Intel ME Bios Modules - Investigation and possibilities to swap moldule and unlock FD.

BIOS/UEFI Modding BIOS modules (PCI ROM, EFI and others)
1

Disclaimer/Introduction

Im not familiar with any of the procedures or tools involved or necessary, Im not an expert in any way on any subject of BIOS module swapping and I’m trying to understand and learn more about Intel ME due to an error I experience ( (A7) Me FW Downgrade - Request Me Spilock Failed ) and Asus support so far ignores and has provided no support for.

Ive started investigating the possibility of swapping the Intel ME firmware module shipped in the motherboard BIOS and investigate possibility/benefit to unlocking the Flash Descriptor on the Asus TUF Z270 Mark 1[/b] motherboard maybe others.

I could be wrong in my assumptions that any of this is possible or maybe barking up a non existing tree, but here I am risking being branded a fool.

Any help/assistance, guidance and information is extremely welcome and appreciated.

My starting point was my own latest motherboard bios, the ME Analyzer 1.10.2, and some Intel ME Tools found in the Intel Management Engine: Drivers, Firmware & System Tools

NOTES:
@plutomaniac has informed me early on that I need to repair my ME and that this is not possible unless I use a hardware programmer because the Asus TUF Z270 Mark 1 doesnt allow this repair due to being locked and the UBU tool doesnt support or will ever support swapping the ME module, and while I value and respect his opinion and feedback, this process is necessary for my own personal education and furthering my understanding of this problem and explore all avenues.


Desired Outcome


    - Swap Module for ME in motherboard BIOS
    - Flash the updated BIOS via flashback
    - See if error disappears


Asus TUF Z270 Mark 1 Output

MEInfoWin64.exe -VERBOSE trimmed OS info

D:\Intel ME System Tools v11.6 r8\MEInfo\WINDOWS64>MEInfoWin64.exe -VERBOSE

Intel(R) MEInfo Version: 11.6.21.1228
Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.

FW Status Register1: 0x90202242
FW Status Register2: 0x04F60406
FW Status Register3: 0x00000020
FW Status Register4: 0x00080000
FW Status Register5: 0x00000000
FW Status Register6: 0x00000000

  CurrentState:                         Recovery
  ManufacturingMode:                    Disabled
  FlashPartition:                       Valid
  OperationalState:                     CM0 with UMA
  InitComplete:                         Complete
  BUPLoadState:                         Success
  ErrorCode:                            Disabled
  ModeOfOperation:                      Normal
  SPI Flash Log:                        Not Present
  Phase:                                ROM/Preboot
  ICC:                                  Valid OEM data, ICC programmed
  ME File System Corrupted:             No
  PhaseStatus:                          AFTER_SRAM_INIT

  FPF and ME Config Status:             Not committed
FW Capabilities value is 0x31111540
Feature enablement is 0x11111140
Platform type is 0x724F0322
No Intel Wireless device was found
Intel(R) ME code versions:

        MEBx Version found is 0.0.0.0000
MEBx Version                                 0.0.0.0000
GbE Version                                  0.2
Vendor ID                                    8086
PCH Version                                  0
FW Version                                   11.6.0.1126 H
LMS Version                                  Not Available
MEI Driver Version                           11.7.0.1002
Wireless Hardware Version                    Not Available
Wireless Driver Version                      Not Available

FW Capabilities                              0x31111540

    Intel(R) Capability Licensing Service - PRESENT/ENABLED
    Protect Audio Video Path - PRESENT/ENABLED
    Intel(R) Dynamic Application Loader - PRESENT/ENABLED
    Service Advertisement & Discovery - NOT PRESENT
    Intel(R) NFC Capabilities - NOT PRESENT
    Intel(R) Platform Trust Technology - PRESENT/DISABLED

