[Guide] Clean Dumped Intel Engine (CS)ME/(CS)TXE Regions with Data Initialization

Well I already updated ME to latest RGN + latest PMC already for user, but wanted to now send him clean updated latest EXTR ME FW version that he could program in with FW Update tool.
But, I can’t, due to EXTR by itself says no FW Update possible, and if I want to merge PMC with this to make it FW update possible, then incorrect settings are transferred over during this process.
So, is it not possible to do what I wanted? Or, is the Y/N the answer here? * Edit - I guess that does not apply, target goal = 12.0.70.1652_CON_H_BA_PRD_EXTR

@Lost_N_BIOS Doesn’t your FIT v12 write FWupdate files, too? If I merge Intel CSME Firmware v12.0.71.1681 (CON H BA) with Intel PMC CNP Firmware v300.2.11.1025 (H B) just as an example, flash components “0”, build, I get:

“FW update image written: …/Intel CSME System Tools v12 r28/Flash Image Tool/WIN32/cse_image_FWU_Base.bin
FW update image written: ./Intel CSME System Tools v12 r28/Flash Image Tool/WIN32/cse_image_FWU_Full.bin”

me2.jpg



As far as I understood FWUpdate doesn’t transfer any settings, so it doesn’t really matter which configuration might be stored in the image?

I don’t understand, what incorrect EXTR settings? lfb6 is right, FWUpdate tool does not care about configuration. You can use whatever you want (RGN, EXTR/EXTR-Y) as a firmware base before merging PMC and/or PCHC, PHY etc, as log as MEA does not say “FWUpdate Support : Impossible.” FWUpdate updates CODE only, not DATA. This guide is for cleaning CSE firmware dumps, not for FWUpdate. Detailed instructions on what FWUpdate does, how it works and what it requires to update the firmware of a given platform can be found at Intel Management Engine: Drivers, Firmware & System Tools.

OK, let me explain. I took full already clean/UPD ME FW (older) complete BIOS image, tried to update to 12.0.70.1652_CON_H_BA_PRD_EXTR, after compare before/after outimage and settings do not match.
I prefer to use full BIOS image when doing anything ME FW, on my end. Then I planned to extract ME FW to give to user to flash via FW UPD tool.
Yes, thank you both, I did forget that ME FW Update tool will not transfer in incorrect settings, but still, I should not be seeing them, thus my questions.

Latest PMC already integrated in previous BIOS w/ latest RGN clean UPD, already flashed in and tested.
I was simply trying to make a file so user could update to the latest version (EXTR) with FW Update tool, since I could not update to EXTR while clean/UPD on my end.

As for the mis-matched settings on before/after, here is an example area, and now I noticed it’s just this area

ME-Diff.png



If I were to send him cse_image_FWU_Base.bin, but until I found why the reason for above, I would not trust this file.

I see what I intended is not possible (extract UPD ME from BIOS = FW Update = NO)
So I will have to use cse_image_FWU_Base.bin anyway, but I now see latest NO, with the latest version, so as usual, I’m a mess and lost with ME FW I used to only have to fight X79 ME FW

Why do we use Base over Full, both are identical?

@Lost_N_BIOS This time it’s really not too easy to understand what you mean/ did…

OK, but that’s a “clean” thing, right? You put in a complete bios image, update, build outimage. Then you put in generated outimage.bin, save settings and compare original and new xml- files and they don’t match- as shown on the picture. Is that correctly understood?

  • You cant (for newer ME firmware >=12) use Extracted regions directly for FWupdate.
    - You don’t have to care about most of the settings if you followed the guide. (I’m not sure what FIT does when generating update files?)
    - If you reopen an update binary in FIT again, you’ll possibly see some/ most settings set back to standard configuration since they simply weren’t stored in the update file?

    If you look at the structure it seems the update file don’t have any ‘bootable’ configuration but a much larger set of code/ firmware bricks, see attaached text files.

