Disabling Intel ME on Boot Guard computers

The Intel Management Engine (ME) is a "ring -3" system in all modern Intel CPUs. Due to security concerns, there have been efforts to disable ME as much as possible, such as me_cleaner.

Intel Boot Guard is a technology for cryptographically verifying system firmware, including the BIOS and ME firmware. Boot Guard has two primary modes of operation - Measured Boot and Verified Boot. In Verified Boot mode, the system will not boot if the firmware does not verify. This page explains how to check if your system uses Intel Boot Guard.

me_cleaner attempts to remove all non-essential modules from the ME firmware, forcing the ME into a non-executing error state. This is not possible with Verified Boot, since it involves modifying the ME firmware image.

In August 2017, it was discovered that an undocumented "Alt ME Disable" mode exists, which can be enabled by setting a bit in the Intel Flash Descriptor. It is possible to activate this mode even in Verified Boot mode, although this is not well-documented, aside from a few reports of successes. I can also confirm this is indeed the case.

You can read about how to apply me_cleaner here. You must run me_cleaner.py -s, to only set the "Alt ME Disable" or "HAP" bit.

In short, these are the steps I performed on my Lenovo ThinkPad T450s. I used a Raspberry Pi 1 Model B to read and write the flash chip, with a Pomona 5250 SOIC-8 clip to connect the SPI flash chip. This is not intended as a guide or tutorial, and I am not responsible for any bricked laptops.

  1. Enable Wake-on-LAN in ThinkPad BIOS setup. This is required for the laptop to power the flash chip when off. It is potentially dangerous to power the chip with an external power supply, and this is known to destroy some ThinkPad models.
  2. Locate and connect the flasher to the flash chip. The SPI flash chip on the T450s is located between the RAM slot and the CPU heat pipe. I removed the RAM and peeled back some tape to expose the chip.
  3. Connect the laptop to AC and plug in an ethernet cable. This will power up the flash chip.
  4. Run flashrom -p linux_spi:dev=/dev/spidev0.0,spispeed=12800 -r t450s.bin To read the contents of the flash chip. You should do this twice and compare the contents to ensure you have a reliable connection.
  5. Run ifdtool -f t450s.txt t450s.bin to dump the flash layout.
  6. Run me_cleaner.py -s t450s.bin -O t450s-medisable.bin.
  7. Run flashrom -p linux_spi:dev=/dev/spidev0.0,spispeed=12800 -l t450s.txt -i ifd -w t450s-medisable.bin to write the modified image to the chip.
  8. Disconnect the flasher and power on the laptop. If it doesn't immediately power off, then you're probably good.

I used spispeed=12800 to speed up SPI operations. Setting this too high may result in an unstable connection.

If the ME interface e.g. 00:16.0 Communication controller: Intel Corporation Wildcat Point-LP MEI Controller #1 (rev 03) disappears from the PCI bus, or you see ME communication errors, this indicates that the ME is disabled. On Linux, you may want to blacklist the mei and mei_me modules to silence the communication errors.

If all went well, and you can verify the ME is not operational, you should report your success here.