~Toughbooktalk~ Rob - 630-300-8877

The largest Toughbook discussion site on the net!
It is currently Fri Nov 24, 2017 11:46 pm

All times are UTC-06:00




Post new topic  Reply to topic  [ 29 posts ]  Go to page 1 2 3 Next
Author Message
 Post subject: ME Update Error 8719
PostPosted: Mon Sep 04, 2017 3:01 pm 
Offline
User avatar

Joined: Tue Oct 13, 2015 3:19 am
Posts: 193
Location: Old Europe
This is not Linux specified, but I assume this forum is best suited for reaching out to the relevant crowd ;-)

So, I was delighted to hear that me_cleaner now supports setting the HAP bit:
https://github.com/corna/me_cleaner/com ... 8e377653b7

And thus I wanted to update (and more importantly: backup) my ME firmware prior to cleaning it.
http://pc-dl.panasonic.co.jp/itn/info/o ... 70512.html

Currently running (according to BIOS) :
BIOS V06.00L10 with Config 0011-0000-0007
ME 8.0.10.1464
Hours 11200
on this system: viewtopic.php?f=3&t=3176

So, here is the thing. RightClick runas firmware updater batch file states:
Error 8719 Firmware update cannot be initiated because Local Firmware Update is disabled.

Naturally, I formed an educated guess :wtf:, accompanied by 3 questions, each a refinement of the previous one:
q1) Is that common?
q2) Is this something I should rejoice about ... or did THEY put that disable bit there to prevent backdoor removal?
q3) haeh?

I've got TPM attestation enabled for AEM ... not sure why I say that, maybe hoping for causation? at least correlation?


Top
   
 Post subject: Re: ME Update Error 8719
PostPosted: Tue Sep 05, 2017 2:07 am 
Offline
User avatar

Joined: Tue Oct 13, 2015 3:19 am
Posts: 193
Location: Old Europe
ah, coreboot/util/intelmetool solves the riddle.

[user@dom0 intelmetool]$ sudo ./intelmetool -s
Bad news, you have a 'QM77 Express Chipset LPC Controller' so you have ME hardware on board and you can't control or disable it, continuing...


Top
   
 Post subject: Re: ME Update Error 8719
PostPosted: Tue Sep 05, 2017 9:11 am 
Offline

Joined: Sat Jun 20, 2015 3:24 pm
Posts: 248
Karl Klammer wrote:
ah, coreboot/util/intelmetool solves the riddle.

[user@dom0 intelmetool]$ sudo ./intelmetool -s
Bad news, you have a 'QM77 Express Chipset LPC Controller' so you have ME hardware on board and you can't control or disable it, continuing...

You might be able to run me_cleaner though, idk.


Top
   
 Post subject: Re: ME Update Error 8719
PostPosted: Tue Sep 05, 2017 9:27 am 
Offline
User avatar

Joined: Tue Oct 13, 2015 3:19 am
Posts: 193
Location: Old Europe
I've booted with grub option iomem=relaxed, which made intelmetool output a bit more verbose:

Bad news, you have a `QM77 Express Chipset LPC Controller` so you have ME hardware on board and you can't control or disable it, continuing...

MEI not hidden on PCI, checking if visible
MEI found: [8086:1e3a] 7 Series/C216 Chipset Family MEI Controller #1

ME Status : 0x1e000245
ME Status 2 : 0x60000106

ME: FW Partition Table : OK
ME: Bringup Loader Failure : NO
ME: Firmware Init Complete : YES
ME: Manufacturing Mode : NO
ME: Boot Options Present : NO
ME: Update In Progress : NO
ME: Current Working State : Normal
ME: Current Operation State : M0 with UMA
ME: Current Operation Mode : Normal
ME: Error Code : No Error
ME: Progress Phase : Host Communication
ME: Power Management Event : Clean Moff->Mx wake
ME: Progress Phase State : Host communication established

ME: Extend SHA-256: (anonymized)

ME: Firmware Version 8.0.1464.10 (code) 8.0.1464.10 (recovery) 8.0.1464.10 (fitc)

ME Capability: Full Network manageability : ON
ME Capability: Regular Network manageability : OFF
ME Capability: Manageability : ON
ME Capability: Small business technology : OFF
ME Capability: Level III manageability : OFF
ME Capability: IntelR Anti-Theft (AT) : ON
ME Capability: IntelR Capability Licensing Service (CLS) : ON
ME Capability: IntelR Power Sharing Technology (MPC) : ON
ME Capability: ICC Over Clocking : ON
ME Capability: Protected Audio Video Path (PAVP) : ON
ME Capability: IPV6 : ON
ME Capability: KVM Remote Control (KVM) : ON
ME Capability: Outbreak Containment Heuristic (OCH) : OFF
ME Capability: Virtual LAN (VLAN) : ON
ME Capability: TLS : ON
ME Capability: Wireless LAN (WLAN) : ON


Let's see how deep the rabbit hole goes.
Having all those underscored "featured" enabled, is a huge motivator for fixing and/or bricking this unit ;-)


Top
   
 Post subject: Re: ME Update Error 8719
PostPosted: Tue Sep 05, 2017 1:08 pm 
Offline
User avatar

