Hi - I’m getting some weird build errors. I’ve tried manipulating the RedirectionPrivSecLevel (the value it seems to be complaining about to see if that makes any difference), but it doesn’t matter. I still get that error every time.
I’m in service mode on my machine (set the jumper on the board) and generated the bin file using:
1
fptw64.exe -d me.bin -me
All binaries for this were downloaded from here (Intel CSME System Tools v11 r14). The system is an Optiplex 5050 with an i7-6700 (Intel 200 Series Chipset) that just has the Standard Manageability (basically only remote power options), so I'm trying to tweak it so I can do KVM operations.
I opened up FIT (as admin), loaded the bin I generated, and made the following changes in regards to AMT/Flash:
However, when I try to build the new bin, I get errors regarding NvarActions.
Here is the MEInfo output I gathered before starting:
Transcript started, output file is C:\Users\Karson\Documents\PowerShell_transcript.h8ROHKEi.20180909052743.txt PS C:\Users\Karson\Desktop\Intel CSME System Tools v11 r14\MEInfo\WIN32> .\MEInfoWin.exe
Intel(R) MEInfo Version: 11.8.55.3510 Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.
Intel(R) Manageability and Security Application code versions:
BIOS Version 1.10.2 MEBx Version 11.0.0.0010 GbE Version 0.1 Vendor ID 8086 PCH Version 0 FW Version 11.8.55.3510 H Security Version (SVN) 3 LMS Version 11.7.0.1054 MEI Driver Version 11.7.0.1045 Wireless Hardware Version Not Available Wireless Driver Version Not Available
FW Capabilities 0x791A1146
Intel(R) Standard Manageability - PRESENT/ENABLED Intel(R) Capability Licensing Service - PRESENT/ENABLED Protect Audio Video Path - PRESENT/ENABLED Intel(R) Dynamic Application Loader - PRESENT/ENABLED Service Advertisement & Discovery - PRESENT/ENABLED Intel(R) Platform Trust Technology - PRESENT/DISABLED
Re-key needed False Platform is re-key capable True Intel(R) AMT State Disabled Intel(R) Standard Manageability State Enabled TLS Disabled Last ME reset reason Global system reset Local FWUpdate Enabled BIOS Config Lock Enabled GbE Config Lock Enabled Host Read Access to ME Disabled Host Write Access to ME Disabled Host Read Access to EC Disabled Host Write Access to EC Disabled SPI Flash ID 1 C22018 SPI Flash ID 2 Unknown BIOS boot State Post Boot OEM ID 68853622-eed3-4e83-8a86-615f6b78 Link Status Link Up System UUID 4c4c4544-004a-3910-8036-b4cb32 MAC Address 50-9a-4c-xx-xx-xx IPv4 Address 192.168.1.36 IPv6 Enablement Disabled IPv6 Address Unknown Privacy/Security Level Default Configuration State Completed Provisioning Mode PKI Capability Licensing Service Enabled OEM Tag 0x00000000 Slot 1 Board Manufacturer 0x00001028 Slot 2 System Assembler 0x00000000 Slot 3 Reserved 0x00000000 M3 Autotest Enabled C-link Status Enabled Wireless Micro-code Mismatch No Wireless Micro-code ID in Firmware 0x24FD Wireless LAN in Firmware Intel(R) Dual Band Wireless-AC 8265 Wireless Hardware ID No Intel WLAN card installed Wireless LAN Hardware No Intel WLAN card installed Localized Language English Independent Firmware Recovery Disabled EPID Group ID 0x1FE8 LSPCON Ports None 5K Ports None OEM Public Key Hash FPF AD8D2D4A81D259587B4B3C6FB70C0E99E51B1BC102AC80542B0975CC0A228BEB OEM Public Key Hash ME AD8D2D4A81D259587B4B3C6FB70C0E99E51B1BC102AC80542B0975CC0A228BEB ACM SVN FPF 0x0 KM SVN FPF 0x0 BSMM SVN FPF 0x0 GuC Encryption Key FPF 0000000000000000000000000000000000000000000000000000000000000000 GuC Encryption Key ME 0000000000000000000000000000000000000000000000000000000000000000
FPF ME --- -- Force Boot Guard ACM Enabled Enabled Protect BIOS Environment Enabled Enabled CPU Debugging Enabled Enabled BSP Initialization Enabled Enabled Measured Boot Enabled Enabled Verified Boot Enabled Enabled Key Manifest ID 0xF 0xF Enforcement Policy 0x3 0x3 PTT Enabled Enabled PTT Lockout Override Counter 0x0 EK Revoke State Not Revoked PTT RTC Clear Detection FPF 0x0
and lastly, my ME Analyzer Output from the initial bin I generated in the first step or two:
If anyone has any help or suggestions, thank you :)
You’re welcome - I never expect anyone to do basic troubleshooting/information gathering for me when asking for help. I appreciate you acknowledging that!
