Optiplex 7010 and VPro/AMT/ME

@plutomaniac

I did

1. fptw64 -greset
2. Restart
3. Shutdown
4. Service mode jumper
5. fptw64 -d spi.bin
6. fptw64 -d me.bin -me

spi.zip (5.45 MB)

me.zip (2.18 MB)

You did as I asked but the ME region still crashes FITC. Do you happen to have a programmer? If not, I will try asking the original poster for a ME dump since he has the same system. We’ll have to wait for his reply because I cannot work with your dump and cannot find another dump online. If you have found another dump online, do share.

@Adam86

Hello Adam86, sorry for the poke. Could you provide a dump of your ME region from the 7010 system you have? If you happen to have one from a programmer and another from fpt while you were testing stuff to get it working, that would be even better.

@plutomaniac
I actually do have a programmer :slight_smile:
I was able to load the old BIOS dump on FITC before I have updated the BIOS again,
I have tried to mod the SPI.bin myself, flashed it but it didn’t work

32.zip (1.55 MB)

64.zip (3.9 MB)

outimage.zip (5.8 MB)

@plutomaniac
Something is terribly wrong with my BIOS
MEinfowin64 shows ME firmware version is 8.1.65.1586, Exactly how it should be in BIOS version A21
but Dells A21 BIOS update file shows ME firmware version 8.1.40.1416… could that be the problem?

Update:

I have flashed BIOS A21 twice and it solved the ME firmware version

Now…On MEManufWin64 I get

1
2
3
4
 
Error 9367: Firmware is in recovery mode
Error 9328: Internal error
 
Error 9296: MEManuf Test Failed
 


On MEInfoWin64 I get

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
 
Intel(R) ME code versions:
 
BIOS Version: A21
MEBx Version: 0.0.0.0000
Gbe Version: 1.3
VendorID: 8086
PCH Version: 4
FW Version: 8.1.65.1586
UNS Version: Not Available
LMS Version: Not Available
MEI Driver Version: 8.1.0.1263
Wireless Hardware Version: Not Available
Wireless Driver Version: Not Available
 
FW Capabilities: 0x00111C60
 
Intel(R) Anti-Theft Technology - PRESENT/ENABLED
Intel(R) Capability Licensing Service - PRESENT/ENABLED
Protect Audio Video Path - PRESENT/ENABLED
Intel(R) Dynamic Application Loader - PRESENT/ENABLED
 
CPU Upgrade State: Not Upgradable
Cryptography Support: Disabled
Last ME reset reason: Power up
Local FWUpdate: Enabled
BIOS Config Lock: Enabled
GbE Config Lock: Enabled
Host Read Access to ME: Disabled
Host Write Access to ME: Disabled
SPI Flash ID #1: 20BA17
SPI Flash ID VSCC #1: 20052005
SPI Flash ID #2: 20BA16
SPI Flash ID VSCC #2: 20052005
SPI Flash BIOS VSCC: 20052005
BIOS boot State: Pre Boot
OEM Id: 68853622-eed3-4e83-8a86-6cde315f6b78
 
Error 8199: Communication error between application and Intel(R) ME (Get Intel(R
) AMT State)
 
Error 8199: Communication error between application and Intel(R) ME (Get System
UUID)
 
Error 8199: Communication error between application and Intel(R) ME (Get Ipv4 In
fo)
 
Error 8199: Communication error between application and Intel(R) ME (Get Ipv4 In
fo)
 
Error 8199: Communication error between application and Intel(R) ME (Get Provisi
oning State)
 
Error 8199: Communication error between application and Intel(R) ME (Get Provisi
oning Mode)
Capability Licensing Service: Enabled
Capability Licensing Service Status: Permit info not available
OEM Tag: 0x00000000
Wireless Micro-code Mismatch: No
Wireless Micro-code ID in Firmware: 0x0082
Wireless LAN in Firmware: Intel(R) Centrino(R) Ultimate-N 6205
Wireless Hardware ID: No Intel WLAN card installed
Wireless LAN Hardware: No Intel WLAN card installed
Localized Language: English
Independent Firmware Recovery: Disabled
 


I have cleared CMOS - no change

@plutomaniac @Adam86

SUCCESS!!!

After flashing the BIOS twice and corrected ME FW version I have updated ME to v8.1.70.1590 and got no more errors from MEInfoWin64
Than with FPT I took a new SPI.bin dump and loaded it up on FITC - NO CRASH :wink:
Edited the appropriate settings, Flashed back, switch off, Cleared CMOS, power on, CTRL+P and… VOILA - GOT THE MEBx Menu :slight_smile:

Thank you so much for your help!

