I have been working with a Panasonic Toughbook, and I think that I have come across a very nifty protection mechanism on the part of the Manufacturer.
It seems that the BIOS is managing to disable BIOS, ME, and GbE write permissions upon loading. I have set, and can verify the ME permissions after boot (according to what has been assigned - 0xFF), but I think that messages are being sent to the PCH by BIOS to close down writing. This is immediately evident when attempting a DMI edit - nothing takes. The only exception is when one uses the Panasonic ‘asset tag’ utility, which requires a reboot to apply.
I am pondering that this utility is setting some code in one of the BIOS modules (which a dump shows a proprietary DMI edit), and makes the changes after ME has loaded, and just before BIOS locks the bits.
Any thoughts? Does anyone know of some code out there to make ‘on the fly’ changes to the PCH (ivy bridge) R/W permissions?
Perhaps FPT.exe -FOVS?
If the system has a locked Flash Descriptor you cannot disable that protection via any tool unless the OEM has implemented and enabled the HMRFPO message at BIOS or has a jumper to disable the descriptor in place which when triggered disables the protection until the next reboot.
If you tried to unlock the flash descriptor with FPT or similar you most probably didn’t achieve anything in the first place. It’s not that you were successful but the BIOS re-applied the lock at the next boot. Sometimes OEMs release some special tools that work with their motherboards and trigger the implemented jumper to temporarily disable the flash descriptor and allow ME write access. Example is Clevo’s MESet tool etc…