Hi,
I tried flashing the mainboard biod chip with me_cleaner externally, however, it does not boot after modification. It boots with original image though. It has this output from ifdtool and me_cleaner and it is Skylake:
File /home/pi/pcnotpmread1.bin is 16777216 bytes
FLMAP0: 0x00040003
NR: 0
FRBA: 0x40
NC: 1
FCBA: 0x30
FLMAP1: 0x58100208
ISL: 0x58
FPSBA: 0x100
NM: 2
FMBA: 0x80
FLMAP2: 0x00310330
PSL: 0x3103
FMSBA: 0x300
FLUMAP1: 0x000006df
Intel ME VSCC Table Length (VTL): 6
Intel ME VSCC Table Base Address (VTBA): 0x000df0
ME VSCC table:
JID0: 0x001740ef
SPI Componend Device ID 1: 0x17
SPI Componend Device ID 0: 0x40
SPI Componend Vendor ID: 0xef
VSCC0: 0x20252025
Lower Erase Opcode: 0x20
Lower Write Enable on Write Status: 0x50
Lower Write Status Required: No
Lower Write Granularity: 64 bytes
Lower Block / Sector Erase Size: 4KB
Upper Erase Opcode: 0x20
Upper Write Enable on Write Status: 0x50
Upper Write Status Required: No
Upper Write Granularity: 64 bytes
Upper Block / Sector Erase Size: 4KB
JID1: 0x001840ef
SPI Componend Device ID 1: 0x18
SPI Componend Device ID 0: 0x40
SPI Componend Vendor ID: 0xef
VSCC1: 0x20252025
Lower Erase Opcode: 0x20
Lower Write Enable on Write Status: 0x50
Lower Write Status Required: No
Lower Write Granularity: 64 bytes
Lower Block / Sector Erase Size: 4KB
Upper Erase Opcode: 0x20
Upper Write Enable on Write Status: 0x50
Upper Write Status Required: No
Upper Write Granularity: 64 bytes
Upper Block / Sector Erase Size: 4KB
JID2: 0x001820c2
SPI Componend Device ID 1: 0x18
SPI Componend Device ID 0: 0x20
SPI Componend Vendor ID: 0xc2
VSCC2: 0x20452045
Lower Erase Opcode: 0x20
Lower Write Enable on Write Status: 0x50
Lower Write Status Required: No
Lower Write Granularity: 64 bytes
Lower Block / Sector Erase Size: 4KB
Upper Erase Opcode: 0x20
Upper Write Enable on Write Status: 0x50
Upper Write Status Required: No
Upper Write Granularity: 64 bytes
Upper Block / Sector Erase Size: 4KB
OEM Section:
00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
10: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
20: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
30: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Found Region Section
FLREG0: 0x00000000
Flash Region 0 (Flash Descriptor): 00000000 - 00000fff
FLREG1: 0x0fff0200
Flash Region 1 (BIOS): 00200000 - 00ffffff
FLREG2: 0x01ff0003
Flash Region 2 (Intel ME): 00003000 - 001fffff
FLREG3: 0x00020001
Flash Region 3 (GbE): 00001000 - 00002fff
FLREG4: 0x00007fff
Flash Region 4 (Platform Data): 07fff000 - 00000fff (unused)
FLREG5: 0x00007fff
Flash Region 5 (Reserved): 07fff000 - 00000fff (unused)
FLREG6: 0x00007fff
Flash Region 6 (Reserved): 07fff000 - 00000fff (unused)
FLREG7: 0x00007fff
Flash Region 7 (Reserved): 07fff000 - 00000fff (unused)
FLREG8: 0x00007fff
Flash Region 8 (EC): 07fff000 - 00000fff (unused)
Found Component Section
FLCOMP 0x125c00f5
Dual Output Fast Read Support: not supported
Read ID/Read Status Clock Frequency: 48MHz
Write/Erase Clock Frequency: 48MHz
Fast Read Clock Frequency: 48MHz
Fast Read Support: supported
Read Clock Frequency: 17MHz
Component 2 Density: UNUSED
Component 1 Density: 16MB
