Re: About Intel Management Engine firmware

Thank you virtualfred for making this tutorial. I was able to replace the old ME FW on my ASRock Z87 Extreme6. This will definitely come in handy with my EVGA Z77 FTW because any time I need to flash the BIOS it flashes over the current firmware with the stock one. Drives me nuts every time I have to go into Windows and use the tools to reflash it to the current one.

Re: About Intel Management Engine firmware

Thanks for your feedback, it is good to know that it also works with Asrock, so no failure with checksum.
I know that many prefer update ME FW with the "conventional" method, and I respect that, but if my method works reliably this is an update with restart less to do which is appreciable when user often flashed his BIOS !

Re: About Intel Management Engine firmware

Hi

thank you very much for your effort to make this guide.
Now we already know how to insert the ME FW directly in the BIOS rom and the raid rom/SataDriver from fernando.
Is it possible to make a equivalent guide for the rest parts of bios? (Intel Boot Agent PXE/Intel PCI Accelerated SVGA/CPU MicroCode Pack)

I think that Intel Boot Agent PXE is similar and Intel PCI Accelerated SVGA/CPU MicroCode Pack will be very easy with mmtool.

Thank you very much again for your effort.

Re: About Intel Management Engine firmware

Thanks for your support

You ask me a lot of work
But don't you know LS29/Sonix is actually working on an impressive tool to do it easily ? Fernando creates and keep update a thread about this UEFI BIOS Updater (of course Stasio added a link for this tool in his thread

Re: About Intel Management Engine firmware

I just tried UBU, and it works with ASRock UEFI/BIOS firmware, but the resulting file needs a small fix before Instant Flash will accept it. The first 4K/4096 bytes of the modified file must be removed before the file can be used. Just differences in the firmware that each board manufacture uses.

virtualfred, in the USA we would say you would be out of a job... but vacation is better!!

Re: About Intel Management Engine firmware

Interesting, because the Intel System Tools guide that is part of the software package contains this:

"The Windows* 64 bit tools will not function when the OS is configured to use EFI / GPT boot capabilities", page 17.

But if you say it can work, I believe you, but it must be locked as you said.

Re: About Intel Management Engine firmware

So here's some fun...

So you want to understand PCH Straps (PC Hub Soft Straps)
This not terribly easy to locate PDF is your starting point. What it tells you is this: "More details on how to set them correctly please refer to FW Bringup Guide or PCH SPI programming guide Appendix A -, for more detail."
So is your starting point - at least for X79. This will make your brain hurt tremendously. (Of particularly interest to most of you, pp 474; want to set ABAR +C8h bit = 10 (2-wide) 11, bit 5 = 1 so you have time to get into IRST/RSTe. You're welcome!) For those of us dealing with the hell that is the X79S-UP5's den of dangerous incompetence, we need this guide. It will make your head hurt even more than the X79 Express guide, trust me.

High-End Desktop vs. Workstation on C600, what's it mean?
I'll save you all the time and headaches of reading: NEVER SET A BOARD TO HEDT IF YOU INCLUDE SAS. See 5.18, first damn note. To wit: "Note: SAS is not available on HEDT." If you set IME to HEDT on a WS SKU, you break things. Great job reading, Gigabyte.
Otherwise, HEDT and WS/SVR describe two different SKUs. Ready for the fun? X79 = HEDT, and all C600's are WS/SVR. Meaning Gigabyte tried to copy-pasta from X79 on the X79S-UP5 with some of those BIOS builds. MORONS!!

Let's Talk About Strap 16
PCH Strap 16 is only found on the C600s and handles the disk controllers. Not controller - controllers, plural. The Intel C606/C608 uses a pair of SCU-4's to provide 8 ports of SATA/SAS behind a common PCIe BAR plus the PCH SATA Host Controller at D31:F2 and F5. Emphasis here goes on "common PCIe BAR" for SAS - this means the two SCUs essentially appear as a single unit. But you do have to watch yourself in FITC, because if you break the PCIe BAR, you can lose one or both SCUs. The BAR is controlled Elsewhere(TM) and I very strongly advise against poking it, even cautiously.

Now for the important big red warning.
Changing Strap 16 settings on configured systems WILL CAUSE DATA LOSS.
^^^ SEE ABOVE SEE ABOVE FOR THE LOVE OF THE GODS SEE ABOVE BEFORE YOU EVEN LOOK AT THIS STRAP!!! ^^^
Seriously, I will shout it in your face with a megaphone if necessary. Thankfully, you can't cause physical damage via FITC + Strap 16, but seriously. You will lose data. Period. If you change RAID Capability, you may invalidate all existing arrays. Or drop your disks. If you enable SMPT it may freak out your disks. If you're going to play here, use disks you don't care about losing data on.

So here's what a default configuration for Strap 16 looks like on a bootstrap (complete) BIOS as opposed to a BIOS update (which can omit any of these values to preserve existing.)
Confused yet? Good. Not listed or pictured are the LSI straps which is best described as the tenth layer of hell. (They're not really configurable from FIT, but they do clutter it to all hell.)

Now let's look at what Gigabyte gets wrong and why it's a huge pain to fix.