Attached - Delll Optiplex 7010 A21 ME v8.1.70.1590 UNLOCKED SPI.bin

SPI.zip (5.8 MB)

@blackpac

Regarding MEManuf and MEInfo, “Firmware is in recovery mode” means that you have the jumper set. You need to move it to default/operational position first before using MEInfo and MEManuf.

Yes, your new dump is finally usable with FITC. I imagine that your previous ME region was corrupted, you just didn’t know about it. I checked the dumped ME region and saw some things which I improved. So, use the ME Region I have attached below. Flash it with Flash Programming Tool’s command fptw -rewrite -me -f ME_7010_AMT.bin followed by a fptw -greset once it’s successful. After the reset, restore the jumper to it’s original position and restart. Then check MEInfo and MEManuf.

Compared to your AMT-enabled ME region I have made these changes:

a) Cleaned-up the ME region DATA section so that no trash is left behind, based on this guide.
b) ME > Hide FW Update Control → False (so that you can enable or disable FWUpdate from MEBx)
c) Features Supported > Anti-Theft Disabled → Yes (AT has been EOL since January 2015 and must be disabled to avoid issues)

Notice that this is only the ME region of the full SPI image, thus the -me parameter at FPT. Additionally, you can also enable read/write access to the ME Region by altering the Flash Descriptor so that you won’t have to set the jumper or use a programmer if you want to perform additional changes in the future.

ME_7010_AMT.rar (2.44 MB)

One small addition: ME region should remain locked because otherwise there is a chance it gets corrupted during BIOS update or even normal POST. I still don’t know all conditions are needed for this corruption to trigger, but having an unlocked descriptor is one of them for sure. Use it for debugging and playing around, but when you finished, use “fpt -lock” command to set descriptor security settings back to defaults.

Sure, especially in this case (hardware jumper/programmer at hand), it’s not needed. But for a laptop which requires desoldering etc every time, it’s probably worth the risk in my opinion.

@plutomaniac


In my case the jumper was set on default/operational position while "Firmware is in recovery mode"



That’s brilliant, THANKS!

Update

Everything runs smoothly!
Just a small correction, fptw -greset can only be done after complete shutdown as SERVICE_MODE jumper needs to go back to default/operational position

Hello,

I would also to enable MEBx on my Optiplex 7010 - Will it be enough flash only “ME region”? Can I use ‘ME image’ from post #26 (file “ME_7010_AMT.rar”)?

I noticed that the sizes ME region images files from “ME_7010_AMT.rar” and from my computer are different: 6242304 vs 6270 976 bytes - don’t worry about it?

I attach dumps from my Optiplex 7010 (bios version A21):
1) ME Region - file ‘me.bin-Dell_7010_A21.zip’ (command ‘fptw -d me.bin -me’)
2) full dump - file ‘spi.bin-Dell_7010_A21.zip’ (command ‘fptw -d spi.bin’)


Thanks

me.bin-Dell_7010_A21.zip (2.64 MB)

spi.bin-Dell_7010_A21.zip (5.92 MB)

@jwlu

I have created a modded ME image based on your dumped SPI image. It’s only the ME region so fptw -rewrite -me -f me_mod.bin and after it’s successful, fptw -greset.

me_amt_mod_7010_jwlu.rar (2.44 MB)



Many thanks for your help.

I did:

1) SERVICE MODE jumper ON
2) flash ME Region in clean DOS: command “fpt -rewrite -me -f me_mod.bin” - successful
3) command “fpt -greset” in DOS - result: black screen and immediately reset
4) according to information from post # 29 I turned off SERVICE MODE (jumper OFF) and once again command “fptw64.exe -greset” (in Windows) - result: no errors and delayed correct system restart
5) clean CMOS (jumper RTCRST ON)
6) !!!success!!!: CTRL+P and MEBx activated and works correctly - BIG thank you Plutomaniac

I noticied two small ‘problems’:

Problem 1:
MEInfoWin64.exe run without any errors:



- but MEManuf reports errors :



- MEManuf in verbose mode:



- MEManuf with skip ‘3G test’ run without any errors:


-as you can see the problem is the 3G (probably 3G modem) - how to disable the "3G mode" in the AMT?


Problem 2:
- in "Event log" of WEB interface AMT each time at start computer AMT writes three events (propably one Warning and two Errors) without any detail description:

Event_log-events.jpg



What could be the cause of these events?

I assumed you knew about the jumper since you provided a full SPI dump so that’s why I didn’t mention it. At step 4, you don’t need a greset again after setting the jumper back. Also, step 6 was not needed for this ME reflash.

