[Guide] Clean Dumped Intel Engine (CS)ME/(CS)TXE Regions with Data Initialization

Hi plutomaniac
I clean Meregion ver 16 but Modular Flash Images Tool error
Exception: OEMP was signed with a wrong MEU tool.
Used MEU: 15.0
Expected MEU: 16.0
Please re-sign it with MEU that match the FIT project.
Source: ‘CsePlugin:OEM_KM’
in spite of build setting Manifest Extension Utility path with meu.exe(ver 16)

So how do i fix this. Please help me. Tks.

i cannot detect any hdd after clearME
Any suggest for hdd section on bios file

based on thinkpad x260


Maybe too much cleaning… did you used any acid based solution, oh man it could really happen… a lot of hdds has been lost like this !!!

It’s been a long time since I’ve done this. I’m in the process of trying to remember how to unlock AMT on systems that were shipped from Dell with ME Disabled. I think I’ll have to re-look over the steps I did with the Optiplex 7010 because I seem to be missing something on these Optiplex 7440 machines as I still don’t have it unlocked.

But this is neither here nor there. While I can flash the full BIOS SPI file on this machine that I’m pulling it off of, I won’t be able to flash it to the other machines so I’m in the “making a clean BIOS” phase and I seem to be stumbling.

I downloaded the correct “ME Region.bin” file and replaced the one in the build folder. But when checking the resulting outimage.bin file in ME Analyzer, it is still showing Type Extracted instead of Region, Extracted. The file system state is Configured instead of Initialized, so that’s good, but I thought the Type should have changed when cleaning as well? Or is the only important thing is the file system state? I’ve attached an image showing the extracted BIOS and the outimage.bin that I built for reference.

I think the output of MEA did change a little since the guide was written. I’d be happy with ‘configured’ and the rest of data being OK.

What settings did you change? If I remember it right it wasn’t too much for ME 11?

1 Like

I was pretty sure “Configured” was the important part, but I made the mistake in the past of flashing a full BIOS to multiple machines, wiping out the serial numbers and MAC addresses before so I’m a bit nervous of testing. I’ll probably pull a full BIOS from another machine before testing just in case.

The AMT settings are a bit off topic for this thread, but I set all of that except the Idle Timeout. Unlike the 7010s we got before, none of these 7440s came with AMT enabled. (We’re a school district, so we opt to save a bit of money and buy preowned machines. We save money and they still do everything we need, we just don’t get to pick the ME setup from the factory.) So I didn’t have a working system to compare the settings to, so thank you for that. I’ll change the timeout and see if that gives me the option to boot into AMT. (This will hopefully save me some digging through my old posts and/or creating a new thread to figure this out.)

Turns out, I probably already had it. I just had to remove the jumper from the service mode pins before it would show up. Don’t remember that being an issue before.

Machine specific data are in bios region, so if you want to flash a full firmware it has to be made for every single computer. A cleaned, freshly reconfigured ME region doesn’t have machine specific data (but of course machine- type specific data).

If your machines have a service jumper, then it shouldn’t be a problem to flash the ME region only with fpt and the -ME switch.

And yes, the service jumper does disable ME functionality, so no AMT with jumper set, too.

Yeap, the output has changed since those (archaic :sweat_smile:) pictures. The output should be “Extracted” and File System State “Configured”. So all good, output wise.

For fun, I went back to figure out when those pictures are from. The vast majority are from January 2016 and one from October 2018. So… :innocent:

Hi, looking on how to restore an old baytrail tablet that just turn off every 30 min. so I ended up following this guide. I dumped the bin TXE v1 from chip with an external programmer. Followed all the required steps to get a new image build and seems that all worked, but at the xml comparison step noticed something and I dont know if this should happen: the region order is it supposed to change when rebuild the binary?

can I just proceed to reflash this new image to the eeprom?
all the otther differences on the xml are the ones expected from changing the IAT options to be disabled…so is just this order thing what makes me doubt.
Can Anyone confirm that this is not relevant ?