    You don’t need any basic settings for generating an ME update v12, see Plutomaniacs guide. The post with this guide was edited shortly, I think this part is new(er),and I think there’s few possibilities for misunderstanding/ wrong interpretation left. Only thing I wasn’t aware off: “FWUpdate Support” has Yes, No and Impossible as possible answers- A CSME with “No” can be used by FIT to build an update, a CSME with “Impossible” can’t.

MEA -dfpt for region v12.txt (13.4 KB)

MEA -dfpt for update file v12.txt (16.2 KB)

@lfb6 - What I meant, tried to explain, was I attempted to clean/UPD ME FW like you normally would, as I’ve done a million times without issue.
The problem here is me trying to figure out how to hand user proper file to use for ME FW update tool I guess, without the issues I’m seeing being a part of that file I pass to him.

I never work with ME FW update tool, or ME FW by itself, always entire BIOS and FPT.
So I’m sure some of my concerns here may be due to that, however, I don’t see how/why I should not be concerned.

This is what was done already, flashed in and user is using as we speak >> BIOS Fixed, Unlocked, ME FW Updated to latest RGN/PMC (As we normally do, mentioned above)
However, due to latest actual ME FW version was not RGN, I used older one that was last RGN version. So, now, I want to give him file to use to update to latest actual version, and there is where problems begin.
PMC is already latest, but I can re-integrate that without issue, but I don’t see how to give him safe file to use, provided what I showed in the image above
That the update ME via FIT with latest EXTR proves out changes that should not be, thus I don’t see how cse_image_FWU_Base.bin would not also contain these same incorrect changes that should not be happening

I know you both want to help, but when I get lost on a ME FW issue, I usually can’t absorb how to get around it.
I still avoid ANY X79 ME FW update for this reason, for anyone, and only direct them how to use ME FW Update tool and latest provided file.

Yes, some of your points/questions, I have the same concerns, thus my question here.
I have since noticed you can’t use extracted ME FW, even cut to size, for ME FW Update tool, so I got that now

Maybe you could help the user? If yes, do you need me to link you to the last BIOS I gave him, with latest RGN ME + Latest PMC, or can you help him directly with none of that?

I have read the guide, but it and what you quoted is not at all related to anything I am asking (really this).
I know how to make proper ME files, it’s just not happening here in a way that I trust, due to changes in before/after comparisons that should not be there.

Meaning >> I would not give this BIOS with updated ME FW (From EXTR) to user to put on with unlocked FD and FPT, or a flash programmer either, there is a problem.
The oddities I mentioned above (previous post/image) with cse_image_FWU_Base.bin and or Before/After XML on actual BIOS image.
I don’t trust those incorrect things in the BIOS image before/after are not also going to be flashed in during a ME FW update using cse_image_FWU_Base.bin created at same time as outimage with incorrect settings as shown in the image above.

Quicker summary >> If I use EXTR via FIT and make BIOS/ME, before/after XML does not match properly.
How am I to know/trust cse_image_FWU_Base.bin generated right then too, is not also going to contain the same incorrect changes? << This sums up my questions and concern perfectly, nice and brief too

@Lost_N_BIOS Please attach the files/ bios or post the link to these files.

My point still being that you can’t know if there really are different settings in an update file since you have to use FIT for checking these settings. And you don’t know which settings are standard settings just shown by FIT itself and never were stored in the update image. FIT doesn’t have a way to differentiate between region/ bios mode and update mode- where it should grey out not processed/ not relevant settings…

I think it’ll be less writing with the files at hand and a result to compare.

@lfb6 - Soon I will have to stop answering anything ME FW related
Here is the thread, last BIOS I made is in this post has the BIOS he programmed in, this has latest RGN and latest PMC already, just need to update ME side to latest EXTR
@ #622 - OverPowered TONGFANG CyberPower Machrevo MACHENIKE - Unlocked BIOS Guide W/ Files (42)

Yes, that was part of my summary and main question! How can I confirm, or be sure those incorrect changes I see, are or are not part of the cse_image_FWU_Base.bin update file.
I gave comparison image above, you can’t compare what I’m asking about any other way, unless you know how to show settings contained within cse_image_FWU_Base.bin are NOT the same as contained withing outimage generated at same time.

