Darn it. Gosh darn ME


sudo ./intelmetool (06-23 13:29)
Bad news, you have a Wildcat Point-LP LPC Controller so you have ME hardware on board and it is very difficult to remove, continuing…
Error mapping physical memory 0x00000000fed1c000[0x4000] ERRNO=1
RCBA at 0xfed1c000
[1] 481189 segmentation fault sudo ./intelmetool

Help anyone :pensive:

1 Like

If you are going to commit suicide because of the Intel ME, then you obviously need more bad things in your life to worry about! :slight_smile:

Kidding aside, what hardware do you have with the ME? And what OS/software are you trying to install?

1 Like

I really want to remove ME and have tried a few things but to no success. I saw a video of removing before but he did some difficult stuff with things that I don’t have and even if I did, I don’t think it would work with the computer I am running. Mac air 2015.


1 Like

So to summarise, you have an old Macbook Air from 2015 and you have redeployed it so that it now runs Arch Linux. Right?

Where did you get “intelmetool”? What package did you install and from what repo? Do you have source for this package?

As far as I know, it is not possible to remove the Intel ME (Intel homunculus CPU). As far as I know, the best you can do is partially disable its functionality and then disable it. That is the curse of Intel.

1 Like

How much of it can be disabled? I deleted all files related to trying to remove intel ME and did my monthlyish clean up so no web history :frowning:

I don’t know. I interpreted what I read in here to mean that basically Purism started with n Intel Homunculus CPU firmware modules and tried all 2^n combinations of modules (at least notionally) to find the minimal set of modules that would still allow the damned Intel CPU to boot.

It is my understanding that each firmware module is encoded in such a way that it is not realistic to reverse engineer (disassemble) a module - hence each module is by itself “all or none”. You either include the module or you exclude it. You can’t realistically drop pieces of code out from a module. You can’t even find out what the code is doing.

You also can’t physically remove the Intel Homunculus CPU. It is not physically discrete and even if it were, if you removed it then presumably the main Intel CPU wouldn’t boot any more.

From a security and privacy perspective this is a seriously flawed architecture.

2 Likes

So this issue is about disabling the Intel Management Engine on a non librem laptop.

Maybe @MrChromebox can provide some pointers on where you can look for information on IME and Macbooks

1 Like

@user1
My limited understanding,which may be correct so do search for deeper confirmation, is that you cannot fully disable IME on say a Dell Laptop but what you can do is effectively neuter it post boot (complications may arise,but dont have to arise,though you would need a fair bit of knowledge to safely execute this i imagine). It doesn’t so much disable it as make it isolated and disconnected, to what degree i suppose depends on what specific vulnerabilites you have in mind.

I am writing this down from memory so before attempting anything, try terms in your search engine like IME Neuter IME Disable IME disconnect combined with words like linux,open source,intel, your specific OS and computer model etc.

I know i found comprehensive answers in the past but a current attempt to find exact info/how-to achieve a neutered effect eludes me atm.

Best of luck to you!

/A Free Range Human

To do it yourself you’ll need a copy of the binary file that is flashed to the SPI chip. If you can obtain this file then you can use me_cleaner.

Sometimes you can get the file out of an executable the manufacturer distributes with BIOS updates, but not always.

Sometimes you can dump it to a file successfully using flashrom or some other software tool which is non-invasive, but definitely want to make sure you got a good dump of it.

Other times you might need to use a SOIC-8 clip and programmer such as a bus pirate to pull it off the SPI manually if you can with flashrom, but pulling the contents of the SPI in-board doesn’t always work so well.

Any way it goes, first step is to obtain the BIOS binary. It should be the same exact size as the SPI chip in your computer.

Once you have that, then you can use:

To try to remove it either by setting the HAP bit or by removing it entirely and then flashing your modified BIOS file to the motherboard by some means.

Usually the least invasive is preferred, so if you can just use the OEM flash process to flash your modified file then you’re in luck.

Or if flashrom is working for you you could use that.

2 Likes

Literally no idea how this will work. Any links rather than me_cleaner? If you didn’t read, it is a macbook so I don’t really understand how half of this is even conceivable. Also, you bring up terms which I have never heard and use them as if it is nothing so I have had to open up 20 tabs and search various sites for answers which is kind of annoying.

1 Like

I could never figure it out either. It seems a lot of hassle, with a significant risk of bricking the device with a mistake. It’s one reason why I bought a LIbrem, to me it was worth paying something extra to have a computer with that “functionality” disabled as-is.

1 Like

If I do externally with a raspberry pi, even if I completely messed up, I could just reverse back to old state. I just need to read up on some tools used for this kinda crap and get schematics for my model. I have dealt with some difficult computer stuff before but I think this tops anything before. Maybe I will make a video or something of this event and share with one of my old secondary school teachers and to also ask them why they both use windows which just seems a bit dumb.

1 Like

If you try to use a clip to connect externally to the SPI chip be sure to find and read the specifications for the specific SPI chip in the laptop. A part number and manufacturer is usually printed on top of the SPI chip, extremely small, a smartphone camera can help to read it by taking a photo of it close up and then viewing on a computer. An important spec to check is the voltage of the SPI chip if you go this route, since some are 1.8V and others 3.3V. If you apply 3.3V to a 1.8V chip you can damage it. The Raspberry Pi route is essentially the same as the bus pirate, just different hardware.

I put a more general process, so others could use it as well some laptops are actually rather easy to do such as Lenovos since the UEFI (BIOS) file can easily be obtained from their distributed updates and the update process doesn’t have a checksum feature to verify the file so the OEM flashing process can be used to flash a modified UEFI. You just have to give the modified file the same name as the original file and put it in place of the original.

me_cleaner is the only way I know to remove ME, its actually pretty simple to use its just a python script you run once you have the UEFI file in order to check or modify the UEFI file.

1 Like