannonlake LP variant with a different PCH strap layout. Fixing this in the general case will take some more work, but for now, we can work around this. Try this version.
I'm glad if you find my contributions useful 🎉

me_cleaner.py

@dt-zero you are the best!
It seems to be working!

Now the device /dev/eim0 is gone and in UEFI BIOS no ME Version shown.

Thank you very much!

This works on MSI B360 Gaming plus as well. I used the me_cleaner.py file from this pull request's commit.

The one posted as a text file did not work (it reported success using me_cleaner.py -c, but when flashed did not neutralize the me)

@beaker23 Glad to hear it works for you as well!

For future reference, there is Cannonlake-H series ( QM370, Q370, B360, H370, H310, Z390, C242, C246, HM370, CM246, QMS380) and Cannonlake-LP. I'm not sure which chipsets are in LP, but generally, if you have ME 12 and its not one of the H series I listed, it is probably LP. The script from the commit is for H series, the one I attached is for LP. Making one script that is compatible with both would involve (like the original message mentions) parsing the ME file system to identify the SKU or something similar. I'm not sure to what extent @corna would like to see me_cleaner modified to accommodate this so I tried to make my changes as small as possible. (Which has its ups and downs as you can see)

Commit from PR works on Z390M-ITX/AC.

Hello @dt-zero, the me_cleaner.py for LP variant of cannonlake you posted is identical to the one from the commit, is there some kind of mix-up there ? The commit variant did nothing for me, I have the LP variant.

On another note since you seem pretty knowledgeable, what can you say about the "Temporarily disable" mode of ME ? It's an hidden option in my BIOS that I can enable and makes ME totally disappear from the PCI bus and no tool can interact with it afterwards , it's doing more than HAP/AltMeDisable on my desktop computer it seems.

Hi @suut , there is a difference between the two, its the offset in the PCH strap region. LP is offset 0x70, while Cannonlake-H is 0x80. If you have an LP board, use the python script I attached. (Not the one from the commit)

Functionality wise, the HAP bit does the same. If you successfully enable the HAP bit, the ME disappears from the PCI bus and no tool will be able to interact with it.

Hi @suut , there is a difference between the two, its the offset in the PCH strap region. LP is offset 0x70, while Cannonlake-H is 0x80. If you have an LP board, use the python script I attached. (Not the one from the commit)

Functionality wise, the HAP bit does the same. If you successfully enable the HAP bit, the ME disappears from the PCI bus and no tool will be able to interact with it.

I meant the two files were byte-for-byte equal but I guess I mixed up downloads, thank you for your feedback, I will try again now.

On another note, how did you find the offset ? Using Intel FIT, toggling the "Reserved" setting and looking at which offset in the image the bit was toggled ? So like at byte 371 for Cannonlake-LP

I meant the two files were byte-for-byte equal but I guess I mixed up downloads, thank you for your feedback, I will try again now.

On another note, how did you find the offset ? Using Intel FIT, toggling the "Reserved" setting and looking at which offset in the image the bit was toggled ? So like at byte 371 for Cannonlake-LP

They are definitely not equal byte-for-byte or otherwise.

My understanding is that Intel (CS)ME System Tools (which include FIT) are not publicly released to end-users but only to OEMs, so naturally I would not try obtain them in any way.

However, purely theoretically, had someone done that, they could extract the platform descriptor XMLs from FIT and use grep to find a sequence of entries that had the same distribution of bits between fields as with Intel ME 11. That way, they could find out that the old entry that used to be called "reserve_hap" is now "PCH_Strap_CSME_CSE_CSME_Reserved". The same xml node would specify the offset and which bit of that entry controls the HAP mode.

I meant the two files were byte-for-byte equal but I guess I mixed up downloads, thank you for your feedback, I will try again now.
On another note, how did you find the offset ? Using Intel FIT, toggling the "Reserved" setting and looking at which offset in the image the bit was toggled ? So like at byte 371 for Cannonlake-LP
So
They are definitely not equal byte-for-byte or otherwise.

My understanding is that Intel (CS)ME System Tools (which include FIT) are not publicly released to end-users but only to OEMs, so naturally I would not try obtain them in any way.

