since the begining, I got into the l502x bios hacking because my interest in OC the laptop, and it still one of the things pending to do even we has been able to create a recovery method, fix sleep, vbios modding, menu unlocking and more.
however like Timewalker said, ME flashing is really dangerous.
because as far I know there is no posible recovery for ME.
no magic CDrom, usb stick or END key will save our asses from disaster if something goes wrong.
so we will have to proceed really carefully with this.
I suggest we try to edit the "Intel ME FW version: 7.1.52.1176" jkbuha and me sucesfully flashed into our xps 15 and xps 15z machines since that seemed to work fine for both machines.
http://l502x.lag.re/Intel_ME_update.rar
all we would need now is modify that firmware image.
now the question is how the heck we can do that
So what is the Intel ME and why will it stop recovery?
It won't stop recovery .. it's just .. well .. The structure security Intel has on their platforms consists of regions.
The top region is the flash descriptor region which essentially protects all other regions if locked.
Below FD there are
- BIOS Region + EC Region (can be reflashed by initiating the recovery from the boot block)
- GbE Region
- ME Region
![[Image: figure1.gif]](http://www.intel.com/technology/itj/2008/v12i4/10-paper/pix/figure1.gif)
ME is a complex thing which essentially drives the logic board. It basically defines platform features. There may be additional features to ME going from one platform to another.
I've stumbled upon this piece of code which is a part of coreboot's utilities and judging by the code allows to read and write FD ?
https://github.com/XVilka/coreboot/tree/...il/ifdtool
Also it appears that our BIOS has support for AMT because it provides vPro features .. or at least it implements the policies which Intel has defined:
InitVproPolicy.efi - AC5919D9-F137-4F87-869F-D863EDA88ED2_1_717.ROM
edit: ok, nevermind, timewalker explained it better ^^
@nebster - Intel ME = Intel Management Engine:
http://support.dell.com/support/edocs/sy...t/MEBX.htm
@all - let's try and find out the hotkey for UEFI Dell's to enable r/w on boot (ie: Dell D630 is <ctrl+p>)
@timewalker - interesting find. but surely we'd need to enable r/w first to overwrite the fd?
@jkbuha
how?
by just testing random combinations?
or by trying check some modules for hotkeys strings?
not sure where to start ^^
I've looked at the code and there's no sign of unlocking the region first, so yeah .. probably won't allow flashing.
flashrom also has some utils to reflash ME .. but again no sign of unlocking it prior to flashing. But then again if you think about it .. how in the world is this FWUpdLcl utility able to update the ME to 7.1.52.1176 without having the actual write access?
Highly doubt there will be a key combo for this, at least for me .. my board is Intel Emerald Lake .. and, well, Intel is known for adding all sorts of jumpers/switching pads to trigger certain events. It may be OEM or BIOS dependent combination ofc same as with End key..
Yeah, the MEBx is a bios extension on non-EFI bioses, right? That's why they have an option to access it from the hotkey.
We have ME info right inside our BIOS .. which non-EFI legacy bioses lack. But we lack the MEBx:
BIOS Version: A13
MEBx Version: 0.0.0.0
Ah I get it now why FWUpdLcl is able to flash ....
Local FWUpdate: Enabled
Also ... while we struggle with ME .. there's something more we can upgrade:
Currently:
SATA RAID Option ROM: v10.0.0.1046
LAN Option ROM: v1.23 PXE-2.1 (build 083) Realtek PCIe FE Family Controller Series (07/28/10)
ME: 7.0.4.1197
Can be extracted from Intel's Dekstop/Server boards:
SATA RAID Option ROM: v11.2.0.1527
LAN Option ROM: v1.3.95 PXE-2.1 (build 091)
ME: 7.1.52.1176 (already updated by some of us)
How hard would it be to get USB booting working for the recovery capsules again?
Probably just a matter of backporting these two modules:
SystemBootManagerDxe.efi 73DAB30F-3F9C-4160-B064-439CE16C3EDE
SystemBootMenuDxe.efi 86488440-41BB-42C7-93AC-450FBF7766BF
from the version prior to Boot manager changes (see changelog).
For my Vostro it was changed in A07, so modules from A04 allow for USB booting while loading of off recovery capsule.
Me thinking .. Lenovo X1 uses Tiano UEFI ..
http://support.lenovo.com/en_US/download...D=DS018205
Changelog says: Updated Intel ME firmware.
How exactly ? I don't see any ME firmwares in the extracted folder. Bios capsule is $01D0x00.FL1 or FL2 (why the heck 3 files of same size and from different dates ??? it's supposed to be for ThinkPad X1, X1 Hybrid )
P.S. There apparently is a tool and a mini-guide on how to replace the boot logo n this bios update ;O but this utility is a lenovo-specific wrapper to WinFlash with extended drm and features?
@CoreRush had to say the following regarding this error below.
Error 26: The host CPU does not have read access to the target flash area. To enable read access for this operation you must modify the descriptor settings to give host access to this region.
And this logging here:
Host Read Access to ME: Disabled
Host Write Access to ME: Disabled
roughly translated Wrote:Error 26 means that your flash descritpor region is locked and therefore some regions of SPI have restricted access for writes and reads.
On boards with 6-series chipsets this problem can be solved by flashing a BIOS with embedded ME 8.xx (for Asus desktop boards these are BIOSes with version number 3xxx).
After updating the BIOS flash descriptor will remain unlocked and those allow to write to all the other regions. For the boards with series 7 chipsets such an error is a rare occurrence and in case of such boards updating the BIOS won't help. The only way to unlock flash descriptor for 7-series boards is by writing a sequence of 00 00 FF FF 00 00 FF FF 18 01 FF FF into address 0x60 using a hardware flasher/programmer.
The logging for EC basically means the same - ME region is locked for writes and reads. If this is the case for your board then the only thing you can possibly do is update ME using FwUpdLcl
to ME 8.xx preferably which is highly likely to unlock FD.
So ME firmware is inside the BIOS after all ? In one of the freeforms possibly ? Dell has never updated it for our machines so we wouldn't know ... but Lenovo has apparently.