Currently I have a Optiplex 7010 that was purchased with the ME disabled, these systems do have full VPro capability but once it is disabled on a motherboard then this mode cannot be switched apparantly.
Recently another identical system had to have its motherboard replaced, the engineer came on site to do it. On this initial power on, there was a screen which asked to enter the ME/AMT/VPro Mode you wanted and then once it was saved the option was then set. There is this informaton I found on it : http://www.google.co.uk/patents/US8286093
What I am wondering is, if it is possible at all to somehow enable this mode on these systems once this option has been set to enable the full VPro functionality? As obviously all the motherboards are identical so this data must be stored somewhere preventing the ME from starting. I found this document on the FlashROM site and even though a lot of it didn’t make any sense to me I do think a section was relevent : http://code.coreboot.org/svn/flashrom/tr…eries_intel.txt
Don’t know if it helps but here is an output from FPT:
Is there any clever person who can advise on if this is going to be possible at all? I would really appreciate it!
The first thing that came to mind is MEBx. Have you tried accessing it while the system boots (POST stage) via the CTRL+P sortcut? There should be an option to enable AMT in there. That’s the normal way.
If you cannot enable it from MEBx or cannot access that menu you will need to mod the ME Region using FITC and enable AMT. Then you need to flash the modded ME Region with AMT enabled. Thing is, you need an unlocked flash descriptor to do that and based on FPT output I think it’s locked. If I remember properly “ME - ID: 0x0000, Read: 0x0D, Write: 0x0C” should point to a locked descriptor. You can use command FPT -d SPI.bin to verify that easily. If it reports Error 26, your flash descriptor is locked and thus no ME Region modding is possible without the use of an external programmer.
I extracted the ME firmware from the latest Dell BIOS for your system (O7010A20.exe) and they seem to include a clean/stock firmware with no OEM customizations. By default AMT is enabled on all 5MB SKUs like yours and since Dell flashes a stock firmware, they cannot have used FITC to disable AMT the hard way. They probably do this on-site via MEBx which is user-configurable. Maybe they change any settings manually via MEBx before shipping and not automatically by flashing an already modified firmware via FITC. Anyway, try MEBx and also check if your flash descriptor is locked or not. According to my understanding, you should be able to enable AMT via MEBx menu.
Unfortunately CTRL + P does absolutely nothing, even hitting F12 the option isn’t there - on the VPro enabled system it is.
I was doing a bit more digging. After messing with the FPT Tool earlier my Flash Descriptor was locked. However, if I have just found if I put a jumper on the SERVICE_MODE pins on the motherboard, this unlocks the descriptor:
Intel (R) Flash Programming Tool. Version: 8.1.51.1476 Copyright (c) 2007 - 2013, Intel Corporation. All rights reserved.
[SPI.bin] file already exists Do you want to overwrite file? Y/<N> or q to quit : y
- Reading Flash [0xC00000] 12288KB of 12288KB - 100% complete. Writing flash contents to file “SPI.bin”…
Memory Dump Complete FPT Operation Passed
I actually took a firmware dump using an SPI programmer of the system with Full VPro and extracted the ME region using UEFI Tool and using FITC I could see that AMT had enabled options, I even took a dump of this system using SPI and can see the options are set differently but couldnt write the flash back via SPI because I couldnt get the chip into WRITE ERASE mode!
The thing is I cant flash the ME region using WUpdLcl as I get this error:
Intel (R) Firmware Update Utility Version: 8.1.40.1456 Copyright (C) 2007 - 2013, Intel Corporation. All rights reserved.
Error 8193: Intel (R) ME Interface : Cannot locate ME device driver
STATUS: display FW version failed.
I suspect this is because setting the jumper into SERVICE_MODE has essentially set ME into this Diagnostics mode. So now I am a bit stuck as to what to do next. Is there any way to flash just the ME region using another tool?
Oh, your motherboard has a jumper to disable the flash descriptor protection. Great, this is not found often.
