Enable KVM AMT on Dell 7060 - it's gone a bit wrong

After sorting out the AMT on my Dell 9020 - Enable KVM AMT on Dell 9020 , I’ve not looked at a Dell 7060. I think I’ve now bricked the machine. I’ll explain.

Using the method I used for in the above post.

- Chipset is 300 Series so I downloaded Intel CSME System Tools v12 r28 - (2020-10-31).
- Run

FPTW64.exe -d hydrogen.bin
 

FPTW64.exe -f (path to outimage.bin)
 

FPTW64.exe -greset
 

FPTW64.exe -f (path to outimage.bin)
 

forgot to add, a copy of the bin file after setting AMT and what was flashed to the pc is at http://www.damtp.cam.ac.uk/user/cm214/tmp/hydrogen.bin

Found the post where is said to turn off the PC after running FTPW64.exe -f outimage.bin - Optiplex 9020 and AMT/ME

[quote=osk866|

One thing I did notice when I run ME Analyser on the initial .bin file was that it said “FWUpdate Support” = “Impossible”

[/quote]

Saying that I have seen this is previous ME Analyser output and the flashing worked fine so I’m not sure if this is a red hearing or not.

What is this hydrogen.bin you linked? Seems that’s the name you gave your first backup of the bios? New builds you named outimage bin?

Please post (again) original unchanged backup/ dump and latest version you flashed.

(The last ‘hydrogen bin’ you attached doesn’t have a valid structure)

Hello.

Hydrogen is the name of the PC I was working on.

The output of the initial bin

fptw64.exe -d
 

, that’s interesting/worry, how did you work this out? When I applied hydrogen.bin with fptw64.exe -f is transferred fine, no errors, nothing to suggest a problem with it. …

111.jpg1208×902 81.9 KB

Opening changed file in UEFItoolNE

112.jpg1197×894 48.4 KB

That’s not a good sign, normally and an easy check. It doesn’t mean that everything is good if there are no errors in the parser, but if the file doesn’t open with that error it’s quite sure it’ll brick…

FPTw doesn’t check, it flashes whatever you give it, checks if flashed content is identical, and if that’s the case it thinks everything is fine.

211.jpg599×557 66.2 KB

But I see all the AMT options enabled in your dump already. Is there a misunderstandable syntax in FIT 12? What am I missing here?

Anyway- do you have a programmer? If not: Buy a CH341 programmer and if chip’s soldered a soic8 clip and if spi is an 1.8V type an 1.8V adapter.

Thanks lfb6, that’s really useful. A few questions/points.

1. I’ve not seen the uefitool tool you show screenshots of, I’ll have to find it and download it, looks handy, it would of saved my from being the state I’m in.

2. Flashing UEFI bios, can we still use the Flash Image Tool and the FPTW tool as we would for older non-UEFI BIOS or do we need to treat UEFI in a different way?

3. The AMT settings as you point out were set to ‘Yes’ but the MEBx F12 menu didn’t show up even with the option to ‘Show the MEBx’ BIOS option ticked. I therefore thought I must of missed something somewhere. I also tried CTRL-P, no good either, I’m not sure this works on newer PCs anyway.

4. I don’t have a programmer. The PC is under warranty so I could fix it this way but it’s made me very nervous flashing any more machines in case I brick these too. To me it seems a gamble if the flashing will work or brick the machine, with around 200 PCs to enable AMT on I don’t feel at all confident I can get this right.

Thanks for your help.

@osk866 Flash Image Tool and the FPTW tool are tools for UEFI bios. They were never available for legacy bios.

As discussed in another thread already- are the conditions for AMT/KVM fullfilled? Chipset seems to be Q370 for all(?), but which processor?

CH341 doesn’t cost too much, if you want to continue with this it’s a meaningful purchase!

The info about this PC - Hydrogen:

Computer Manufacturer"=“Dell Inc.
Computer Model”=“OptiPlex 7060
Processor”="Intel(R) Core™ i5-8500 CPU @ 3.00GHz
Intel(R) 300 Series Chipset Family SATA AHCI Controller
Intel(R) 300 Series Chipset Family LPC Controller (Q370) - A306

The Intel website https://ark.intel.com/content/www/us/en/…o-4-10-ghz.html reports ‘vPro = Yes’.

I’ll look into the CH341, google here I come.

Any idea why MEBx boot menu not visible?

thanks

Which number does the sticker inside the chassis have? See:
https://www.dell.com/support/article/en-…-327359?lang=en
(Other modell, but numbering system is still same)

What does MEInfo -verbose tell you for one of the other 199 machines? Put complete output in spoiler, thanks.

It says ‘AMT/VPRO 1’ which does tie up with the output of hydrogen_orignal.bin so in a way there should be no need to re-flash it but then there doesn’t seem to be a way to configure ME when booting (MEBx).

This I can find out tomorrow when I can physically change the service jumper on one the these 199 machines. I’ll report back with a spoiler.