GA-X79S-UP5-WIFI - F4 BIOS (Release)
Obviously all files examined come from C606 boards. One is from a Supermicro X9DB3-TPF. Which can run RAID sets on SATA and SAS in parallel - but also happens to have a 128Mbit (16MB!!) BIOS. Yes, twice the size of the X79S-UP5. Suck on that, DualBIOS? But as you can see, Gigabyte broke a lot of things in very bad ways. And these are not easy things to fix, because 1) see big red warning 2) enabling a disconnected pin may cause physical damage. Which isn't to say STPI is safe to turn on (it should be!) but there is always a potential for physical damage.
RootWyrm is absolutely not responsible if your motherboard catches fire, explodes, steals your girlfriend/boyfriend or drinks all your beer and eats all your bacon!

The other problem is that the documentation for Strap 16 is basically nonexistent. And seems contradictory, to boot. Case in point, the X9DB3-TPF has the same RAID capability/limitations as the X79S-UP5 - but uses 00 (PBGT). Given the description, I'm guessing 11 routes PBGT to the SCU-4s as PBGA + PBGB, but I have no idea. A board with working SAS RAID5 uses value 01 which is NOT a valid setting - so don't do that.

SATA vs SAS vs SCU vs IRST vs RSTe
Updating these is a ... lot more complicated than you think at first blush. For X79 we have it down to a science because let's be honest, the chipset's about as interesting as watching paint dry.
The flip side is that the C600 is a nightmare scenario of "you have to update ALL THESE MOVING PARTS." Here's ALL the OROM components that make up a C600 which you must update. These cannot be updated in FITC and are not updated as part of IME. A running IME Agent is able to identify the driver versions.

Here's all the bits you need to see in MMTool which need to be updated (or confirmed up to date and compatible.)
DRVR, ScuDriver, GUID 85FB8D3D-61A4-4518-9ACF-76FCAE169568 - SCU Specific, Current: 3.8.0.1106 (NOT the same RSTe!)
DRVR, SataDriver, GUID 43A0A7B3-1E92-42EF-A46D-DDC03E52CB5C - RSTe (you know which one it is.)
DRVR, SbPchSmi, GUID 116242C9-0C85-4AB9-BC34-454547B9F45D
DRVR, AHCI, GUID 8F5A2E02-538C-4D59-B920-C4786ACBC552
DRVR, AhciSmm, GUID BC3245BD-B982-4F55-9F79-056AD7E987C5
DRVR, SBAHCI, GUID 7CCD5C07-8B3A-4BE7-9D12-56B47CBFBCCB
DRVR, SBIDE, GUID ED32F7E0-5F9A-499D-BDBA-B1EB58D5B0EB

The F4 "release" BIOS is, no surprise, antiquated. It's shipping with SCU 3.7. The current is obviously 3.8.0+. Here's where Gigabyte continues to heap insult to injury onto us in a fashion that is straight up criminal:
SCU version 3.6.x ONWARD can be soft-switched (BIOS and OS) between SAS and SATA modes. When set to SATA mode on the SCU, RAID5 is enabled on SCU (which is not SAS!!) ports by default. Oh, and the SAS ports aren't actually SAS. That requires an Intel ROMB Upgrade Key, which the board doesn't even support. It doesn't have the header required - and Gigabyte knows it. Because the GA-6PXSV2 (which you can't buy) has the header and they sell the SAS key as 25FCZ-A03C62-A7R. It's right there in the README.
Yep. So not only is the shadow issue the result of incompetently handling UEFI (in a full UEFI load, there is room for RSTe + SCU) but they're deliberately crippling the board in order to.. what? Not compete with boards they refuse to sell? And the Supermicro X9SRi-3F absolutely proves that the C606 SCU in SATA mode does RAID5 with no ROMB key.

Enabling Hot (Non-BIOS Flash) IME F/W Updates!
Yes, this is possible. You require software from Intel to do so. Here's the settings to enable it:

ME Region\Configuration\ME\Host ME Region Flash Protection Override = true - this permits writing via BIOS and OS.
ME Region\Configuration\ME\M3 Autotest Enabled = true - NEVER DO HOST FLASH WITHOUT M3 AUTO. If you have no ME H/W Recover jumper, yeah. Bad things.
ME Region\Configuration\ME\Independent Firmware Recovery Enable = true - this is the switch that enables agent software update method!
ME Region\Configuration\Features Supported\Workstation/HEDT = Workstation - only valid on Workstation SKUs! (Sorry X79 folks.)
ME Region\Configuration\Features Supported\Manageability Application Permanently Disabled? = No - self-explanatory!
ME Region\Configuration\Features Supported\Intel (R) ME Network Service Permanently Disabled? = No - self-explanatory again!
ME Region\Configuration\Features Supported\Manageability Application Enable/Disable = Enabled - do I have to explain this one?
ME Region\Configuration\Manageability Application\BIOS Reflash Capable = true - this also permits full BIOS flash via ME on some boards.
ME Region\Configuration\Manageability Application\USBr EHCI - DO NOT CHANGE THESE VALUES EVER. Super bad things happen.
ME Region\Configuration\Manageability Application\Idle Timeout - ME = <65535 (e.g. 3600)
ME Region\Configuration\Setup and Configuration must be configured. Please see the Intel Active Management Technology documentation for how to deal with this part. The honest answer here is: I know it must be configured, but I don't know how to configure the certificate store and you need to either have an ODM ID, System Integrator ID, or Reserved ID depending on your deployment and preferred method.
e.g. virtualfred could go nuts and decide to get himself an SIID from Intel Services, plug that into his modified BIOSes, and he could now deliver you a modified ME F/W semi-directly any time you want.