TLS                                          Disabled
Last ME reset reason                         Firmware reset
Local FWUpdate                               Enabled
BIOS Config Lock                             Enabled
GbE Config Lock                              Enabled
Get flash master region access status…done
Host Read Access to ME                       Disabled
Host Write Access to ME                      Disabled
Get EC region access status…done
Host Read Access to EC                       Disabled
Host Write Access to EC                      Disabled
Protected Range Register Base #0 0x0
Protected Range Register Limit #0 0x0
Protected Range Register Base #1 0x0
Protected Range Register Limit #1 0x0
Protected Range Register Base #2 0x0
Protected Range Register Limit #2 0x0
Protected Range Register Base #3 0x0
Protected Range Register Limit #3 0x0
Protected Range Register Base #4 0x0
Protected Range Register Limit #4 0x0
SPI Flash ID 1                               EF4018
SPI Flash ID 2                               Unknown
BIOS boot State                              Pre Boot
OEM ID                                       00000000-0000-0000-0000-000000000000
Capability Licensing Service                 Enabled


MEManufWin64.exe -VERBOSE

D:\Intel ME System Tools v11.6 r8\MEManuf\WINDOWS64>MEManufWin64.exe -VERBOSE

Intel(R) MEManuf Version: 11.6.10.1198
Copyright(C) 2005 - 2016, Intel Corporation. All rights reserved.

FW Status Register1: 0x90202242
FW Status Register2: 0x04F60406
FW Status Register3: 0x00000020
FW Status Register4: 0x00080000
FW Status Register5: 0x00000000
FW Status Register6: 0x00000000

  CurrentState:                         Recovery
  ManufacturingMode:                    Disabled
  FlashPartition:                       Valid
  OperationalState:                     CM0 with UMA
  InitComplete:                         Complete
  BUPLoadState:                         Success
  ErrorCode:                            Disabled
  ModeOfOperation:                      Normal
  SPI Flash Log:                        Not Present
  Phase:                                ROM/Preboot
  ICC:                                  Valid OEM data, ICC programmed
  ME File System Corrupted:             No
  PhaseStatus:                          AFTER_SRAM_INIT

  FPF and ME Config Status:             Not committed

FW Capabilities value is 0x31111540
Feature enablement is 0x11111140
Platform type is 0x724F0322
No Intel Wireless device was found
Feature enablement is 0x11111140
ME initialization state valid
ME operation mode valid
Current operation state valid
ME error state invalid

Error 235: Internal error


Error 117: MEManuf Operation Failed


Asus TUF Z270 Mark 1 - BIOS version 0906 - ME Analyser Output

-------[ ME Analyzer v1.10.2 ]-------
            Database r82

File:     TUF-Z270-MARK-1-ASUS-0906.CAP

Family:   ME
Version:  11.6.0.1126
Release:  Production
Type:     Region, Extracted
FD:       Locked
SKU:      Consumer H
Rev:      D0
VCN:      120
PV:       Yes
Date:     20/09/2016
FIT Ver:  11.6.0.1126
FIT SKU:  KBP-H Z270
Size:     0x1F0000
Platform: SPT/KBP
Latest:   No

Press enter to exit


Now my Next step was to find a manufacturer BIOS with the latest ME Module to date.

This MSI 7A69_223.zip Download has both latest ME Module version and FD is unlocked so a twofer :wink:

-------[ ME Analyzer v1.10.2 ]-------
            Database r82

File:     E7A69IMS.223

Family:   ME
Version:  11.6.25.1229
Release:  Production
Type:     Region, Extracted
FD:       Unlocked
SKU:      Consumer H
Rev:      D0
VCN:      178
PV:       Yes
Date:     12/02/2017
FIT Ver:  11.6.25.1229
FIT SKU:  KBP-H B250
Size:     0x1BF000
Platform: SPT/KBP
Latest:   Yes

Press enter to exit


Conclusion So Far

More information needed on module swapping able to support ME Module and look at maybe using a hexeditor to Investigate FD unlocking values to transplant to other bioses.
Will need some MMtool v5.x or newer at least for extraction and insertion of module
Perhaps hexeditor to find and transplant the FD unlock from the unlocked bios.

2

Try to get your board schematic and see if there is an ME override strap. Stuff can be done with OEM utilities or efi variables, look around. Barring that you have to examine how the bios update flashes the bios and me region. It could be as simple as replacing the payload as you said.

Also there are 2 things.
Me region - Has ME firmware
Bios Module - talks to the above, MEbx menus, etc.

Get the intel tools for your ME version, find out what kind of flash chip you have and what the locks say. Figure out what kind of bios you have.

ie, there is asus stuff here: [PROBLEM] How to mod an Intel mainboard BIOS? (9) but no clue what you have, ami, insyde, etc.

3

a