FLILL 0xad604221
Invalid Instruction 3: 0xad
Invalid Instruction 2: 0x60
Invalid Instruction 1: 0x42
Invalid Instruction 0: 0x21
FLPB 0xc7c4b9b7
Flash Partition Boundary Address: 0x9b7000
Found PCH Strap Section
PCHSTRP0: 0x00900000
PCHSTRP1: 0x00000100
PCHSTRP2: 0x00000000
PCHSTRP3: 0x00000000
PCHSTRP4: 0x00000000
PCHSTRP5: 0x00010000
PCHSTRP6: 0x00000100
PCHSTRP7: 0x00000000
PCHSTRP8: 0x00000000
PCHSTRP9: 0x00000000
PCHSTRP10: 0x00030000
PCHSTRP11: 0x00000100
PCHSTRP12: 0x00000000
PCHSTRP13: 0x00000000
PCHSTRP14: 0x00000000
PCHSTRP15: 0x00010000
PCHSTRP16: 0x00000100
PCHSTRP17: 0x00000000
Found Master Section
FLMSTR1: 0x00a00b00 (Host CPU/BIOS)
EC Region Write Access: disabled
Platform Data Region Write Access: disabled
GbE Region Write Access: enabled
Intel ME Region Write Access: disabled
Host CPU/BIOS Region Write Access: enabled
Flash Descriptor Write Access: disabled
EC Region Read Access: disabled
Platform Data Region Read Access: disabled
GbE Region Read Access: enabled
Intel ME Region Read Access: disabled
Host CPU/BIOS Region Read Access: enabled
Flash Descriptor Read Access: enabled
FLMSTR2: 0x00c00d00 (Intel ME)
EC Region Write Access: disabled
Platform Data Region Write Access: disabled
GbE Region Write Access: enabled
Intel ME Region Write Access: enabled
Host CPU/BIOS Region Write Access: disabled
Flash Descriptor Write Access: disabled
EC Region Read Access: disabled
Platform Data Region Read Access: disabled
GbE Region Read Access: enabled
Intel ME Region Read Access: enabled
Host CPU/BIOS Region Read Access: disabled
Flash Descriptor Read Access: enabled
FLMSTR3: 0x00800800 (GbE)
EC Region Write Access: disabled
Platform Data Region Write Access: disabled
GbE Region Write Access: enabled
Intel ME Region Write Access: disabled
Host CPU/BIOS Region Write Access: disabled
Flash Descriptor Write Access: disabled
EC Region Read Access: disabled
Platform Data Region Read Access: disabled
GbE Region Read Access: enabled
Intel ME Region Read Access: disabled
Host CPU/BIOS Region Read Access: disabled
Flash Descriptor Read Access: disabled
FLMSTR5: 0xffffff00 (EC)
EC Region Write Access: enabled
Platform Data Region Write Access: enabled
GbE Region Write Access: enabled
Intel ME Region Write Access: enabled
Host CPU/BIOS Region Write Access: enabled
Flash Descriptor Write Access: enabled
EC Region Read Access: enabled
Platform Data Region Read Access: enabled
GbE Region Read Access: enabled
Intel ME Region Read Access: enabled
Host CPU/BIOS Region Read Access: enabled
Flash Descriptor Read Access: enabled
Found Processor Strap Section
???: 0x00000000
???: 0x80108012
???: 0x00000295
???: 0xffffffff
`
Full image detected
The ME/TXE region goes from 0x3000 to 0x200000
Found FPT header at 0x3010
Found 11 partition(s)
Found FTPR header: FTPR partition spans from 0x4000 to 0xab000
Found FTPR manifest at 0x4478
ME/TXE firmware version 11.0.0.1163
Removing extra partitions…
Removing extra partition entries in FPT…
Removing EFFS presence flag…
Correcting checksum (0x0b)…
Reading FTPR modules list…
FTPR.man (uncompressed, 0x004478 - 0x00507c): NOT removed, partition manif.
