Hi,
I’m trying to reproduce [Guide] Increasing NVME and eGPU OPI Link Speed to 4 GT/s on Dell laptops (sorry, I’m not allowed to post links) on a Dell XPS 9343 which requires editing the ME region on flash.
I’ve tried to dump the flash from a UEFI shell (I have a SPI programmer, but would like to try a software approach first), but it won’t allow me to do so:
1
2
3
4
5
6
7
8
9
10
11
12
2
3
4
5
6
7
8
9
10
11
12
Intel (R) Flash Programming Tool. Version: 10.0.30.1054
Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.
Platform: Intel(R) Premium Express Chipset
Reading HSFSTS register... Flash Descriptor: Valid
--- Flash Devices Found ---
W25Q64BV ID:0xEF4017 Size: 8192KB (65536Kb)
Error 26: The host CPU does not have read access to the target flash area. To enable read access for this operation you must modify the descriptor settings to give host access to this region.
MEInfo reveals why (line 24/25):
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
Intel(R) MEInfo Version: 10.0.30.1054
Copyright(C) 2005 - 2014, Intel Corporation. All rights reserved.
Intel(R) ME code versions:
BIOS Version: A20
MEBx Version: 0.0.0.0000
Gbe Version: 0.2
VendorID: 8086
PCH Version: 3
FW Version: 10.0.55.3000 LP
FW Capabilities: 0x31111A40
Intel(R) Capability Licensing Service - PRESENT/ENABLED
Protect Audio Video Path - PRESENT/ENABLED
Intel(R) Dynamic Application Loader - PRESENT/ENABLED
Intel(R) Platform Trust Technology - PRESENT/DISABLED
TLS: Disabled
Last ME reset reason: Power up
Local FWUpdate: Enabled
BIOS Config Lock: Enabled
Host Read Access to ME: Disabled <----------------------
Host Write Access to ME: Disabled <----------------------
SPI Flash ID #1: EF4017
SPI Flash ID VSCC #1: 20252025
SPI Flash BIOS VSCC: 20252025
BIOS boot State: Post Boot
OEM Id: 68853622-eed3-4e83-8a86-6cde315f6b78
Capability Licensing Service: Enabled
OEM Tag: 0x00000000
Localized Language: Unknown
Independent Firmware Recovery: Disabled
Keybox: Not Provisioned
OEM Public Key Hash (FPF): D055309FCDB46EA40A5C3C3320A9CDAB67D613E78777F9F92B49BB8CFBD2F686
OEM Public Key Hash (ME):
ACM SVN FPF: 0x3
KM SVN FPF: 0x0
BSMM SVN FPF: 0x0
FPF ME
--- --
Force Boot Guard ACM: Enabled
Protect BIOS Environment: Enabled
CPU Debug Disabled: Disabled
BSP Initialization Disabled: Disabled
Measured Boot: Disabled
Verified Boot: Enabled
Key Manifest ID: 0xf
Enforcement Policy: 0x3
PTT: Enabled
PTT Lockout Override Counter: 0x0
EK Revoke State: Not Revoked
I extracted IFR data from UEFI and found some interesting variables:
1
2
3
4
2
3
4
One Of: Me FW Image Re-Flash, VarStoreInfo (VarOffset/VarName): 0x5B, VarStore: 0x2, QuestionId: 0x66, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 C9 08 CA 08 66 00 02 00 5B 00 10 10 00 01 00}
One Of: BIOS Lock, VarStoreInfo (VarOffset/VarName): 0x237, VarStore: 0x2, QuestionId: 0x472, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 7A 06 7B 06 72 04 02 00 37 02 10 10 00 01 00}
One Of: SMI Lock, VarStoreInfo (VarOffset/VarName): 0x236, VarStore: 0x2, QuestionId: 0x471, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 74 06 75 06 71 04 02 00 36 02 10 10 00 01 00}
One Of: Disable ME, VarStoreInfo (VarOffset/VarName): 0x76, VarStore: 0x2, QuestionId: 0x70, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 32 09 33 09 70 00 02 00 76 00 10 10 00 01 00}
I proceeded to set Disable ME to 1, BIOS Lock to 0 and finally Me FW Image Re-Flash to 1 using RU.EFI. After a reboot (CTRL+ALT+DEL) ME is disabled (MEInfo returns an error as expected), but I still get the same FPT error. The 'Me FW Image Re-Flash' variable is also reset to 0.
Why doesn't this work? Note: after just toggling 'Me FW Image Reflash' boot seems to take a little longer - I wonder whether that means it fails to boot and reverts to the flash disabled state? Could this have anything to do with Boot Guard (it's enabled)? Other topics suggest ME has to be disabled when setting 'Me FW Image Re-Flash', but that's exactly what I've done..