HI,
first post, so first at all - thank you for this forum.
I have a MSI board with APTIO IV BIOS. I almost "hate" DOS, so if possible I do everything with LINUX.
Running AFULNX to flash the entire BIOS including ME firmware fails, cause ME region is locked somehow for AFU (flashing with DOS and fpt works, no issues).
Is it possible to "unlock" the ME region somehow so that it could be flashed with AFU? Should be no matter if AFUDOS, AFULNX or AFUWIN is used, I guess…
Anybody any idea?
Thank you, cheers
Martin
There is no such thing as ME being locked for AFULNX but not AFUDOS or FPT. If the flash descriptor is locked, it’s locked for every software solution out there.
Check if the flash descriptor is unlocked by running fptw -d BIOS.bin. If it reports Error 26 then your flash descriptor is locked and the ME region cannot be dumped or replaced. If the whole SPI image is dumped then you are good to go.
If it’s indeed unlocked and AFUDOS/AFUWIN can dump/replace the ME but AFULNX cannot do so, it may mean that the Linux version is problematic. There is also an undocumented AFU command, /GAN if I’m not mistaken that can bypass some software flash restrictions (not the flash descriptor but it may help if what you are really experiencing is something different). Try that as well if you want but generally it’s better to use FPT for ME Region operations.
Either way, people don’t flash their ME or BIOS every day. Even if you “hate” DOS/Windows it wouldn’t be terrible to use them once to perform a flash via tools that Intel has verified to work at their platforms.
Hi,
thank you for your answer.
The DOS stuff is not a big issue, I was just wondering if there is a "Linux way"… You are right, ME or BIOS is not flashed every Day, but maybe you know the days when you are playing around with some mods and you have to reflash and reconfigure them several times that day… So for me it would have been nice if I could write a little Linux shell script e.g. to flash original BIOS/ME and backup-settings, including verify if the flash worked or not (handling exit codes in DOS, if they are available at all, are pure PITA, as well as comparing e.g. output logs).
In this case I can flash BIOS with afu (no matter if I use afudos/afulnx/afuwin), but afu is telling me alsways (on all plattforms) "Error: BIOS does not support ME Entire Firmware update." And indeed, ME is not flashed then while BIOS update works fine. If I use fpt (with DOS) ME update works as expected (in one step with BIOS), no additional step for ME update needed…
Also tried flashrom (flashrom . org), but there I see something like "Warning: SPI Configuration Lockdown activated."
Any ideas?
Thank you, cheers
First of all, there was a small typo in my last post. If you see Error 26, the descriptor is locked and not unlocked. It’s now fixed.
Now, when you say ME Update I assume you mean replacing the entire ME Region. Usually when we say ME Update we mean actual update images which can only be used with FWUpdate and not FPT. Anyway, as long as we are on the same page that doesn’t matter I suppose.
I used to have this issue with AFU as well in the past, refusing to update the ME region. I just started using FPT. Have you tried /GAN? Have you tested whether your flash descriptor is locked? The latter can be found out by fpt as I said above (error 26) or by flashrom -V command which should point out whether the ME Region is locked or not. For example:
0x5C: 0x01840003 (FREG2: Management Engine)
0x00003000-0x00184fff is locked
Let me know of the above first because I’m not sure you replied to these in your last reply.
According to a flashrom forum thread I found, this warning is probably not important. Maybe some parameters will disregard it, I don’t know. I haven’t used flashrom. The quote was:
HI,
yes, tried the /GAN switch with AFU, did not work.
As far as I can see I would say that the descriptor is not locked, no error with fpt, no message with flashrom. flashrom even tells me that the ME region is writeable:
"
0x54: 0x00000000 FREG0: Flash Descriptor region (0x00000000-0x00000fff) is read-write.
0x58: 0x0fff0a00 FREG1: BIOS region (0x00a00000-0x00ffffff) is read-write.
0x5C: 0x09ff0001 FREG2: Management Engine region (0x00001000-0x009fffff) is read-write.
"
If I use flashrom to upgrade BIOS + ME it seems to work, but right after upgrade on next reboot the system does not start any more, have to do a power cycle then - so not "nice" for my "fully automated reflash to manufacturer default BIOS + ME and my backup settings"…
So again, this is not a "serious" issue but only a "nice to have" and a "wondering why it does not work that way" thing…
Thank you, regards
Yes, it seems that you do have an unlocked flash descriptor. Does FPT also cause this problem that requires a power cycle? If it doesn’t, it must be an issue with other flashers and since I have no experience with them I don’t really know what to say.