ThinkPad T14 Gen 3 - ME 16 - HAP bit has no effect? #436
Description
Hey,
I'm trying to disable the Intel Management Engine on my Lenovo ThinkPad T14 Gen 3, with following specs:
CPU: Intel Core i5-1245U (v-Pro)
ME Version: 16.1.38.2676
BIOS Version: 1.17 (N3MET18W)
EC Version: 1.12 (N3MHT15W)
I got a CH341a flash programmer, and a WSON-8 8x6mm adapter for the bios chip. Opening up the device, there seem to be 2 BIOS flash chips:
It seems the main chip the laptop initializes from is the Winbond chip, while the GigaDevice works as a backup chip for the BIOS self-healing functionality.
I've successfully dumped the Winbond chip, verified the hashes with a second dump, and also with dumps made with Intel FPT.
Attempting to HAP-disable the dump with me_cleaner doesn't work:
Full image detected
The ME/TXE region is valid but the firmware is corrupted or missing
So, I tried to manually edit the dump using a hex editor, using the HAP bit location from this issue:
#403
Looking at offset 0x017E in the unmodified descriptor from the dump:
Thus, is what an HAP-disabled flash descriptor should look like, right?
Now, I tried to flash the modified dump back onto the chip. It flashes and verifies successfully.
After flashing, the laptop boots perfectly fine, but checking the Intel ME status, there is no effect???
General FW Information
Current FW State Normal
Flash Partition Table Valid
FW Memory State CM0 with UMA
FW Initialization Complete
BUP Loading state Success
FW Error Code No Error
FW Mode Of Operation Normal
SPI Flash Log Not Present
FW Loading Phase HOSTCOMM Module
FW Loading Phase Status UNKNOWN
ME File System Corrupted No
RPMC status OK
Dumping the Intel Flash Descriptor again, using Intel FPT, the HAP bit is restored back into previous state?
- Reading Flash [0x0001000] 4KB of 4KB - 100 percent complete.
Writing flash contents to file "ifd.bin"...
Memory Dump Complete
FPT Operation Successful.
Is it possible the BIOS self-healing function triggered and restored to an unmodified BIOS? Did I miss something? Am I stupid?