However, purely theoretically, had someone done that, they could extract the platform descriptor XMLs from FIT and use grep to find a sequence of entries that had the same distribution of bits between fields as with Intel ME 11. That way, they could find out that the old entry that used to be called "reserve_hap" is now "PCH_Strap_CSME_CSE_CSME_Reserved". The same xml node would specify the offset and which bit of that entry controls the HAP mode.

Oh I see, thanks for the information !

So for other people interested by some googling we can find cnp_h_rvp.xml and cnp_lp_rvp.xml which contain the PCH straps for Cannonlake H and Cannonlake LP respectively. (I don't know if these documents are too touchy to link in here, feel free to tell me if I need to edit)

@dt-zero Success! This worked on my Dell 7060 MFF (Intel Q370 / Cannon Lake). Dumped the bios via FPT, cleaned it with your me_cleaner patch using the -s for HAP bit enable, flashed it back and it works.
There's no info in the BIOS about ME, but Linux can't find anything about it using Intel and other tools, even with the mei kernel modules loaded.

sudo ./intelmetool -d -m
ME PCI device is hidden
RCBA addr: 0x00000000
Can't find ME PCI device

There's no ME device on lspci, and me_cleaner -c says:

Full image detected
Found FPT header at 0x4000
Found 7 partition(s)
Found FTPR header: FTPR partition spans from 0x168000 to 0x168000
Found FTPR manifest at 0x168268
ME/TXE firmware version 12.0.40.1433 (generation 4)
Public key match: Intel ME, firmware versions 12.x.x.x
The HAP bit is SET
Checking the FTPR RSA signature... VALID

I tried deactivating the hap bit on the asus ws z390 pro but no luck. I get an infinite boot loop. I also tried differently recreating the bios using others tools with hap bit on, same result.

Tried this on my machine - sound doesn't work and it takes over a minute to boot ... is this the intended outcome?

EDIT: Is it possible that ME 12 could be supported by whitelisting some more of the modules?

Intel (R) Firmware Update Utility Version: 12.0.65.1567
Copyright (C) 2005 - 2020, Intel Corporation. All rights reserved.

Checking firmware parameters...

Warning: Do not exit the process or power off the machine before the firmware update process ends.

Error 509: Mandatory partitions (FTPR / NFTP / RBEP) were not found in the Update Image.

@MattBJ I fixed it for your version, attached below.

Run it with python me_cleaner.py -s orig.bin -O cleaned.bin

me_cleaner.py.txt

@MattBJ the PCH strap configuration is different for all these platforms, that's what I'm changing most of the time, however in your case I also added the ME14 public key to the list, just to clear the associated warning. Let me know if you achieve the desired results, cheers! 😃

@MattBJ

So fingers crossed this works! I really appreciate your work, and everybody else's here.

Awesome, good luck!

If I wanted to neutralize and shrink the ME section of the ROM, would I just do this:

Changing the layout of the rom, such as shrinking or deleting partitions is not supported since the IFWI format (starting from ME12) was introduced. The original script here only allowed you to do that, because it didn't recognize ME 14, since I only hardcoded that check for ME12. (Which was the latest version when I wrote that code)
So no shrinking or deleting partitions, unless you add support yourself, sorry ☹️

Also, if you happened to know, what would be the general purpose of shrinking this portion?

As far as I'm aware, the purpose of shrinking, would probably be to gain more usable space on the BIOS chip, which would come handy in case of using a custom BIOS like Coreboot. I wouldn't worry about that with the OEM bios.

And, also, when getting bios updates, will I always have to scrub out the ME or will that piece be unaffected throughout the life of the motherboard unless I decide to revert to my saved original copies?

BIOS updates will restore the flash's content, so you will have to do this procedure every time you update your BIOS.

Once again thank you for your time!

You're welcome, I'm glad people are showing interest in this, so at least on paper Intel has some incentives to fix their crap.

@dt-zero

Confirmed working on a Lenovo Yoga X390 20NN00F8GE with ME 12.0.35.1427 (Cannonlake-LP). Attached a CH341A programmer to the BIOS chip next to the PCIe SSD (a 256MBit MXIC MX25l25673G that flashrom recognized as MX25L25635F/MX25L25645G, though it handled the IC without a hitch). Binary diff shows that me_cleaner set the bit 0 at address 0x173 (from 0x18 to 0x19), otherwise the dumps before and after are equal.

