[Guide] Clean Dumped Intel Engine (CS)ME/(CS)TXE Regions with Data Initialization

ok, next hurdle! i was able to set the 5820 into service mode which allowed me to download the firmware. Step 4 of the guide says to get the firmware file that matches the version. Version on my machine is 11.12.95.2499, but the latest one in the repository shows 11.12.92.2222. i searched the forums to see if there was a later version to match and found one in this post. Problem is that firmware shows a File System State of Unconfigured which does not match step 5 in the guide. should i try it with the 11.12.92 version or try to figure out this latest version that actually matches?

Step 5 in section D4 covers ME in your own dump? That one should indeed have a configuration.

yep, I’m an idiot… i read that as using the downloaded firmware. All steps seem to have worked and the updated firmware was pushed to the machine per the instructions. My goal was to enable AMT so i could do KVM on these machines, but it appears that those options are still disabled.

What is the hardware configuration- chipset, cpu, graphics, nic?

Attach the complete firmware or at least ME region.

First, thank you very much for all the help already provided, I really appreciate it. Here is the info
Chipset: Intel C422
CPU: Xeon W-2245
graphics: AMD Radeon r9 M360
NIC: Intel i219-LM

Here is the original bios dump:
dell03_orig.rar (9.5 MB)

Here is the modified one:
outimage.rar (9.3 MB)

  • I can’t find any differences in configuration? The two attached firmwares are identically configured?

  • KvmSupported value=“No” … If this setting have been set to disabled it cannot be re-enabled once the descriptor has been locked.
    It’s unclear what this means, afaik the only setting that’s written permanently into FPFs for ME 11 is the formware TPM?

  • Normally processor graphics is used to redirect screen content to KVM, but officially this Xeon doesn’t have a graphics unit. But may there’s something ‘unofficially’ hidden just to serve AMT?

image image

Please double check the Flash descriptor, ist mostly PCH straps that are stored there, but just to be sure!

1 Like

As far as the flash descriptor, i was able to dump the firmware via fpt -d and then i turned around and updated it with the downloaded on via fpt -f without any errors which leads me to believe the descriptors are RW enabled. let me try the process again, maybe I screwed up the settings on the updated firmware.

EDIT: SUCCESS! I repeated the steps with the original dump, but this time i saw a post around additional configuration settings in FIT. these seemed to do the trick on my workstation.

Now i just need to figure out why the NIC is no longer working…

1 Like

Thanks for the feedback. I don’t think these 2 values are relevant.

Regarding NIC:

  • GbE written back correctly?
  • Other changes in FIT?
  • Checked old FD against new FD?

I didn’t make any changes in the Networking region, though in checking the original dump to the cleaned one, i do see that the GbE PCIe Port Select changed from PORT4 to PORT5. I’m going to update that and try again.

Would you mind posting the cleaned firmware?

here is the one that is currently on the machine, i have not changed the port yet.
Dell03_outimage.zip (9.8 MB)

Thanks. I see you did a lot of changes.

MctpDevicePortEc, FwAutoBist, EhbcEnable- Unclear what you want to achieve?

OemPublicKeyHash, BtGuardProfileConfig, PttSupportedHw - These values are burnt into the PCH at ‘close manufacturing’, Since it’s a Dell they certainly didn’t deliver the machine still in manufacturing mode, so this can only be resolved by exchanging the PCH with a new, unconfigured one.

well, that is strange since i didn’t make any changes to any other regions myself. maybe the clean ME region i downloaded was corrupt? Literally All i did in my first try was to dump the bios, merge the clean region and flashed it. that didn’t work, so then i took the original bios dump, merged the same clean ME region and in FIT changed the settings in the ME section then flashed it. I had not even browsed the other sections that were changed.

Then you didn’t follow the guide- those items are too specific and too far away from FIT standard settings to have happened accidentally. Maybe another xml- config from a modified dump ‘lying around’?

I use to compare the xml files - original and modified - in Notepadd ++, the compare plugin works well:

(But there are lots of other diff tools that can compare xml files properly…)

Otherwise it’s wise to have just the things you want to work with in the FIT directory…

ok, going back to the drawing board. Just flashed thew original firmware and all systems look normal. going to go through the process and capture images between the stages to see where it may be going wrong.

Do you work on a complete image or just the engine? I’d recommend to work on the complete image!

thanks! i am working on the full image and cleaning out all the contents of the FIT folder between runs to make sure there are no other files that may be causing the issue. working on it now the results. thank you very much for the guidance and help!

success after all. i literally followed the exact same steps as before, nothing different, except any time i started up FIT, i would do File → New to clear out any settings. after following the process and doing a compare with notepad++ (thanks @lfb6 !!!), only the settings i had changed were showing. All good now!

Thanks for the feedback! :+1:

anyone help me?my MEI corrupted on my ASUS RAMPAGE VI EXTREME X299
this is the bios https://dlcdnets.asus.com/pub/ASUS/mb/BIOS/ROG-RAMPAGE-VI-EXTREME-ASUS-3801.zip?model=ROG%20RAMPAGE%20VI%20EXTREME

thanks