I’m still reading some things and learning, so hopefully the zipped up me.bin I generated is what you need.
People who explain their problem that well are rare so yes, I try to always thank them for that.
Now, it seems that the ME File System (MFS), which holds all the firmware settings, is corrupted on your dumped firmware and is not salvageable. It is possible that the CSE has detected that. You can run MEInfo -verbose or MEInfo -fwsts to check the MFS status if you want.
To fix this, you need to find another (healthy) Optiplex 5050 firmware dump so that we can take its CSME settings and follow the Engine CleanUp Guide. While following the Engine CleanUp Guide, you can also tweak those AMT/KVM settings and enable them. But first we need to find a healthy 5050 SPI/BIOS chip or even just CSME region dump.
Here’s the MEInfo output with both of the switches. For what it’s worth, I still have the service mode jumper in place. If that invalidates any of these results, I can remove it and rerun. From what I can see, it isn’t reporting as corrupt. I could try generating my me.bin with the x86 binary - stranger things have worked? (edit - it did not work)
We have a bunch of 5050’s at work I could probably pull the firmware from, but with different CPU’s (i5’s). Since we’re gathering just the ME portion, that shouldn’t be a problem, right?
Transcript started, output file is C:\Users\Karson\Desktop\meinfo_fwsts.txt PS C:\Users\Karson\Desktop\Intel CSME System Tools v11 r14\MEInfo\WIN64> .\MEInfoWin64.exe -fwsts
Intel(R) MEInfo Version: 11.8.55.3510 Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.
FW Status Register1: 0x80042004 FW Status Register2: 0x30840106 FW Status Register3: 0x00000030 FW Status Register4: 0x00684000 FW Status Register5: 0x00001F01 FW Status Register6: 0x07C003C9
CurrentState: Disabled ManufacturingMode: Disabled FlashPartition: Valid OperationalState: Transitioning InitComplete: Initializing BUPLoadState: Success ErrorCode: Disabled ModeOfOperation: Unsecured mode by H/W jumper SPI Flash Log: Not Present FPF HW Source value: Original FPF HW Fuse Bank ME FPF Fusing Patch Status: ME FPF Fusing patch NOT required Phase: BringUp ICC: Valid OEM data, ICC programmed ME File System Corrupted: No PhaseStatus: UNKNOWN FPF and ME Config Status: Not committed
Yes, the CSE is disabled when the jumper is set so it does show unexpected results. Even if the CSE does not detect it, the MFS is definitely corrupted. I don’t think re-dumping it will help as the rest of the firmware is healthy. Improper dumping would have corrupted the entire image, not just MFS.