ME Version in BIOS setup is gone, as well as /dev/mei0. Great success! I noticed two things though.

• I did several BIOS updates (1.69 -> 1.72 -> 1.74 -> 1.76) and the HAP bit was not reset in any of them. Apparently the Lenovo BIOS update scenario does not handle it.
• There is a concerning power drain when the machine is off (about 10% per day). This happens only after setting the HAP bit. Not a big concern for me as I mainly use the machine with power sockets in reach, though I worry a little for battery degradation. Maybe it has something to do with the PMIC? Did you guys measure power consumption when your machines are off?

Anyway, I would like to thank you for the time that you invested into me_cleaner for handling ME12. Do you think the recent Intel leaks could advance this project further? Is there even still interest in this? The last commit dates back to 2018...

@MattBJ and @dt-zero are you or anyone else able to confirm whether setting the High Assurance Platform bit and soft-disabling the ME still works on platforms with ME versions above version 12?

Hi, can you tell me if it is still possible to enable HAP on 11th gen?
I want to buy new Hardware but I can't find any information about the intel ME stuff that is not horrendously outdated.
Thx In advance.

I tired to enable it with -s command and it didn't work. You can download my BIOS dump and test it. I hope that @dt-zero can help us with this issue.

Okay, so since this pull request got a lot of traffic since I opened it, let me say something now.
I love how many of you are enthusiastic about having a less proprietary and more open platform, I'm really glad to see that.

At the same time, my expectation when I opened this pull request was that it may or may not be merged but that it's going to be a reference point for @corna to help with the maintenance of the project. Since then, this grew to the size that it's taking up significant chunks of my time to keep supporting each and every one of you who reaches out on github or via email. I did this research on my own time but otherwise I'm full time working for a company (Zero IT Lab) that requires me to do a ton of other stuff during the daytime. It's becoming hard to balance that and it's unsustainable for me to dedicate significant free time to keep up with this.

I'll try to answer this set of questions that piled up until now (in my next comment), but please don't "expect" my support. Realistically speaking, since the project seems abandoned by corna, it's probably time for a fork/rewrite. It could be a company project for us, if there was financial backing to do it at reasonable market rates; but that kind of interest does not seem to be there. From my experience, most of the people who reach out to me are private individuals who do this for the enthusiastic/educational aspect. (and therefore don't want to/can't afford that kind of backing)
If that ever changes, we'll probably pick the project up; otherwise unfortunately I cannot dedicate more of my time.

@joex2021 The HAP offset for your rom is 0x196. 0x0 = Hap disabled; 0x1 = Hap enabled.
Make a copy of your bios rom and edit it like so

printf '\x01' | dd of=z590_copied.bin bs=1 seek=406 count=1 conv=notrunc

It will edit the file ("z590_copied.bin") in place and enable the HAP bit. Flash and you should be good. (No guarantees)

@helios-chad Yes, it is possible. As I showed above, we are still enabling the HAP bit on ME 15 which is more up to date. I haven't had any issues as long as you are on a consumer (CSME) platform and not TXE like @DodoDude700.

@dt-zero thank you for trying help us here, I understand all what you wrote and I totally agree with you.
I have been following this project since I head about the ME dangers back in 2018 and I watched your video about intel ME, it is really sad that this great project is dying, I wish I had that advanced knowledge to help.
Can you explain lite bit more how to edit the BIOS rom? Do I need a special tool to open and edit the BIOS rom?

Thank you for your help and patience.

@joex2021 You are welcome. What I wrote is a command you can execute under a linux terminal environment to edit the BIOS rom, no special tool needed. (just paste into a terminal)
If you are not on linux, you can use WSL or something similar. Alternatively, you can use a hex editor to perform the same thing.

@dt-zero Thanks again for the help. Unfortunately I couldn't test your method, I had to return that motherboard due to VRM heating problem, I ordred an Asus Z590-P instead. I will try the suggested solution when it arrives and I will report the result here.

@MattBJ I fixed it for your version, attached below.

Run it with python me_cleaner.py -s orig.bin -O cleaned.bin

me_cleaner.py.txt

just dropping in to say this modified me_cleaner.py script also worked like a charm on my z490 board (once I built flashrom from the latest dev build to be able to recognize the chip)

thankyou @dt-zero !