rbe.met (uncompressed, 0x00507c - 0x005112): NOT removed, module metadata
kernel.met (uncompressed, 0x005112 - 0x0051a0): NOT removed, module metadata
syslib.met (uncompressed, 0x0051a0 - 0x005204): NOT removed, module metadata
bup.met (uncompressed, 0x005204 - 0x00568a): NOT removed, module metadata
pm.met (uncompressed, 0x00568a - 0x005738): NOT removed, module metadata
syncman.met (uncompressed, 0x005738 - 0x0057ce): NOT removed, module metadata
vfs.met (uncompressed, 0x0057ce - 0x006122): NOT removed, module metadata
evtdisp.met (uncompressed, 0x006122 - 0x0062b0): NOT removed, module metadata
loadmgr.met (uncompressed, 0x0062b0 - 0x0063d8): NOT removed, module metadata
busdrv.met (uncompressed, 0x0063d8 - 0x00677c): NOT removed, module metadata
gpio.met (uncompressed, 0x00677c - 0x006888): NOT removed, module metadata
prtc.met (uncompressed, 0x006888 - 0x006a20): NOT removed, module metadata
policy.met (uncompressed, 0x006a20 - 0x006be8): NOT removed, module metadata
crypto.met (uncompressed, 0x006be8 - 0x006d72): NOT removed, module metadata
heci.met (uncompressed, 0x006d72 - 0x006f0e): NOT removed, module metadata
storage.met (uncompressed, 0x006f0e - 0x0071e6): NOT removed, module metadata
pmdrv.met (uncompressed, 0x0071e6 - 0x00730a): NOT removed, module metadata
maestro.met (uncompressed, 0x00730a - 0x0073ee): NOT removed, module metadata
fpf.met (uncompressed, 0x0073ee - 0x0074e0): NOT removed, module metadata
hci.met (uncompressed, 0x0074e0 - 0x00768a): NOT removed, module metadata
fwupdate.met (uncompressed, 0x00768a - 0x007792): NOT removed, module metadata
ptt.met (uncompressed, 0x007792 - 0x007884): NOT removed, module metadata
touch_fw.met (uncompressed, 0x007884 - 0x0079c0): NOT removed, module metadata
rbe (Huffman , 0x0079c0 - 0x00aac0): NOT removed, essential
kernel (Huffman , 0x00aac0 - 0x019a80): NOT removed, essential
syslib (Huffman , 0x019a80 - 0x02c640): NOT removed, essential
bup (Huffman , 0x02c640 - 0x052580): NOT removed, essential
pm (LZMA/uncomp., 0x052580 - 0x054f00): removed
syncman (LZMA/uncomp., 0x054f00 - 0x055440): removed
vfs (LZMA/uncomp., 0x055440 - 0x05d080): removed
evtdisp (LZMA/uncomp., 0x05d080 - 0x05eb00): removed
loadmgr (LZMA/uncomp., 0x05eb00 - 0x061880): removed
busdrv (LZMA/uncomp., 0x061880 - 0x064540): removed
gpio (LZMA/uncomp., 0x064540 - 0x0659c0): removed
prtc (LZMA/uncomp., 0x0659c0 - 0x066740): removed
policy (LZMA/uncomp., 0x066740 - 0x06cb80): removed
crypto (LZMA/uncomp., 0x06cb80 - 0x07c580): removed
heci (LZMA/uncomp., 0x07c580 - 0x080600): removed
storage (LZMA/uncomp., 0x080600 - 0x084bc0): removed
pmdrv (LZMA/uncomp., 0x084bc0 - 0x086380): removed
maestro (LZMA/uncomp., 0x086380 - 0x088fc0): removed
fpf (LZMA/uncomp., 0x088fc0 - 0x08a9c0): removed
hci (LZMA/uncomp., 0x08a9c0 - 0x08b240): removed
fwupdate (LZMA/uncomp., 0x08b240 - 0x08fc80): removed
ptt (LZMA/uncomp., 0x08fc80 - 0x0a3a80): removed
touch_fw (LZMA/uncomp., 0x0a3a80 - 0x0ab000): removed
Relocating FTPR from 0x4000 - 0xab000 to 0x3400 - 0xaa400…
Adjusting FPT entry…
Moving data…
The ME minimum size should be 339968 bytes (0x53000 bytes)
The ME region can be reduced up to:
00003000:00055fff me
Setting the HAP bit in PCHSTRP0 to disable Intel ME…
Removing ME/TXE R/W access to the other flash regions…
Extracting the descriptor to “ifd_shrinked.bin”…
Modifying the regions of the extracted descriptor…
00003000:001fffff me → 00003000:00055fff me
00200000:00ffffff bios → 00056000:00ffffff bios
Extracting and truncating the ME image to “me_shrinked.bin”…
Checking the FTPR RSA signature of the extracted ME image… VALID
Checking the FTPR RSA signature… VALID
Done! Good luck!
What could I try? I tried removing the TPM-Chip I was using for Bitlocker, I also tried disabling tpm beforehand in BIOS (before flashing and using me-cleaner). I also tried several me_cleaner options like -S or -t or none of them.