Thanks

@osk866 No, no- don’t change the service jumper, we need the information in normal state!

from the same spec machine (name of INIPC160 if this matters) …

Having now discovered the ‘UEIFTool’ I ran through the same proceedure as post 1 to make a new outimage.bin for Hydrogen. A copy is at http://www.damtp.cam.ac.uk/user/cm214/tm…ogen_remade.bin . In the UEIFTool it loads without the error I get with my ‘how to brick a PC’ .bin file. Is part of ‘what have we learnt from this post’ is that the resulting outimage.bin file should be loaded into UEFITool first before sending it to the BIOS?

This is what UEFITool shows in the ‘Parser’ tab for the hydrogen_remade.bin file:

FfsParser::parseIntelImage: unknown flash descriptor version 0.0
FfsParser::parseVolumeNonUefiData: non-UEFI data found in volume's free space
FfsParser::parseVendorHashFile: new AMI hash file found
FfsParser::parsePadFileBody: non-UEFI data found in pad-file
FfsParser::findFitRecursive: FIT table candidate found, but not referenced from the last VTF
FfsParser::findFitRecursive: real FIT table found at physical address FFD20100h
 
 

unknown flash descriptor version 0.0
 

@osk866 This isn’t consistent. This machine has a newer ME/PMC firmware and AMT/ TLS is disabled. Might be just updated, or another configuration?

I’m sorry, but it’s necessary to have:
- a firmware dump of this specific machine, too, and
- the value of the service tag of this specific machine, too
(or a set of MEInfo -verbose, service tag value and SPI/Bios dump of the same specific machine)

You don’t happen to have these systems in China, France, Hong Kong, Israel, Korea, Poland, or Russia? (KVM should anyway be possible without TLS, and- just in case- without TPM chip, too)


Intel (R) MEInfo Version: 12.0.70.1652
…
TLS Disabled
…
IUPs Information
PMC FW Version 300.2.11.1020
LOCL FW Version 12.0.24.1314
WCOD FW Version 12.0.24.1314
…
Intel(R) Active Management Technology -
Intel(R) AMT State Disabled
…
AMT Global State Enabled
…

╔════════════════════════════════════════════════╗
║ hydrogen_original.bin (1/1) ║
╟───────────────────────────────┬────────────────╢
║ Family │ CSE ME ║
╟───────────────────────────────┼────────────────╢
║ Version │ 12.0.0.1069 ║
╟───────────────────────────────┼────────────────╢
╔═════════════════════════════════════════════╗
║ Power Management Controller ║
╟─────────────────────────────┬───────────────╢
║ Family │ PMC ║
╟─────────────────────────────┼───────────────╢
║ Version │ 300.2.11.1011 ║


"The No TLS option only applies to the following countries: China, France, Hong Kong, Israel, Korea, Poland, and Russia."
https://www.dell.com/community/Desktops-…MT/td-p/5100084

When I said I have 200 machines to enable AMT I should of explained that they are different models of Dell, they’re not the same as Hydrogen. There’s Optiplex 7010, 7040, 7060, 7070, 3070 and 9020’s. Are we going slightly of topic here with the MEInfo -verbose output the machine INIPC160? INIPC160 is a i5-8500 like Hydrogen, that’s why I chose that machine.

I can get a firmware dump of INIPC160 tomorrow but will this help me work out why the MEBx boot option wasn’t availableon HYDROGEN (sorry if I’m missing the link here)?

For info the service tag of INIPC160 is 4HFRQX2

thanks again for your continual help.

@osk866 It depends. Had this other PC been exactly the same then it had been inconsistent. If it’s another configuration it might just be that that one has AMT disabled.

The other thing is: What happened to your image?

UEFItooNE is a very fine tool for scanning images and new parser messages are always suspect. If you have a programmer and a good backup one might decide for oneself if time for hardware reflashing or exploring these messages is more important.

Service tag- I’m sorry, meant the sticker inside the chassis with the AMT code.

I still got some difficulties to reproduce your file…

Do you mean the image that bricked the PC, hydrogen.bin?

I can find this tomorrow when I have physical access to it. I’ll report back when I have this information.

Which file?

thanks

@osk866 Can’t reproduce hydrogen_remade file.

Otherwise it’s two different questions:

- Why didn’t the first machine have AMT accessible even when all settings in ME from original bios dump are enabled and DELL sticker says ‘fully enabled’?

- For the second machine: Is MEInfo consistent with the ME sticker and settings in ME firmware? If yes can AMT enabled the ‘normal way’?

First question requires a programmer, since system is bricked. Starting point would anyway be flashing the original bios since it’s got all settings enabled.

Second question requires bios dump and info from sticker. If second machine has consistent information (sticker, MEInfo, firmware) and AMT can be enabled according to the book, everything is fine.


@plutomaniac Regarding settings for AMT/ clean ME- Do you have an idea why FIT v12 in its latest version no longer can write a correct FD version and changes order for ME boot and data partition?

Versions
FIT 12.0.49.1536 Tools <= r25
FIT 12.0.64.1551 Tools >= r26 unknown FD version, changed partition order

This is consistent with the older ME/ PMC files from original image and also when exchanging with latest versions.

Would you prefer a version here? (I’d tend to making a ME region with latest tool and replacing it via UEFItool in original bios to keep FD?)