Pull #282 works flawless on a Clevo N350TW (Schenker Dock 15 L2018). BIOS Menu shows IME FW version 0.0.0.0. No more HECI present on the PCI bus. No problems so far with Linux. Even suspend and the docking station works fine.

@dt-zero the modified me_cleaner.py doesn't work for me. my pc just bootloops with the py file in this PR, and that py file boots but doesn't disable ME:

ME Status   : 0x90000255
ME Status 2 : 0x6f10506

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : YES
ME: Manufacturing Mode      : YES
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Normal
ME: Current Operation State : M0 with UMA
ME: Current Operation Mode  : Normal
ME: Error Code              : No Error
ME: Progress Phase          : ROM Phase
ME: Power Management Event  : Pseudo-global reset
ME: Progress Phase State    : (null)

ME: Extend Register not valid

Error mapping physical memory 0x0000000269578240 [0x2000] ERRNO=1 Operation not permitted
Could not map ME setup memory.
Do you have kernel cmdline argument 'iomem=relaxed' set ?

NOTE: iomem=relaxed is set so I dunno what intelmetool's problem is

❯ python3 me_cleaner.py -s orig.bin -O cleaned.bin
Full image detected
Found FPT header at 0x211000
Found 8 partition(s)
Found FTPR header: FTPR partition spans from 0x20000 to 0x20000
Found FTPR manifest at 0x20250
ME/TXE firmware version 12.0.70.1652 (generation 4)
Public key match: Intel ME, firmware versions 12.x.x.x
The HAP bit is NOT SET
Setting the HAP bit in PCHSTRP28 to disable Intel ME...
Checking the FTPR RSA signature... VALID
Done! Good luck!

❯ python3 me_cleaner.py -c cleaned.bin 
Full image detected
Found FPT header at 0x211000
Found 8 partition(s)
Found FTPR header: FTPR partition spans from 0x20000 to 0x20000
Found FTPR manifest at 0x20250
ME/TXE firmware version 12.0.70.1652 (generation 4)
Public key match: Intel ME, firmware versions 12.x.x.x
The HAP bit is SET
Checking the FTPR RSA signature... VALID

UEFI also correctly gives the ME firmware version.

Here's my firmware bins (orig.bin and cleaned.bin)
me cleaner stuff.zip

Board: MSI-Z390-A Pro
CPU: Intel Core i7 8086k

@Absolucy quick diff check shows

that you modified the wrong bit. I'm guessing that you used the script for LP boards, his original script should have worked.

I set it for you using dd anyway (didnt bother with anything else)
hapset.zip

also has anyone tried setting it on an alder lake board? im considering buying a new pc soon and id like to know if it still works. i'm assuming it does (in one way or another) given its original intended purpose, although with every new platform it could always change. if anyone would be willing to test or upload a dump of their rom id be interested to take a look

edit:
I looked at a few roms for z690 (alder lake) boards and the exact hap offset seems to be 0x1DE
printf "\x$(($(xxd -b -l 1 -seek 478 -p poop.bin) ^ 1))" | dd of=poop.bin bs=1 seek=478 count=1 conv=notrunc
that should work for any z690 board if anyone wants to give it a try (run it in the same folder as the rom you want to edit, and obviously change poop.bin to whatever the rom is called, if it doesnt work for you then post ur dumps and ill take a look)

@ritalinaddict Original script just bootloops...

@Absolucy well try using the rom I posted, it should work fine

the HAP bit should be properly set now

@ritalinaddict thanks for your Alder Lake suggestion. I tried it on an MSI PRO Z690-A DDR4 motherboard, using version 120 but unfortunately it boot loops.

I might be doing something stupid, so I'll list the steps I took:

1. Download 7D25v12 BIOS for the motherboard
2. Unzip the E7D25IMS.120 file (MD5 of which is 033f6452147c4c6b0822fcd6b91321db)
3. Open file in hex editor and go to byte 0x1DE. Existing value is 0x10
4. Update byte with the '1' bit set - new value is 0x11 and file has MD5 of bbdd9e5179fe28772934ca6a4af42601
5. Flash updated file - result is a boot loop. Flashing unmodified BIOS file works fine.