Joined: Tue Oct 13, 2015 3:19 am
Posts: 193
Location: Old Europe
User32 wrote:
You might be able to run me_cleaner though, idk.


yeah, me_cleaner.py works fine, as it just modifies the bin file
it's ifdtool that doesn't work, as it flashed the bin file to some eprom

thinkpad x230 also uses qm77 ... people seem to have to use external flashers (e.g. raspi)
currently trying to grok this thingy http://www.corus.pro/pilotes/VAD/VAD517 ... 8%20PV.pdf
also trying to follow a sidequest; figuring out what the heck "outbreak containment heuristic" is supposed to do


Top
   
 Post subject: Re: ME Update Error 8719
PostPosted: Tue Sep 05, 2017 1:47 pm 
Offline
User avatar

Joined: Tue Oct 13, 2015 3:19 am
Posts: 193
Location: Old Europe
okay, after updating bios from V06.00L10 to V06.00L12 and resetting bios-amt config ("unconfiguring ME"),
I get the same results with intelmetool -s, but I also get a different / new error via panasonic me update tool on patched ME.bin


C:\UpdateMeFirmware>UpdateMeFirmware.bat
Panasonic ME Firmware Update Utility V1.00L10

This program updates ME Firmware.
The computer restarts automatically after update.
Do you want to continue? (Y/N) : y

Intel (R) Firmware Update Utility Version: 8.1.40.1456
Copyright (C) 2007 - 2013, Intel Corporation. All rights reserved.

Communication Mode: MEI
Checking firmware parameters...

Warning: Do not exit the process or power off the machine before the firmware up
date process ends.
Error 8771: Invalid File
Press any key to continue . . .


so, hmm, maybe my me_cleaned version was flaky. let's try again with original panasonic ME.bin ... yeah, that looks better

C:\UpdateMeFirmware\Data801>FWUpdLcl64.exe -f MEorig.bin -oemid D6B09D64-DA23-49
A9-8888-F663BE603389

Intel (R) Firmware Update Utility Version: 8.1.40.1456
Copyright (C) 2007 - 2013, Intel Corporation. All rights reserved.

Communication Mode: MEI
Checking firmware parameters...

Warning: Do not exit the process or power off the machine before the firmware up
date process ends.
Sending the update image to FW for verification: [ COMPLETE ]

FW Update: [ 100% (Stage: 19 of 19) (|)]
FW Update is complete and a reboot will run the new FW.


so, back to stripping me binary ...

note to self, use -ALLOWSV switch on next try, to allow "same version firmware updates"
note to self: neither BIOS update nor ME update count as hardware change for Metered Boot aka my TPM secret could be unsealed ... scary


hmm, 8771 invalid file issue seems to relate to oemid and/or signing ... seeing that a) me_cleaner wipes out certificate authorities und b) a -SAVE ME_dumped.bin is only half the size of ME.bin ... trying to clean and re-flash the ME_dumped.bin now...


Top
   
 Post subject: Re: ME Update Error 8719
PostPosted: Tue Sep 05, 2017 3:02 pm 
Offline
User avatar

Joined: Fri Jan 18, 2013 11:35 am
Posts: 2844
This is a mk6 Cf19, correct?
Any BIOS type work on them is shall I say "challenging". Mk3 CF31's are the same way.
Any custom BIOS work other than a standard Panasonic flash seems to require chip removal and a programmer.
Any software attempt has ended in fail for me.
They will work with ME removed completely. A chip replacement will be required to do that though.
Chip replacement is not for the unskilled. It's VERY easy to ruin a motherboard.

_________________
Life will beat you into submission.


Top
   
 Post subject: Re: ME Update Error 8719
PostPosted: Tue Sep 05, 2017 5:22 pm 
Offline
User avatar

Joined: Tue Oct 13, 2015 3:19 am
Posts: 193
Location: Old Europe
whatever me_cleaner or intel FIT do output is invalid according to FWUpdLcl64.exe, probably due to OEM RSA signing
current challenge seems to be to get a so called "full dump" and see if corna version of me_cleaner and it's -s option play along with this OEM RSA stuff

Me.bin by panasonc is just ME/TXT
FWUpdLcl64.exe -SAVE is not recognized by me_cleaner at all ... but ok, it is not recognized by FWUpdLcl64.exe either .. wtf

my google-fu is weak tonight, my duckduckgo-fu even worse
try again tomorrow, good night ;-)


Top
   
 Post subject: Re: ME Update Error 8719
PostPosted: Thu Sep 07, 2017 1:02 am 
Offline
User avatar

Joined: Tue Oct 13, 2015 3:19 am
Posts: 193
Location: Old Europe
Anyone have a link for BIOS V06.00L10 ?
can only find BIOS V06.00L12 on pannys site...

want to downgrade again to see if some stuff works on the older version


Top
   
 Post subject: Re: ME Update Error 8719
PostPosted: Thu Sep 07, 2017 4:09 am 
Offline
User avatar

Joined: Fri Jan 18, 2013 11:35 am
Posts: 2844
let me see what I have.
I have a couple backups that are passworded. No idea what version they are.

_________________
Life will beat you into submission.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 29 posts ]  Go to page 1 2 3 Next

All times are UTC-06:00


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Limited