If you can show him the way to update that ME FW further via ME FW update, while also at same time knowing FOR SURE those incorrect changes do not also get get transferred in the update file, then please do, thanks

Cleaning (removing the Initialization) from a dumped Engine image, requires following this guide.

Creating a FWUpdate compatible image, requires following the instructions of the (CS)ME thread.

You cannot use the extracted Engine region from a SPI image with FWUpdate tool, not after CSME 11 at least. They are stored in different formats (CSE Layout Table vs Flash Partition Table). In the past, all Engine firmware were in FPT format but at CSME >= 12, they are originally at FPT but then converted to LT via FIT at the full SPI image. FWUpdate tool accepts FPT format only.

If you want to create a cleaned & updated SPI image then follow this guide with the latest CSME & PMC/PCHC/PHY firmware. You’ll have to overwrite any Independent firmware (PMC, PCHC, PHY etc) binaries manually at the Decomp folder as the guide does not mention that. It doesn’t mention it because it wasn’t written with updating in mind. Only cleaning. And only CSME needs cleaning, not Independent partitions. So if you want to use it for updating as well, you’ll have to do the Independent partition overwrites manually. Rename them to the same name as in Decomp and overwrite.

For FWUpdate, you could load into FIT a full SPI outimage and click the green Build FWUpdate Image icon or similar (depends on CSME version) but that won’t work in some cases (Corporate firmware for instance). So for FWUpdate, the instructions at the thread have to be followed. To sum up, you cannot combine “cleaning” and FWUpdate image generation.

As for those xml changes, a difference of “No” and “0x0” is a non-difference. It’s due to newer FIT versions declaring some options differently in the xml. The result is the same though. Also, if Fdv is Disabled, the other options don’t matter (range, exclusions etc). They are different due to newer default options at newer FIT versions. It’s like having a BootGuard profile set in settings but BG disabled altogether. Its settings don’t matter if the main technology is Disabled.

I’m pretty sure that won’t happen and that was never the meaning to give you that impreession

Look at my generated files, you probably won’t like them, but I’m quite sure they both will work.

There’s another option for generating update files at least for the bios you linked: If you’d take your original bios, cleaning it and updating it as you did, FIT will also generate update files when you build the bios. If you don’t trust those you shouldn’t possibly trust the generated region either?!

If you build update files accoring to the guide, these update files will be different from the ones additionally generated when building a complete bios. All differences are in MFS though, seems part of configuration is still saved there. See compared directory tree for unpacked ME- I can’t sort out these differences unfortunately.

ME_unp_comp.jpg



In addition the configuration saved from the re-opened update binaries does contain differences.

diff xml.jpg



In the end I’m afraid I wasn’t any help to you. I can’t explain which settings FIT does pack into the update file and why And I have to say that I’m a little surprised, I thought these update files were built rather identical without storing configuration- settings.

generated_at_bios_build.zip (1.61 MB)

update only book.zip (1.61 MB)

Regarding that behavior, I can explain it. At CSME 12, FIT was stupid and in order to build an update image, it would actually do all the work of re-configuring the File System (MFS) as well, while also stitching the PMC. There was absolutely no point in that. At CSME 13+, Intel did it properly and now FIT only stiches CSME + PMC/PCHC/PHY without altering the MFS. So at CSME 12, FIT generates a “Configured” (with stock, irrelevant settings) update image but any FIT after that generates an “Unconfigured” image. Alas, settings don’t matter for FWUpdate so FIT v12 was simply doing extra useless work for no reason. Hope it’s clear now.