Yes, you are right. While the ME is disabled you cannot interact with it using tools such as MEInfo, MEManuf or FWUpdate as they require the interface device and that’s not shown at the operating system at such a state.
Either way, using FWUpdate with the ME Region will not help you as FWUpdate only updates the CODE and not DATA section of ME. Make sure you have a ME Region ($FPT header and all) and then flash it using FPT -f ME.bin -me. FPT is a general flasher so it will work no matter the state ME is at. No MEI driver required.
If the two systems are “identical” and you also want to have a modded SPI image, I suggest you dump the SPI image of the AMT system, extract the ME Region (2MB), replace the ME Region of your own SPI dump with the AMT one and flash the modded SPI back with FPT. In that case you must use FPT -f SPI.bin (without -me parameter, that’s for when you want to reflash the ME Region only).
The result will be the same in both cases. Just don’t flash the other system’s SPI dump as some info might be lost such as MAC address, Series Keys etc which are OEM/board specific.
Thanks for your help so far. I am not having much luck, maybe there is something wrong with the ME Region from the AMT system how do I confirm it has the $FPT header?
I took a full dump and used UEFI tool and replaced this ME with the AMT one and then wrote that back sucessfully. But when powering the system up it appears to break ME completely as ME info just comes up with an error (will have to double check what it was now) thought I would run the A20 bios update and that doesn’t even flash at all.
Just wondering whether it is possible to change the ME region to full read write access using Flash Image Tool and writing that back and then booting up outside of service mode and perhaps running the official firmware update again and seeing if that maybe kicks it in to action.
Flashed it again fresh, shutdown and removed the CMOS battery and placed the jumper on the RTC Clear and left it a few minutes and hey ho it is now back to factory settings and I now have a lovely MEBX button when I do F12
I’ve been wanting to enable this for a while now you see so did a lot of reading. Doing a SPI dump of each chip wasn’t the solution because I couldn’t get the chip into WRITE ERASE mode so protected blocks were not over written then I started looking into doing it through software. Suppose it’s extremely lucky that the systems have a SERVICE_MODE that disables the flash descriptor or else I would have been completely stuck.
Thanks for your help, you definitely pointed me in the right direction on the last hurdle I came across
Stumbled upon this thread after days of searching.
I have a bunch of T1700’s with AMT disabled in the same way as Adam86 explained. I have dumped the SPI, i have modified the disabled state, rebuilt spi.bin, reflashed (with service_mode jumper in), did fpt greset, unplugged the power, and ME is in “initializing” mode according to meinfo and not coming up mebx or not seen in windows. Network card down too (so ME can’t initialize obviously). Flashing old SPI back fixes everything, but i need to get AMT running ASAP, “or else…” (let’s say we ordered a bunch of machines and someone forgot to put a checkbox in) I unfortunately don’t have a machine with AMT on, so can’t do the swap trick. Using FITC 9.0.21.1452. Not sure if this is up to date enough for my purpose. Doing a byte-check between modded and unmodded regions of ME, the difference is significant, but i’m not sure how to patch it right. Any pointers would be greatly appreciated.
Thanks
Update: Read guides on this forum for ME management, got the necessary tools with necessary versions Using Fpt 9.1, using FITC 9.1, that match the ME i’m working with.
Still no love.
I tried dumping the ME part only (fpt -d ME.bin -ME) it comes out at 6 MB, however when I open it in FITC, change the “permanently disable AMT” flag and rebuild it, it comes out with 5 MB image (modified the amount of descriptors to flash to 0 too) . When I flash that with fpt -f menew.bin -rewrite -me, it warns that size is 6 mb but i’m only flashing 5. And then again ME doesn’t work in the end. Tried stock ME firmwares from this forum to no love as well.
Perhaps can use fpt to set variables without reflashing, but can’t figure out which out is for AMT permanent disable…
Hope help comes my way one day Thanks in advance Andrew
Alright, your edit addressed the first point I wanted to make: use 9.1 tools since you have 9.1 firmware. This is what the latest A18 dell bios has:
It’s a stock image (RGN) so the settings are set before shipment. Can you attach the full ME region dump (fptw -d me.bin -me) from the working system? The full SPI image will do too.