I searched online and could find very few info on Optiplex 5050, maybe it’s new. So searching for 3rd party dumps there will not yield any results. However, if you have other 5050’s at work then great. Find a healthy one (verify via MEInfo -verbose) and dump its CSME region. The CPU does not matter, the CSME firmware settings should be the same at all 5050’s produced by Dell. There is one exception of course, those which ship with AMT/KVM enabled by the factory will have the equivalent settings adjusted at MFS via Flash Image Tool, which is what you are trying to do manually now. So, if you can, get a CSME dump from a healthy 5050 with AMT/KVM already enabled by Dell. If you only have 5050’s with basic manageability, no problem, just dump one which is healthy and we can adjust in FIT.
As for the current dump, in theory we can follow the CleanUp Guide on it (to repair the MFS) and adjust the AMT/KVM settings but we cannot know for sure that the rest of the detected settings in FIT are proper, depending on how corrupted that MFS is. So if you can get a healthy dump from work, definitely go for it.
OK - I will know more tomorrow once I’m in the office and attempt to bring one back to my desk to run the MEInfo -verbose to check it’s health before running the fptw64.exe command to dump the firmware.
In looking at the Intel CSME 11.8 Firmware Repository Pack r9, I see the 11.8.55.3510_COR_H_D0_PRD_RGN.bin which matches up perfect with the MEAnalyzer results I got in the first post. I’m reading the clean-up guide you posted earlier (am kind of stuck understanding Step 5 and beyond). Despite having an exact match in the firmware repo to work with, I still need a valid Optiplex 5050 dump?
If I’m understanding right, when/if I get that valid 5050 dump from a machine at work, I’ll verify the settings I want within FIT, build it, and run fptw64.exe -f filename.bin -me onto my system I’m working with at home. Am I understanding that correctly, or will I need to follow the clean-up guide with that valid firmware I gather prior to flashing back to my machine?
The purpose of the CleanUp Guide is to remove any Initialization dirt when using another system’s CSME firmware dump, as explained there. In order to to that, it basically exports the current dump settings and re-applies them on top of a clean (RGN) equivalent firmware. In your case, because you are dumping and re-flashing the same system, you shouldn’t need to follow the CleanUp Guide. However, since your MFS is corrupted, you need to follow the guide in order to take the healthy MFS from the RGN firmware and apply the system settings on it. So you repair the MFS and keep the system settings from your old dump. Now, since we cannot trust the settings of your dump, you will dump the CSME from another system. In such case, you must follow the CleanUp Guide in order to remove its Initialization data and make it work on your own system properly.
Great - thank you for the explanation! Here’s what I will do (more so that I remember this come tomorrow and be able to reference this thread at my desk)
1) Run MEinfowin64.exe -verbose to validate on a Optiplex 5050 at work 2) If not corrupt, run fptw to gather my bin file 3) Bring file back home, run the cleanup guide starting on section D2 and hope for the best
Yes, don’t forget to set and then unset the jumper when you are done dumping. Once you have the dump, follow the CleanUp Guide on it (use 11.8.55.3510_COR_H_D0_PRD_RGN no matter what the dump has). Note that you will be working with an Engine region and not a SPI/BIOS image. If you want to make your life easier when following the guide, dump the entire SPI/BIOS chip and not just CSME region via “fptw -d spi.bin”. But that’s not a requirement if you don’t want to. While you follow the CleanUp Guide, you can adjust whatever AMT/KVM settings you want after step 10 and before step 11. Also, there are some other settings which you might want to enable such as “Intel(R) ME Kernel” > “Hide MEBx Firmware Update Control” to “No”, “Intel(R) AMT” > “TLS” to “Yes” or similar. The choice is yours. If you happen to find a 5050 with AMT/KVM already enabled, you only need to follow the guide as the settings should already be there. No matter what, you can ask here for any help and make sure to attach your output image before you flash it for a quick final check.
I see. No it’s not the end of the road. First of all, the 7050 seems to be identical to 5050 with the only difference being is that the former mostly ships with i7 whereas the latter with i5. They probably use the same CSME settings as the firmware is certainly the same. Another option is to take the settings from your own dump and hope that they are ok (they may very well be, it’s a calculated risk). What you can also do is dump the 7050 and compare if its settings are the same as your dump. That will prove that we can use the 7050 and can also indicate whether we can use the settings from your own dump. No matter what, we can still proceed.