The 3G error is almost certainly due to the fact that I disabled Intel Anti Theft Technology at the ME firmware as it has been EOL since 01/2015 and can cause problems if left activated these days. The optional (OEM dependent) 3G NIC was used for Anti Theft only. It’s Enabled/Disabled settings are set at the Flash Descriptor, as seen at FW Bring Up Guide, and not ME region or MEBx control panel. From what I read, this modded Flash Descriptor (FD) will do the trick even without using the “skip 3G” option at MEManuf (which is also an acceptable workaround for someone who doesn’t want to reflash for some reason). With the jumper set to ON, the FPT command you need to use is fpt -rewrite -desc -f fd_mod.bin followed by fpt -greset for good measure even though the latter is not really needed for a FD reflash.

For the reported events, I don’t really have AMT experience as I’ve never owned a 5MB/Corporate system but these events seem normal to me. Maybe a google search will help you in this case or even better, reading the AMT MEBx and WebUI guides found at the latest ME System Tools v8.x package.

fd_mod_7010_jwlu.rar (310 Bytes)

@plutomaniac

I have flashed “Descriptor region” in SERVICE_MODE (only “fpt -rewrite -desc -f fd_mod.bin” without “fpt -greset”) - successfull: now MEManuf passes all tests without any errors - !!!Many Thanks!!!

By the way:
- Can I use modified by you flashes (files ‘me_amt_mod_7010_jwlu.rar’ and ‘me_amt_mod_7010_jwlu.rar’) in my another ‘Dell Optiplex 7010’ with identical hardware and BIOS version A21? (I have compared binary original ‘ME region dumps’ from this two computers and they are differs in many places)

- Can I in future do update BIOS using official ‘DELL bios update’? Will there be a re-lock the AMT by overwriting the ME region?

Thanks a lot

Perfect, I have added the extra 3G instructions at the cleanup guide as well. It’s perfectly normal for two ME regions from the same model, or even same system after a few reboots, to be different in many ways as the ME is not static firmware and keeps a lot of platform/system-specific initialization data.

- In theory, yes. Only the ME region though, not the full SPI image of one system (FD+ME+BIOS). I said “in theory” because Dell customizes the ME with settings requested upon ordering of the machine, usually AMT or No-AMT but maybe other things that I do not know. If it’s just a matter of AMT or No-AMT then yes, you can safely use the cleaned/configured/updated ME region on all 7010 systems you have. As a general rule of thumb, I would play it safe and always follow the Engine Initialization DATA Cleanup Guide which is exactly what I did in your case as well.

- I don’t see why not. As long as the jumper is set to SERVICE_MODE, the update procedure cannot change anything at the locked regions like FD and ME. So the ME cannot be overwritten. Besides, Dell in particular almost never overwrites the ME region because they tend to use FWUpdate tool + an RGN (stock, unconfigured) ME region to update during the BIOS update. Dell must be stupid if they have a check to not allow updating because the ME is newer or whatever. Bottom line, I think you will be just fine if any new BIOS update is released for that model. If not, we are here.

Hello how about Optiplex 9020… Having same issue can`t access vpro. Is any solutions ?

Thanks

HI, plutomaniac
my PC is DELL T3610, INTEL AMT disabled,i want enable it and Clean the Engine Initialized DATA section ,but it’s very difficult for me.
i do this fptw64 -d myspi_17.rom and fptw64 -d me_17.rom -me
could you help me ?
sorry for my poor english.
thank you!
files URL:https://pan.baidu.com/s/1kVHe6Cv

@manjaki

Attach your full SPI image dump after setting the ME Service jumper. Check the rest of the thread for instructions, if you don’t know about the jumper.

@ gltianya

Try the following SPI image. Flash with “fptw -f myspi_17_fix.bin” followed by “fptw -greset” command. After system reset, check if it works and report back either way. Also, avoid Baidu as it’s extremely slow for everyone outside China. Try attaching instead.

myspi_17_fix.part1.rar (5 MB)

myspi_17_fix.part2.rar (1.07 MB)

thank you for your help,
i downloaded myspi_17_fix.part1.rar and part2, and unpack it ,then i use fitc open it, found BIOS Region.bin size (6172KB) big than before (6144KB). I don’t understand what it means. Add something in BIOS Region?
are you sure it’s 6172KB , not 6144KB? I’m worried that the main board may be hung up。

The fixed ME is 0x7000 smaller in size compared to the original one. In order to keep the total SPI image size the same, FITC decided to place the extra padding at the start of the BIOS region and make it’s size larger at the Flash Descriptor as well. Personally, I prefer to add the padding at the end of the ME and I was under the impression that FITC was doing that as well. I think both are ok, there won’t be any issue with the BIOS. Regardless, I have included a 2nd fix at the archive below with the extra padding at the end of the ME and not at the start of the BIOS region.

@CodeRush Quick question: it is ok to have the extra padding at the start of the BIOS, right?

myspi_17.part1.rar (5 MB)

myspi_17.part2.rar (2.76 MB)