It shouldn’t matter for CSTXE because the SPI flash uses the Intel IFWI 2.0 structure, in which the Flash Descriptor (FD) region is first and is followed by the IAFW/BIOS region. The latter includes both the BIOS/UEFI and CSTXE firmware in one region. Once the CSTXE initializes for the first time (1st boot), the initially empty Device Expansion (DevExp) region of the SPI flash will be populated with the former’s working data.

The top-level of IFWI 2.0 structure should be FD + IAFW + DevExp regions. Check that with UEFITool NE and go ahead and flash. You do have a programmer, so you can always re-adjust. Although I suspect that XML field of FIT is useless for CSTXE.

Ok ive done that. Unfortunately I don’t know what exactly should I look for. What IFWI and IAFW does mean? The uefitool shows some messages on one of the BIOS sections, and also some invalid partitions on the fpt table, but MEAnalizer shows the same as valid. My guess is that those are the DevExt that you refer on your previous reply, but I don’t know for sure.
Also I want to ask if FD unlocking is possible/valid from building process, since ive set permissions to 0xff from the FIT instead of HxD. Attached some images from Uefitool ne.

These UEFITool pictures are not showing an IFWI 2.0 SPI flash layout, and the partitions shown via MEA -dfpt are older than the CSE-era ones. So you’re not actually working on a CSTXE (v3 - v4) firmware, probably TXE (v1 - v2). CSE TXE (CSTXE) is not the same as the old TXE. Different instructions apply there.

Ah yes, forgot to emphasize that correctly and just did a mistake, but the guide have those instructions right? I followed those from the guide, the ones that are indicated for TXE v1 dumps. There are just one step that indicated to change the Intel Anti Theft. But can’t found the instructions to unlock FD in case I want to flash the BIOS via software.
can upload the original dump and the one I rebuild for You to inspect them if You have the time ?

Details about the Intel Flash Descriptor and unlocking it can be found at [Guide] Unlock Intel Flash Descriptor Read/Write Access Permissions for SPI Servicing - Special Topics / Intel Management Engine - Win-Raid Forum (level1techs.com). However, you don’t need to bother with that when you use a programmer to flash. If you followed the instructions as the guide says, you’re good. Go ahead and flash it with the programmer.

I’m trying to activate ME/AMT to build a Dell 9020 Hackintosh that currently has ME disabled. I’ve read the entire post here pretty carefully, and I think I understand it pretty well. MEA looks at the new image and displays the correct ME version. But after I flash my new image, pop the battery and reset the CMOS, MEINFO still displays a version number of (booting up in freedos and also in Windows 10).

As a new user, I’m only allowed to paste one image, so here’s my screenshot:

Here’s my original SPI:

And here’s my new image:

I load defaults and add an admin password, but still no sign that ME is present. Can anyone tell me what I’m doing wrong?

Do you mean AMT present or ME present? ME will work in the background all the time if not corrupted or otherwise tempered with.

Not sure what version info you refer to. Post the complete, unchanged output of MEInfo.

The second image looks properly cleaned, however the only change made in cofiguration is

No changes made regarding AMT settings, however.

Thanks very much for your response, @lfb6.

I thought ME must be inactive given the lack of a version number. Sounds like that’s incorrect? (Refer to the MEBx Version

You started to say that the only change made in configuration was to…but that got truncated. Are there other changes I need to make in FITC in order to activate MEBx?

Currently F12 works, but not ctl-P and there aren’t any new options in F12 or the BIOS setup.

Please use the search function, enabling amt is described several times in the forum.

MEBx is the ‘interface’ built into the bios- region, its version has nothing to do with ME version itself.

You might compare the xml files generated by FITc to find the changes. Possibly there were some code signes within the xml- line.

As soon as I finished the last reply, I checked FITC’s ME section. :slight_smile:
I’d been so fixated on what I might have missed in the ME cleaning instructions that it didn’t occur to me to explore a little bit.

Regarding a search for enabling AMT, a number of the answers simply point at this thread without further instructions. Despite reading several other posts, I hadn’t stumbled on one that contains “Clean ME, then do this.”

Anyway, here’s my current MEinfo. Thanks very much again for your time and guidance. It hadn’t occurred to me to go check in the obvious place. :slight_smile:

For example. (And this is actually off- topic for the ‘Cleaning’ thread)

Antitheft still enabled in the pic with working AMT