Thanks a lot! I think that’s exactly what Lost_N_BIOS might want to hear

@plutomaniac - PMC already updated here, before any of my questions came to light, so that’s a non-concern for me and should not be looked at by lfb6 either (it’s already done and flashed in on user end/BIOS he’s working with)
Thanks, I guess your comment at 329 sums up my wishes >> To sum up, you cannot combine “cleaning” and FWUpdate image generation.
So, to the changes, none of that matters? I get the 0x0 = NO same/same, but the rest does not matter, why is it changed though, just due to slightly different FIT versions?

@lfb6 - About stopping answering ME FW stuff, that’s nothing to do with anything you said, it just always gives me hassles from time to time, so I hate messing with it sometimes
Yes, I know FIT makes FW update files at same time as building outimage, I’ve said and questioned those files this entire time.

So, still not fully clear I think? But, I think plutomaniac said in #331 - cse_image_FWU_Base.bin may contain the incorrect/non-matching settings I was concerned with, but they do not matter/will not be flashed in?
What a mess!! Still, not nearly as bad as X79 ME FW hassles I guess, so there’s that


I cannot give a general answer to that, only what I see from case to case. A value of 0x0 makes sense to mean “No” or “Disabled” based on context. If Intel decides to assign different value types to their xml variables from one FIT version to another, it’s in their right to do so. FIT is a very complex program. Settings can come and go, get renamed etc at any point. Honestly, the compatibility that Intel tries to keep from version to version is rather impressive even if sometimes things break (14.0.11 vs 14.0.20, 7.x, 8.x etc).

Yes, I agree, and assume same, that 0x0 = Disabled too.
But the rest of the other changes are more of what I was concerned with, since I can’t see what is in the update file vs what I can see incorrect in the outimage file.
This is what made me worried, those incorrect things may be in the update file too, and if used would be a possible issue. But you say they are not used, even if put in there, so should be OK (at least I think this is your summary)

File System (MFS) Configuration Importance:

FWUpdate : NO
Anything else: YES

Hello, I have a problem with Intel 10 notebook. The machine models are ThinkPad x390 and ThinkPad t490. I use flash image tool_ After cleaning the me data in V14, the BIOS interface displays me firmware version 0.0.0.0. I replaced the same good machine for testing, and the fault is still the same! Replace the original backup program to restore to normal.
[[File:QQ??20201206192039.png|none|auto]]
The following program is what I cleaned the me module! Due to the forum upload size limit, I uploaded the file to the network disk, through the following link to visit and download!
https://share.weiyun.com/lArgH3oP

QQ??20201206192039.png

@wosyuanxiao Link only in chinese(?) and requiring kind of a login. How did you ‘clean’ the ME firmware?

I follow the me cleaning tutorial of V11. In the previous V11 and V12 versions, I have never encountered such a situation. It can be used normally every time. Only V14 has this problem.

This is the new file link!

https://1drv.ms/u/s!Ati1m4 -4F-D0hf5vU8k5brdcogeUFQ

I have a problem also with X79 Chinese MB. It shows ME version n/a. Luckily I had the same MB without that problem and made a BIOS dump with fpt.exe. I think that manufacturer flashed a dump from another MB and ME region data needs to be cleaned. -------[ ME Analyzer v1.5.10 ]-------
Database r61

File: FULLBACK.BIN

Firmware: Intel ME
Version: 7.1.13.1088
Release: Production
Type: Region, Extracted
FD: Unlocked
SKU: 1.5MB
Date: 04/05/2011
Platform: CPT
Latest: No

Blist 1: <= 7.0.10.1203
Blist 2: <= 7.1.12.1086
It is very strange that ME7 works with Xeon E5-2637 v2 Ivy Bridge. I was sure that Ivy Bridge demands ME8. Fitc 8 refused to work with this file. Fitc 7 for PBG works. How should I use it - with ME region only or BIOS dump? I attached BIOS dump.
advise
I was advised to flash BIOS dump from another MB simply without cleaning. I’m afraid that this will make the things to worse. Please explain what to do in this case

FULLBACK.rar (2.82 MB)