Greetings to all chat participants concerned about cleaning Intel ME.
I recently did THIS. On the motherboard Intel_Core_i9-10900K_@_ASUS_ROG_STRIX_Z490-G – everything is successful, except for fainting at the end of the process and the "stub" from the device remaining in the Manager.

Details and Details…
I used the firmware version 14.1.53.1649V1.1 offered by the native support site, processed by the utility me_cleaner.py , presented above. I flashed Intel ME with the utility MEUpdateTool_14.1.53.1649V1.1_T – before I flashed the BIOS – which is probably wrong. At the end of the process, I received a completely non–working computer - even the fans did not turn on. I came out of this state by pressing the computer power button five times, provided there is no battery, because the BIOS was not reset in any other way. After that, the BIOS started, the test signals of the motherboard passed, after which I went into the BIOS and found, against the background of everything working, the absence of a hard drive connection. It was necessary to update the BIOS with the firmware supplied with the Intel ME firmware.

It has been working fine for 2 weeks.

There is an assumption that it is necessary to reset the newly stitched BIOS to the standard settings before updating Intel ME, while it may not faint so deeply when flashing Intel ME.

Anyone who wishes can try and unsubscribe.

RUS

Приветствую всех участников чата, озабоченных очисткой Intel ME.
Недавно я сделал ЭТО. На материнской плате Intel_Core_i9-10900K_@_ASUS_ROG_STRIX_Z490-G – всё удачно, за исключением обморока в конце процесса и остающегося в Диспетчере «огрызка» от устройства.

Детали и подробности…
Использовал прошивку версии 14.1.53.1649V1.1 предлагаемую родным сайтом поддержки, обработанную утилитой me_cleaner.py, представленной выше. Прошивал Intel ME утилитой MEUpdateTool_14.1.53.1649V1.1_T – до того, как прошил БИОС – что, наверное, неправильно. По окончании процесса получил полностью не работающий комп – даже вентиляторы не включались. Вышел из этого состояния путём пятикратного нажатия кнопки включения компьютера, при условии отсутствия батарейки, ибо по-другому БИОС не сбрасывался. После этого БИОС запустился, прошли тестовые сигналы материнки, после чего зашёл в БИОС и обнаружил, на фоне всего работающего отсутствие подключения винчестера. Нужно было обновить и БИОС прошивкой, поставляемой вместе с прошивкой Intel ME.

Уже 2 недели работает нормально.

Существует предположение, что нужно перед обновлением Intel ME сбросить только что прошитый БИОС к стандартным настройкам, при этом может не упадёт в обморок настолько глубоко при прошивке Intel ME.

Кто желает, может попробовать и отписаться.

Many thanks to @dt-zero for the modified version, I tried it on my 8th gen NUC and it worked great. I wrote a guide explaining how to do this: How to Disable IME on Intel NUCs.

If you don't mind, I also forked your modified version in my guide.

Szia @dt-zero, I tried to use me_cleaner.py and flashed the cleaned ROM in my MSI Godlike Z390 motherboard to use with i9-9900K but BIOS still shows ME version. Guess, I couldn't do it properly. I would be grateful if you could look into my BIOS dump and provide a ME disabled version.
Many thanks in advance.
orig_z390.zip

I tried deactivating the hap bit on the asus ws z390 pro but no luck. I get an infinite boot loop. I also tried differently recreating the bios using others tools with hap bit on, same result.

I'm also getting bootloop continuously even with correct HAP bit set manually using printf '\x11' | dd of=orig_z390.bin bs=1 seek=386 count=1 conv=notrunc.

The way I get my board back working is to switch to another BIOS using the hardware BIOS switch and flash the OEM version to the other chip.

Any help from someone would be awesome.

I tried deactivating the hap bit on the asus ws z390 pro but no luck. I get an infinite boot loop. I also tried differently recreating the bios using others tools with hap bit on, same result.

I'm also getting bootloop continuously even with correct HAP bit set manually using printf '\x11' | dd of=orig_z390.bin bs=1 seek=386 count=1 conv=notrunc.

The way I get my board back working is to switch to another BIOS using the hardware BIOS switch and flash the OEM version to the other chip.

Any help from someone would be awesome.

Unfortunately we won't get any more help, this project is simply dead. but there is still hope ;-). There is another method that worked for me on my Z590 and 11 gen CPU. Just read the research made by Positive Technologies and you will be able to disable it permanently and it will stay disabled even after performing BIOS updates . Good luck.