Thank you for staying with me helping troubleshoot. I got to a 7050 over lunch and gathered the spi.bin and me.bin (figured I’d gather both while I was in there).
Does any of the information I gathered below give reason to not move forward? (Please let me know if you’d prefer pastebin links instead of using the code tags)
PS C:\Users\Administrator\Desktop\Intel_AMT\Intel CSME System Tools v11 r14\MEInfo\WIN64> .\MEInfoWin64.exe -verbose
Intel(R) MEInfo Version: 11.8.55.3510 Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.
Windows OS Version : 10.0
FW Status Register1: 0x94000245 FW Status Register2: 0x89100106 FW Status Register3: 0x00000030 FW Status Register4: 0x00084000 FW Status Register5: 0x00001F01 FW Status Register6: 0x47C003C9
CurrentState: Normal ManufacturingMode: Disabled FlashPartition: Valid OperationalState: CM0 with UMA InitComplete: Complete BUPLoadState: Success ErrorCode: No Error ModeOfOperation: Normal SPI Flash Log: Not Present FPF HW Source value: FPF HW Not Set ME FPF Fusing Patch Status: ME FPF Fusing patch NOT supported in this FW Version Phase: Maestro ICC: Valid OEM data, ICC programmed ME File System Corrupted: No FPF and ME Config Status: Match FW Capabilities value is 0x7DFE5147 Feature enablement is 0x5DFE5147 Platform type is 0x42441422 No Intel Wireless device was found Intel(R) Manageability and Security Application code versions:
Table Type 85 ( 0x 55 ) found, size of 0 (0x 00 ) bytes BIOS Version 1.5.2 Table Type 85 ( 0x 55 ) found, size of 0 (0x 00 ) bytes Table Type 0 ( 0x 00 ) found, size of 52 (0x 34 ) bytes Table Type 1 ( 0x 01 ) found, size of 74 (0x 4A ) bytes Table Type 2 ( 0x 02 ) found, size of 62 (0x 3E ) bytes Table Type 3 ( 0x 03 ) found, size of 49 (0x 31 ) bytes Table Type 11 ( 0x 0B ) found, size of 78 (0x 4E ) bytes Table Type 12 ( 0x 0C ) found, size of 21 (0x 15 ) bytes Table Type 15 ( 0x 0F ) found, size of 37 (0x 25 ) bytes Table Type 25 ( 0x 19 ) found, size of 11 (0x 0B ) bytes Table Type 32 ( 0x 20 ) found, size of 22 (0x 16 ) bytes Table Type 16 ( 0x 10 ) found, size of 25 (0x 19 ) bytes Table Type 17 ( 0x 11 ) found, size of 47 (0x 2F ) bytes Table Type 19 ( 0x 13 ) found, size of 33 (0x 21 ) bytes Table Type 7 ( 0x 07 ) found, size of 29 (0x 1D ) bytes Table Type 4 ( 0x 04 ) found, size of 184 (0x B8 ) bytes Table Type 8 ( 0x 08 ) found, size of 35 (0x 23 ) bytes Table Type 9 ( 0x 09 ) found, size of 24 (0x 18 ) bytes Table Type 20 ( 0x 14 ) found, size of 37 (0x 25 ) bytes Table Type 43 ( 0x 2B ) found, size of 48 (0x 30 ) bytes Table Type 27 ( 0x 1B ) found, size of 32 (0x 20 ) bytes Table Type 28 ( 0x 1C ) found, size of 36 (0x 24 ) bytes Table Type 177 ( 0x B1 ) found, size of 14 (0x 0E ) bytes Table Type 178 ( 0x B2 ) found, size of 126 (0x 7E ) bytes Table Type 208 ( 0x D0 ) found, size of 35 (0x 23 ) bytes Table Type 210 ( 0x D2 ) found, size of 14 (0x 0E ) bytes Table Type 216 ( 0x D8 ) found, size of 31 (0x 1F ) bytes Table Type 218 ( 0x DA ) found, size of 253 (0x FD ) bytes Table Type 218 ( 0x DA ) found, size of 151 (0x 97 ) bytes Table Type 220 ( 0x DC ) found, size of 24 (0x 18 ) bytes Table Type 221 ( 0x DD ) found, size of 21 (0x 15 ) bytes Table Type 222 ( 0x DE ) found, size of 18 (0x 12 ) bytes Table Type 218 ( 0x DA ) found, size of 67 (0x 43 ) bytes Table Type 130 ( 0x 82 ) found, size of 22 (0x 16 ) bytes MEBx Version 11.0.0.0010 GbE Version 0.1 Vendor ID 8086 PCH Version 0 FW Version 11.6.29.3287 H Security Version (SVN) 1 LMS Version Not Available MEI Driver Version 11.7.0.1045 Wireless Hardware Version Not Available Wireless Driver Version Not Available