Never flash stock ME images directly with FPT, the firmware always needs to be configured first with FITC. The exception is FWUpdate tool which updates only what’s needed and thus anything valid will do (RGN/EXTR/UPD).
Have you searched the internet in order to see if someone somewhere has uploaded a T1700 SPI dump for reference?
Days of searching led me to this forum, and couldn’t find other resources discussing intel ME so deeply as here, so no - didn’t find SPI dumps of system with AMT enabled. Will make one once i have one.
I didn’t flash stock ME stuff directly, instead i followed steps from the guide how to reset ME data, but seems anything i flash that is not original dumped SPI renders the ME into non-working state
Current thoughts i’m thinking - build 2 SPIs fith FITC - one with amt disabled, one with enabled, then do bitwise check, find the same pattern in dumped ME, and replace byte-by-byte. Question: Are there any CRC checks in there, or can mod things directly in the dump?
Yes there are checksums and other stuff. You cannot change data in ME that way, it’s a very complicated firmware to do something like that. Use FITC instead.
Ok, try this attached ME Region image. I changed settings with FITC to enable AMT and also followed the “clean DATA” guide as an extra step. Use FPT with the command fptw -rewrite -me -f me_fix.bin and after it’s successful do a fptw -greset.
Thanks a ton. Will try this later tonight. If you don’t mind me asking - what could i possibly done wrong - why were my files created with fitc coming out smaller sizes? (mine were coming out 4.9 mb, your is same size of 6 mb) Can this be used on >1 machine, or there are specifics that make it unique to the machine on which it was generated. Which checkbox i could have forgotten ( yes i know how it sounds, but maybe something well known i’m missing)
I don’t know that it will certainly work, I hope so. If it doesn’t then there might be some other setting which needs to be set. So there is no need to thank me yet, let’s see if it works. From what I can see from the OP, the only thing he reflashed to get it working is the ME region so any changes need to be made there. Meaning, I have excluded the BIOS/MEBx as another thing to mind.
The dump you provided is from one specific machine and it was useful so that I can have the baseline of settings that Dell is using on that model of theirs. On top of those settings, I can alter the AMT ones and hopefully get it to work. Now, since I also followed the Clean ME Data guide, that ME Region can be used will all the T1700 systems you ordered, provided of course that it works on that one you use for testing currently.
FITC tends to cut the ME region aggressively without respecting the sizes mentioned inside it. It never cuts actual data, just padding. But still, “in theory” that padding is supposed to be there based on the section sizes mentioned within the firmware image. Anyway, this doesn’t really matter. Personally I made the changes using the full SPI you provided and after rebuilding with the AMT settings changed, I extracted the ME Region only quickly using UEFITool. Thus the size is the same. You could do it manually of course by importing only the ME Region at FITC, change number of components to 0, rebuild that ~4MB or so ME region (instead of the 6MB it originally takes inside the SPI) and then manually add FF padding at the end until the size is exactly the same as the original. Using the full SPI at FITC followed by UEFITool extraction is easier and faster so that’s why I chose that.
That’s great. You can now use that me region on all the T1700 systems you ordered with AMT disabled. Don’t forget to restore the service jumper after reflashing for the ME to work properly. Enjoy!
Like the previous person did, attach me a dump of your current system with Flash Programming Tool’s command fptw -d spi.bin and attach it here. Your ME region needs to have write access enabled for that so check for any jumpers, bios options or similar, just like I said to the previous person with the same system. I can then build you an AMT enabled ME region for your system.
For some reason the ME region inside that dump causes Flash Image Tool to always crash. It’s the first time I’m seeing this. Run Flash Programming Tool with command fptw -greset . After reset, shut down the system, set the jumper and attach a new dump of the system, this time with both commands fptw -d spi.bin and fptw -d me.bin -me .