Re: About Intel Management Engine firmware

Google translate didn't do very well with your post.
Maybe it's your accent.

Re: About Intel Management Engine firmware

I had not read it, but I confirm that it works (I will look at this 2.10 BIOS to see if something is locked...)

@RootWyrm,
I have to read your message again more slowly later, for now you lost me as soon the first lines...

Thanks... but what worries me is that this is not the first time someone told me !

malade"...

Re: About Intel Management Engine firmware

Ha ha ha, not to worry! I have actual low level development experience, so it's easy for me to go into stuff like register mapping. The problem is that FIT only provides partial access to the PCH Soft Straps essentially, so changing the RSTe/IRST OROM PopUp/TimeOut values is quite a bit more involved. The really fun part is that these elements are PCH register configuration post-MBIST pre-SATA Init and changing the defaults in the OROM, hooboy.
Basically you'd need someone to disassemble the entire OROM and BIOS, find which one is holding the default values, find the register write, change the 00 to 11. Or more likely because M/B manufacturer BIOS quality has gone off a cliff universally, you'd have to insert a register write. In assembly. In real-mode. Yuck.

The other problem is that Intel doesn't really document the PCH Soft Straps worth a damn. There may be more Intel Confidential documents that actually map register to FIT, but I've had no luck at all finding them. The important part is that the PCH Soft Straps are all controlled in IME/FIT and can't be adjusted safely with manual BIOS editing. In theory you could by doing modification of individual dumps, but it's a huge migraine. Plus IME may or may not overwrite depending.
I also wanna write up something on how to use IME Recovery Mode, but I can't find the documentation on that either. The TL;DR version is that good boards (e.g. Supermicro) have a hardware jumper to set the IME F/W into Emergency Recovery Mode, which forces reload to recover from a corrupted or failed load. Key aspect being that jumper - which Gigabyte predictably omits to save probably half a cent. (But includes DAJP1 and refuses to tell us what it does - seriously!?) There's at least one other method to put the IME into recovery mode and it can be done from UEFI, but I've had no luck finding the documentation.

Re: About Intel Management Engine firmware

Sorry but your post is too deep for me... but this last part could be interesting about Parsec issue :
I extracted and compared the ME FW of Asrock Z87 Extreme6 BIOS 2.10 with Gigabyte ME's settings... Here are a few differences :
These settings in bold could explain why Parsec can't use MEinfo ???
Because I can use MEinfo on my Z77X-UD5H with GPT/UEFI (msinfo32 + meinfowin64) :


... so i checked my ME settings :
... but the settings I thought responsible are also disabled on my Z77 !
So yes I really need explanation in plain language...

Re: About Intel Management Engine firmware

HUGE difference is that you absolutely must not and cannot use IFRE enable UNLESS you have IFRE capability available. This mean partitioned dual I/O flash or separate NVRAM which stores a 'safe' ME image. Looks to me like there's a dual I/O wire flash attached through the Nuvoton (Winbond) at the bottom right. IFRE is a really, really dangerous element as it can self-brick the ME used incorrectly and I have no idea how to do it jumperless.
Jumper method for IFRE is, well, enable and you have a jumper you set. (Wow, that was hard.) Said jumper is also the only way to enable write access to the recovery area if you need to bring it up for any reason - usually CPU microcode - and it is terrifyingly easy to brick. I've done it don't ask how many times on Supermicro X9SCM-F's in order to deal with a DMI Pool bug in Aptio UEFI core modules.

MEInfo is not the Manageability Application. The Manageability Application is specifically referring to Intel AMT, which is the OS level actual-management part. MEInfo is just a diagnostic tool. If MAPD is set to Yes, then MA Enable is forced Disabled always. If you override that, it BRICKS THE SYSTEM. Not IME - the whole board. And I have NO idea why.
MEInfo is also... buggy. I think that's a nice way to put it. Honestly, chances are that there is some stupid bug getting hit with MEInfo which is preventing it from reading. Especially on 64-bit. I would test with an MS-DOS USB boot instead.

As far as those settings go, those are strictly for Intel AMT-method IME updating. Which means not having to exit OS or flash BIOS or any of that fun stuff. MEInfo pretty much ignores every last one of those settings - they just don't have any effect on it. MEInfo basically is only there to read back those settings once the system has booted the OS, and to confirm whether or not the IME drivers are working.
The problem is that MEInfo is really stupid - and I mean REALLY REALLY stupid. It just does reads. It does them largely blind. Supermicro routinely changes ALL the version identifiers in IME (it's not a big deal) which makes FIT freak out, but MEInfo reads just fine including the altered versions.