ME_Cleaner and new CPUs

I noticed the Librem14 is using a Comet Lake/10th Gen CPU. Does ME_Cleaner still work with these newer CPUs?

The me_cleaner code hasn’t been updated since October 2018 and it doesn’t have any info on whether it works with Comet Lake processors or not.

@MrChromebox says that he disabled the ME in the L14 by changing the HAP bit. You have to ask him what tool he used to change the HAP bit.

2 Likes

there are some WIP patches in the PR section of me_cleaner for it to get the HAP bit for CSME 12.x, but the location of the HAP bit is SKU-specific. Same with CSME 14.x (CML).

There is no capability to neuter/clean the ME firmware for anything above ME 11.x currently

5 Likes

Hello @MrChromebox I hope it is ok if I ask my question here as it belongs to this topic.

If I got it right you are still using the me_cleaner tool to set the HAP bit.

May I ask you to point me in to the right direction where you call the me_cleaner in the source code?

I could only find this, but it is 4 years old: https://source.puri.sm/pureos/packages/purism-librem-coreboot-updater

And here which is more current I could not find it: https://source.puri.sm/firmware/utility

Thank you very much.

no, I set it manually with a hex editor. ME cleaner hasn’t been used in years now. Also, Purism now self-hosts all the blobs needed for building a full coreboot image, so we don’t modify anything at compile time - the blobs in our repo are already modified.

3 Likes

Does the hap setting still work on newer (11th/12th gen) CPUs?

yes, but starting with 10th-gen the position of the HAP bit is variable within the IFD based on the Intel product SKU

1 Like

Thank you very much for your explanation.