Greetings to all free IT specialists, participants of this branch.

I respect people trying to get rid of corporate bookmarks. I myself 3 months ago with the help of your branch got rid of Intel.me , I wrote about it above and I want to share my impressions of it. What has clearly changed is that the reaction to cookies has become somewhat different. Before removing the ME for the computer, there were no problems determining my location for websites and stores, now 50% does not guess.
The OS behavior regarding power supply has changed somewhat. Every time you enter sleep mode, an error with the code 137 is recorded in the system log "The system firmware changed the registers of the processor memory type range (MTRR) when switching to sleep mode (S4). This may slow down the resumption of work." – this error is not described very well, so I am not 100% sure that it is due to the removal of ME.
There is a wish for the ME removal utility – it should be in the format of an independent exe file, since it is inconvenient that you have to install a Python interpreter, then all the additions for compilation and finally compile without confidence that everything is correct, especially since you are doing this for the first time in your life.
2 the utility itself should offer a choice, for example, whether to remove the trusted computing platform, or, for example, power controls.
Because with a broken trusted computing platform, it is impossible to install Win 11.
If we can edit the firmware file *.bin without recompilation, then maybe we could do it more cleanly, so that after the firmware we didn't have to forcibly revive the computer.
I am not an experienced person in the field of firmware editing, but I would be glad to receive from you the tools that allow you to study the firmware *.bin yourself.
And maybe modify it.
Here comes the thought that maybe we should create our own starter firmware called "Sancho Pancha" – squire, which would work the same as ME or even better – but without unpleasant effects and make it open source. Such firmware could serve the computer during downtime, or could show the desired information in the top line of the screen even if the CPU is turned off.

Gaivoronsky B.Yu.

RUS…
Приветствую всех свободных айтишников, участников этой ветки.

Я уважаю людей старающихся избавится от закладок корпораций. Я сам 3 месяца назад с помощью вашей ветки избавился от Intel.me, я писал об этом выше и хочу поделиться впечатлениями от этого. Явно изменилось то, что реакция на куки стала несколько иной. До удаления МЕ для компьютера не было проблем определить моё местоположение для сайтов и магазинов, сейчас в 50% не угадывает.
Несколько изменилось поведение ОС в отношении электропитания. При каждом выходе в спящий режим в системный журнал записывается ошибка с кодом 137 «Встроенное ПО системы изменило регистры диапазона типа памяти процессора (MTRR) при переходе в спящий режим (S4). Это может замедлить возобновление работы.» – эта ошибка описана не очень хорошо, поэтому не уверен на 100% что она именно из-за удаления МЕ.
Есть пожелание к утилите удаления МЕ – она должна находиться в формате независимого exe файла, так как неудобно то, что приходится ставить интерпретатор Питон, потом все дополнения для компиляции и наконец компилировать без уверенности что всё правильно, тем более что делаешь это первый раз в жизни.
2 сама по себе утилита должна предлагать выбор, например, нужно ли удалить платформу доверенных вычислений, или например, элементы управления питанием.
Потому что с неработающей платформой доверенных вычислений невозможно установить Win 11.
Если мы можем редактировать файл прошивки *.bin без рекомпиляции, то может быть, могли бы сделать это более чисто, так что после прошивки не приходилось принудительно оживлять компьютер.
Я человек не опытный в области редактирования прошивок, но был бы рад получить от вас инструменты, позволяющие самому, изучит прошивку *.bin.
И может быть модифицировать её.
Тут приходит мысль о том, что не создать ли собственную стартовую прошивку под названием «Санчо Панча» – оруженосец, которая работала бы так же, как МЕ или ещё лучше – но без неприятных эффектов и сделать её с открытым кодом. Такая прошивка могла бы обслуживать компьютер во время простоя, либо могла бы показывать желаемую информацию в верхней строке экрана если даже центральный процессор выключен.

Гайворонский Б.Ю.

