[Guide] Clean Dumped Intel Engine (CS)ME/(CS)TXE Regions with Data Initialization

Hi, looking on how to restore an old baytrail tablet that just turn off every 30 min. so I ended up following this guide. I dumped the bin TXE v1 from chip with an external programmer. Followed all the required steps to get a new image build and seems that all worked, but at the xml comparison step noticed something and I dont know if this should happen: the region order is it supposed to change when rebuild the binary?


can I just proceed to reflash this new image to the eeprom?
all the otther differences on the xml are the ones expected from changing the IAT options to be disabled…so is just this order thing what makes me doubt.
Can Anyone confirm that this is not relevant ?

It shouldn’t matter for CSTXE because the SPI flash uses the Intel IFWI 2.0 structure, in which the Flash Descriptor (FD) region is first and is followed by the IAFW/BIOS region. The latter includes both the BIOS/UEFI and CSTXE firmware in one region. Once the CSTXE initializes for the first time (1st boot), the initially empty Device Expansion (DevExp) region of the SPI flash will be populated with the former’s working data.

The top-level of IFWI 2.0 structure should be FD + IAFW + DevExp regions. Check that with UEFITool NE and go ahead and flash. You do have a programmer, so you can always re-adjust. Although I suspect that XML field of FIT is useless for CSTXE.

Ok ive done that. Unfortunately I don’t know what exactly should I look for. What IFWI and IAFW does mean? The uefitool shows some messages on one of the BIOS sections, and also some invalid partitions on the fpt table, but MEAnalizer shows the same as valid. My guess is that those are the DevExt that you refer on your previous reply, but I don’t know for sure.
Also I want to ask if FD unlocking is possible/valid from building process, since ive set permissions to 0xff from the FIT instead of HxD. Attached some images from Uefitool ne.





These UEFITool pictures are not showing an IFWI 2.0 SPI flash layout, and the partitions shown via MEA -dfpt are older than the CSE-era ones. So you’re not actually working on a CSTXE (v3 - v4) firmware, probably TXE (v1 - v2). CSE TXE (CSTXE) is not the same as the old TXE. Different instructions apply there.

Ah yes, forgot to emphasize that correctly and just did a mistake, but the guide have those instructions right? I followed those from the guide, the ones that are indicated for TXE v1 dumps. There are just one step that indicated to change the Intel Anti Theft. But can’t found the instructions to unlock FD in case I want to flash the BIOS via software.
can upload the original dump and the one I rebuild for You to inspect them if You have the time ?

Details about the Intel Flash Descriptor and unlocking it can be found at [Guide] Unlock Intel Flash Descriptor Read/Write Access Permissions for SPI Servicing - Special Topics / Intel Management Engine - Win-Raid Forum (level1techs.com). However, you don’t need to bother with that when you use a programmer to flash. If you followed the instructions as the guide says, you’re good. Go ahead and flash it with the programmer.

I’m trying to activate ME/AMT to build a Dell 9020 Hackintosh that currently has ME disabled. I’ve read the entire post here pretty carefully, and I think I understand it pretty well. MEA looks at the new image and displays the correct ME version. But after I flash my new image, pop the battery and reset the CMOS, MEINFO still displays a version number of 0.0.0.0000 (booting up in freedos and also in Windows 10).

As a new user, I’m only allowed to paste one image, so here’s my screenshot:
image

Here’s my original SPI:

And here’s my new image:

I load defaults and add an admin password, but still no sign that ME is present. Can anyone tell me what I’m doing wrong?

Do you mean AMT present or ME present? ME will work in the background all the time if not corrupted or otherwise tempered with.

Not sure what version info you refer to. Post the complete, unchanged output of MEInfo.

The second image looks properly cleaned, however the only change made in cofiguration is
to

No changes made regarding AMT settings, however.

Thanks very much for your response, @lfb6.

I thought ME must be inactive given the lack of a version number. Sounds like that’s incorrect? (Refer to the MEBx Version 0.0.0.0000)

You started to say that the only change made in configuration was to…but that got truncated. Are there other changes I need to make in FITC in order to activate MEBx?

Currently F12 works, but not ctl-P and there aren’t any new options in F12 or the BIOS setup.

Please use the search function, enabling amt is described several times in the forum.

MEBx is the ‘interface’ built into the bios- region, its version has nothing to do with ME version itself.

You might compare the xml files generated by FITc to find the changes. Possibly there were some code signes within the xml- line.

As soon as I finished the last reply, I checked FITC’s ME section. :slight_smile:
I’d been so fixated on what I might have missed in the ME cleaning instructions that it didn’t occur to me to explore a little bit.

Regarding a search for enabling AMT, a number of the answers simply point at this thread without further instructions. Despite reading several other posts, I hadn’t stumbled on one that contains “Clean ME, then do this.”

Anyway, here’s my current MEinfo. Thanks very much again for your time and guidance. It hadn’t occurred to me to go check in the obvious place. :slight_smile:

For example. (And this is actually off- topic for the ‘Cleaning’ thread)

Antitheft still enabled in the pic with working AMT