Today I found >here< a link to an Intel ME tool, which may be interesting for Intel ME experts. The developer’s name is Igor Skochinsky.
According to the developer’s site (>LINK<) the me-tools resp. the related scripts are able to dump and to extract Intel ME Firmware images. The following formats are supported by the tool:
Full SPI flash image with descriptor (signature 5A A5 F0 0F)
Full ME region image (signature ‘$FPT’)
individual ME code partitions and update images (signature $MN2/$MAN)
Supported ME versions: 2.x - 9.x for desktop, 1.x-3.x for SpS, 1.x for TXE/SEC.
Users, who want to download and test the tool or want to know more about it, should visit scochinsky’s me-tools site (>LINK<).
My idea was to try and send the “HMRFPO ENABLE” message to the ME co-processor and unlock it via software. However, this phython script was not properly working for both my Z77 and HM65 systems. Even if it did work, I’m not sure the message would have unlocked the descriptor because it may have to be sent during a specific system state right after booting or something. Without something to unlock the descriptor this dumper won’t be useful. And if it is unlocked, FPT seems to be easier that running phython scripts either way.
You are right - now I remember, that you had already written about your own experiences with Igor Skochinsky’s me-tools. If you think, that this tool is not worth to get an own thread, you can merge both threads.
Yes, this has been confirmed by our Forum member and expert CodeRush. This is what he wrote >here< about Igor Skochinsky’s me-tools:
No there is no need to merge. It’s good that you made this thread, who knows what we can achieve with these tools in the future.
Well they may be for tinkering but if we can successfully send the HMRFPO message via me_util and it does not require any special system state (I think I read something relating to that in the extremely little info from Intel you can find regarding this message) then it would make everything extremely easier.
That user aler+ from mydigitallife is basically asking the same thing and unless I remember correctly and a special system state is required, I think it’s possible. I’ll mention @CodeRush here in case he can clarify on whether that is even remotely possible even though the same question was asked at mydigiallife. Either way, I’ll be checking that other forum thread for his reply.
This answer is beyond my NDA, guys, so I’m really sorry for being unable to explain anything as usual, but I can say one thing: ME will not respond to the message after End of POST if it’s not in manufacturing mode (which is not available for end users). There are some clever ways to send it before EoP using self-made DXE driver, but I can’t say nothing more.
Oh I didn’t know you worked for such a company (Intel, OEM etc). I’m sorry if I brought you in a difficult position.
So indeed, what I remembered as “system state” is End Of Post. Manufacturing mode is basically an unlocked descriptor so even if someone made a simple tool to execute that command it would’t do anything in a properly distributed system with a locked flash descriptor. Thank you for the DXE driver tip, it might help some other tinkerer.