Приветствую всех свободных айтишников, участников этой работы. Я уважаю людей старающихся избавится от закладок корпораций. Я сам 3 месяца назад с помощью этой ветки #282 избавился от Intel.me, я писал об этом там выше и хочу поделиться впечатлениями от этого. Явно изменилось то, что реакция на куки стала несколько иной. До удаления МЕ для компьютера не было проблем определить моё местоположение для сайтов и магазинов, сейчас в 50% не угадывает. Немного изменилось поведение ОС в отношении электропитания. При каждом выходе в спящий режим в системный журнал записывается ошибка с кодом 137 «Встроенное ПО системы изменило регистры диапазона типа памяти процессора (MTRR) при переходе в спящий режим (S4). Это может замедлить возобновление работы.» – эта ошибка описана не очень хорошо, поэтому не уверен на 100% что она именно из-за удаления МЕ.
Есть пожелание к утилите удаления МЕ – она должна находиться в формате независимого exe файла, так как неудобно то, что приходится ставить интерпретатор Питон, потом все дополнения для компиляции и наконец компилировать без уверенности что всё правильно, тем более что делаешь это первый раз в жизни.
2 сама по себе утилита должна предлагать выбор, например, нужно ли удалить платформу доверенных вычислений, или например, элементы управления питанием.
Потому что с неработающей платформой доверенных вычислений невозможно установить Win 11.
Если мы можем редактировать файл прошивки *.bin без рекомпиляции, то может быть, могли бы сделать это более чисто, так что после прошивки не приходилось принудительно оживлять компьютер.
Я человек не опытный в области редактирования прошивок, но был бы рад получить от вас инструменты, позволяющие самому, изучит прошивку *.bin.
И может быть, модифицировать её.
Тут приходит мысль о том, что не создать ли собственную стартовую прошивку под названием «Санчо Панча» – оруженосец, которая работала бы так же, как МЕ или ещё лучше – но без неприятных эффектов и сделать её с открытым кодом. Такая прошивка могла бы обслуживать компьютер во время простоя, либо могла бы показывать желаемую информацию в верхней строке экрана если даже центральный процессор выключен.
Исходя из вышеописанных похождений я призываю вашу компанию обдумать поднятый вопрос и может быть создать такую прошивку.
Я рассуждаю так – у меня сейчас сильно усечённая МЕ от Intel и компьютер за исключением мелочей работает нормально. Если бы можно было к кончу работающей части приставить соответствующее продолжение, можно было бы добиться совершенно другой прошивки, которая могла бы следить за температурой всех критических устройств. Так же можно внести сочетание клавиш, которое открывало бы терминал управляющий прошивкой, поддержкой ограниченного количества команд Unix.
Так же в тексте выше я высказывал желание посмотреть на софт позволяющий изучать прошивки. Если сочтёте возможным, сообщите мне названии и версии работающего софта.
Гайворонский Б.Ю. [email protected]
https://www1.fips.ru/fips_servl/fips_servlet?DB=RUPAT&rn=8018&DocNumber=2584454&TypeFile=html

Привет!

Я имею компьютер на базе ASUS Z490 – 2 года назад я по вашей инструкции уменьшал функциональность intel ME, тогда всё прошло хорошо за исключением того, что в BIOS пропала поддержка SATA... Я прошил следующую версию BIOS и всё исправилось. Сейчас сайт поддержки предлагает очередную версию BIOS, и вопрос – могу ли я сейчас прошивать эту версию BIOS, без прошивки ME?

Version 3201
8.81 MB 2025/01/02
SHA-256 :5E2B37AD041D2EC75C9795B8A2A0F25C6584660B32D57377DAABDBB72AF4FF8E
"1. Updated Minimum CRB patch for Intel IPU 2024.3
2. Updated ASUS Secure Boot variables for system stability.
3. Updated Microcode for IPU OOB 2024.1 to address CVE-2023-23583.
4. Applied patches for SA50221, SA50202, SA50212, and SA50219 security vulnerabilities.
5. Implemented Intel-SA-50204 security update (IPU2023.4).

“Before BIOS update, please download Intel ME update tool from ASUS support site, and update ME firmware to Version 14.1.75.2420 to ensure optimized system settings.”

И ещё вопрос - чем лучше прошивать картинку которая грузится перед BIOS?

Гайворонский Борис

Lots of interesting stuff to ingest, thank you!

--

Note:
I am currently working on a new tool with clear data structures and parsing separated from logic, so I'm checking the PRs here to see what else I can integrate; see
https://github.com/platform-system-interface/intel_fw