Hello Konrad,
Sunday, January 21, 2018, 3:12:07 PM, you wrote:
KE> You can probably set the DCI enable bit in the PCH softstraps in the KE> descriptor, no need to mess with the BIOS editing. It seems to be bit 17 KE> in strap 0, right next to the HAP bit:
KE> <LayoutEntry name="PchStrapDciEnabled" type="bitfield32" KE> value="0x1" offset="0x0" bitfield_high="17" bitfield_low="17" /> KE> <LayoutEntry name="reserve_hap" type="bitfield32" value="0x0" KE> offset="0x0" bitfield_high="16" bitfield_low="16" />
KE> (xml from the Intel Flash Image Tool).
KE> Interesting. Where can I read about this xml definition of the KE> softstrap. Which tool can I use to modify the PCH softstrap KE> section? Do I need to Intel Flash Image Tool for that, and where can KE> I download that one? I guess there are crcs and I cannot KE> just poke around?
XMLs are stored in compressed format (as Qt resource) inside the FIT binary. You can find one approach of extracting them in Positive Technologies blog:
http://blog.ptsecurity.com/2017/04/intel-me-way-of-static-analysis.html
You can indeed use FIT for setting the strap but you'll have to find it yourself :) Or you can just edit the descriptor directly - it's not protected by any checksums or signatures. Check e.g. how me_cleaner sets the HAP bit:
print("Setting the HAP bit in PCHSTRP0 to disable Intel ME...") fdf.seek(fpsba) pchstrp0 = unpack("<I", fdf.read(4))[0] pchstrp0 |= (1 << 16) fdf.write_to(fpsba, pack("<I", pchstrp0))
KE> I wonder weather DCI is left enabled when the BIOS start KE> initializing and probably I also need a softstrap bit for the KE> Debug Interface enable if I want to connect with DAL later?
This depends on the specific BIOS implementation. I guess it's possible that they turn off DCI if it's not explicitly enabled in settings, but maybe you can intercept this with the debugger.
KE> Why is this stuff so complicated?
It's not complicated to firmware engineers who are familiar with low-level details of the platform and have access to the Intel docs/tools and support... If this is complicated for you, maybe you are looking at the wrong thing.
XMLs are stored in compressed format (as Qt resource) inside the FIT binary. You can find one approach of extracting them in Positive Technologies blog:
http://blog.ptsecurity.com/2017/04/intel-me-way-of-static-analysis.html
You can indeed use FIT for setting the strap but you'll have to find it yourself :) Or you can just edit the descriptor directly - it's not protected by any checksums or signatures. Check e.g. how me_cleaner sets the HAP bit:
print("Setting the HAP bit in PCHSTRP0 to disable Intel ME...") fdf.seek(fpsba) pchstrp0 = unpack("<I", fdf.read(4))[0] pchstrp0 |= (1 << 16) fdf.write_to(fpsba, pack("<I", pchstrp0))
Hi Igor, I know your work and I want to give kudos to you. However without being kritical (it is just like that) I want to note the tips you read i.e. at winraid.com really make you just more confused - eather they are refering to programmes that are unavailabe or are from different contexts of Bios versions etc, or require you to handle weapongrade security bypasses.
Now I spent a whole weekend trying to enable DCI on the Brix. I managed it in the end using only Ru.efi.
Because maybe coreboot people without the money to buy a SystemStudio and XDP hardware for $5000 might find it interesting ther is a writeup here: https://gist.github.com/eiselekd/d235b52a1615c79d3c6b3912731ab9 b2#file-enabledci-txt I think this method is reasonably easy and the board is cheap ($400).
// Greetings Konrad
-
Igor Skochinsky -
Konrad Eisele