FW Capabilities 0x7DFE5147
Intel(R) Active Management Technology - PRESENT/ENABLED Intel(R) Capability Licensing Service - PRESENT/ENABLED Protect Audio Video Path - PRESENT/ENABLED Intel(R) Dynamic Application Loader - PRESENT/ENABLED Service Advertisement & Discovery - PRESENT/ENABLED Intel(R) NFC Capabilities - NOT PRESENT Intel(R) Platform Trust Technology - PRESENT/DISABLED
Re-key needed False Platform is re-key capable True Intel(R) AMT State Enabled TLS Enabled Last ME reset reason Global system reset Local FWUpdate Enabled BIOS Config Lock Enabled GbE Config Lock Enabled Get flash master region access status...done Host Read Access to ME Disabled Host Write Access to ME Disabled Get EC region access status...done Host Read Access to EC Disabled Host Write Access to EC Disabled Protected Range Register Base #0 0x0 Protected Range Register Limit #0 0x0 Protected Range Register Base #1 0x0 Protected Range Register Limit #1 0x0 Protected Range Register Base #2 0x0 Protected Range Register Limit #2 0x0 Protected Range Register Base #3 0x0 Protected Range Register Limit #3 0x0 Protected Range Register Base #4 0x0 Protected Range Register Limit #4 0x0 SPI Flash ID 1 C84018 SPI Flash ID 2 Unknown BIOS boot State Post Boot OEM ID 68853622-eed3-4e83-8a86-6cde315fxxx Link Status Link Up System UUID 4c4c4544-0038-4a10-8032-cxxxxxxxx MAC Address d8-9e-f3-0d-xx-xx IPv4 Address 0.0.0.0 IPv6 Enablement Disabled Privacy/Security Level Default Configuration State Not Started Provisioning Mode PKI Capability Licensing Service Enabled OEM Tag 0x00000000 Slot 1 Board Manufacturer 0x00001028 Slot 2 System Assembler 0x00000000 Slot 3 Reserved 0x00000000 M3 Autotest Enabled C-link Status Enabled Wireless Micro-code Mismatch No Wireless Micro-code ID in Firmware 0x24FD Wireless LAN in Firmware Intel(R) Dual Band Wireless-AC 8265 Wireless Hardware ID No Intel WLAN card installed Wireless LAN Hardware No Intel WLAN card installed Localized Language English Independent Firmware Recovery Disabled EPID Group ID 0xFF1
Retrieving Variable "LSPCON Port Configuration" LSPCON Ports None
Retrieving Variable "eDP Port Configuration" 5K Ports None OEM Public Key Hash FPF AD8D2D4A81D259587B4B3C6FB70C0E99E51B1BC102AC80542B0975CC0A228BEB
Retrieving Variable "OEM Public Key Hash" OEM Public Key Hash ME AD8D2D4A81D259587B4B3C6FB70C0E99E51B1BC102AC80542B0975CC0A228BEB ACM SVN FPF 0x0 KM SVN FPF 0x0 BSMM SVN FPF 0x0 GuC Encryption Key FPF 0000000000000000000000000000000000000000000000000000000000000000
Retrieving Variable "GuC Encryption Key" GuC Encryption Key ME 0000000000000000000000000000000000000000000000000000000000000000
FPF ME --- -- Force Boot Guard ACM Enabled Retrieving Variable "Force Boot Guard ACM Enabled" Enabled Protect BIOS Environment Enabled Retrieving Variable "Protect BIOS Environment Enabled" Enabled CPU Debugging Enabled Retrieving Variable "CPU Debugging" Enabled BSP Initialization Enabled Retrieving Variable "BSP Initialization" Enabled Measured Boot Enabled Retrieving Variable "Measured Boot Enabled" Enabled Verified Boot Enabled Retrieving Variable "Verified Boot Enabled" Enabled Key Manifest ID 0xF Retrieving Variable "Key Manifest ID" 0xF Enforcement Policy 0x3 Retrieving Variable "Error Enforcement Policy" 0x3 PTT Enabled Retrieving Variable "Intel(R) PTT Supported" Enabled PTT Lockout Override Counter 0x0 EK Revoke State Not Revoked PTT RTC Clear Detection FPF 0x0 PS C:\Users\Administrator\Desktop\Intel_AMT\Intel CSME System Tools v11 r14\MEInfo\WIN64> .\MEInfoWin64.exe -fwsts
Intel(R) MEInfo Version: 11.8.55.3510 Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.
FW Status Register1: 0x94000245 FW Status Register2: 0x89100106 FW Status Register3: 0x00000030 FW Status Register4: 0x00084000 FW Status Register5: 0x00001F01 FW Status Register6: 0x47C003C9
CurrentState: Normal ManufacturingMode: Disabled FlashPartition: Valid OperationalState: CM0 with UMA InitComplete: Complete BUPLoadState: Success ErrorCode: No Error ModeOfOperation: Normal SPI Flash Log: Not Present FPF HW Source value: FPF HW Not Set ME FPF Fusing Patch Status: ME FPF Fusing patch NOT supported in this FW Version Phase: Maestro ICC: Valid OEM data, ICC programmed ME File System Corrupted: No FPF and ME Config Status: Match
So, I then put the 7050 in service mode and proceeded to gather both bin files (me.bin attached). I ran a MEAnalyzer against the me.bin (output below).
If everything looks OK, I will probably use the spi.bin and go through the cleaning guide. I don't know enough about this process, and having a well documented, step by step of how to clean the spi.bin will be helpful for me to understand. Unless, applying the 7050's me.bin to my 5050 really isn't all that difficult.
Ok, great. I prefer the logs being here in code tags, thank you. Now, I think everything is perfect. The 7050 system is healthy and all of its CSME settings are identical to the 5050 but also with AMT/KVM/TLS enabled. So everything is ready.
All you have to do is follow the CleanUp Guide at the dumped spi.bin from 7050, nothing more like we discussed earlier. Once you have the “cleaned” 7050 SPI image, you can “extract as is” the CSME region via UEFITool, which can then be flashed back via “fptw -me -rewrite -f me_fix.bin” followed by “fptw -greset”. After the reboot, your 5050 should have healthy CSME firmware with AMT/KVM/TLS enabled.
I have attached my own me_fix.bin after having followed the CleanUp Guide. Follow the process as well and then compare the two CSME firmware, they should be the same.
Getting these same errors on an Optiplex 5040. Cleaning the image with the procedure does no good. Trying to enable TLS and more AMT support, as a previous procedure worked to activate it (when before being ME_Disabled by the factory) however all KVM features “are not supported” and will not work (along with TLS). I’ll attach files below.
MEAnalyzer output is also included in the .json file. 5040_ME.zip (7.3 MB)
