ME Update Error 8719

Due to overwhelming demand, we have created a forum just dedicated to Toughbook users who use Linux!
Message
Author
User avatar
Karl Klammer
Posts: 193
Joined: Tue Oct 13, 2015 3:19 am
Location: Old Europe

ME Update Error 8719

#1 Post by Karl Klammer »

This is not Linux specified, but I assume this forum is best suited for reaching out to the relevant crowd ;-)

So, I was delighted to hear that me_cleaner now supports setting the HAP bit:
https://github.com/corna/me_cleaner/com ... 8e377653b7

And thus I wanted to update (and more importantly: backup) my ME firmware prior to cleaning it.
http://pc-dl.panasonic.co.jp/itn/info/o ... 70512.html

Currently running (according to BIOS) :
BIOS V06.00L10 with Config 0011-0000-0007
ME 8.0.10.1464
Hours 11200
on this system: http://www.toughbooktalk.com/viewtopic.php?f=3&t=3176

So, here is the thing. RightClick runas firmware updater batch file states:
Error 8719 Firmware update cannot be initiated because Local Firmware Update is disabled.

Naturally, I formed an educated guess :wtf:, accompanied by 3 questions, each a refinement of the previous one:
q1) Is that common?
q2) Is this something I should rejoice about ... or did THEY put that disable bit there to prevent backdoor removal?
q3) haeh?

I've got TPM attestation enabled for AEM ... not sure why I say that, maybe hoping for causation? at least correlation?

User avatar
Karl Klammer
Posts: 193
Joined: Tue Oct 13, 2015 3:19 am
Location: Old Europe

Re: ME Update Error 8719

#2 Post by Karl Klammer »

ah, coreboot/util/intelmetool solves the riddle.

[user@dom0 intelmetool]$ sudo ./intelmetool -s
Bad news, you have a 'QM77 Express Chipset LPC Controller' so you have ME hardware on board and you can't control or disable it, continuing...

User32
Posts: 287
Joined: Sat Jun 20, 2015 3:24 pm

Re: ME Update Error 8719

#3 Post by User32 »

Karl Klammer wrote:ah, coreboot/util/intelmetool solves the riddle.

[user@dom0 intelmetool]$ sudo ./intelmetool -s
Bad news, you have a 'QM77 Express Chipset LPC Controller' so you have ME hardware on board and you can't control or disable it, continuing...
You might be able to run me_cleaner though, idk.

User avatar
Karl Klammer
Posts: 193
Joined: Tue Oct 13, 2015 3:19 am
Location: Old Europe

Re: ME Update Error 8719

#4 Post by Karl Klammer »

I've booted with grub option iomem=relaxed, which made intelmetool output a bit more verbose:

Bad news, you have a `QM77 Express Chipset LPC Controller` so you have ME hardware on board and you can't control or disable it, continuing...

MEI not hidden on PCI, checking if visible
MEI found: [8086:1e3a] 7 Series/C216 Chipset Family MEI Controller #1

ME Status : 0x1e000245
ME Status 2 : 0x60000106

ME: FW Partition Table : OK
ME: Bringup Loader Failure : NO
ME: Firmware Init Complete : YES
ME: Manufacturing Mode : NO
ME: Boot Options Present : NO
ME: Update In Progress : NO
ME: Current Working State : Normal
ME: Current Operation State : M0 with UMA
ME: Current Operation Mode : Normal
ME: Error Code : No Error
ME: Progress Phase : Host Communication
ME: Power Management Event : Clean Moff->Mx wake
ME: Progress Phase State : Host communication established

ME: Extend SHA-256: (anonymized)

ME: Firmware Version 8.0.1464.10 (code) 8.0.1464.10 (recovery) 8.0.1464.10 (fitc)

ME Capability: Full Network manageability : ON
ME Capability: Regular Network manageability : OFF
ME Capability: Manageability : ON
ME Capability: Small business technology : OFF
ME Capability: Level III manageability : OFF
ME Capability: IntelR Anti-Theft (AT) : ON
ME Capability: IntelR Capability Licensing Service (CLS) : ON
ME Capability: IntelR Power Sharing Technology (MPC) : ON
ME Capability: ICC Over Clocking : ON
ME Capability: Protected Audio Video Path (PAVP) : ON
ME Capability: IPV6 : ON
ME Capability: KVM Remote Control (KVM) : ON
ME Capability: Outbreak Containment Heuristic (OCH) : OFF
ME Capability: Virtual LAN (VLAN) : ON
ME Capability: TLS : ON
ME Capability: Wireless LAN (WLAN) : ON


Let's see how deep the rabbit hole goes.
Having all those underscored "featured" enabled, is a huge motivator for fixing and/or bricking this unit ;-)

User avatar
Karl Klammer
Posts: 193
Joined: Tue Oct 13, 2015 3:19 am
Location: Old Europe

Re: ME Update Error 8719

#5 Post by Karl Klammer »

User32 wrote:You might be able to run me_cleaner though, idk.
yeah, me_cleaner.py works fine, as it just modifies the bin file
it's ifdtool that doesn't work, as it flashed the bin file to some eprom

thinkpad x230 also uses qm77 ... people seem to have to use external flashers (e.g. raspi)
currently trying to grok this thingy http://www.corus.pro/pilotes/VAD/VAD517 ... 8%20PV.pdf
also trying to follow a sidequest; figuring out what the heck "outbreak containment heuristic" is supposed to do

User avatar
Karl Klammer
Posts: 193
Joined: Tue Oct 13, 2015 3:19 am
Location: Old Europe

Re: ME Update Error 8719

#6 Post by Karl Klammer »

okay, after updating bios from V06.00L10 to V06.00L12 and resetting bios-amt config ("unconfiguring ME"),
I get the same results with intelmetool -s, but I also get a different / new error via panasonic me update tool on patched ME.bin


C:\UpdateMeFirmware>UpdateMeFirmware.bat
Panasonic ME Firmware Update Utility V1.00L10

This program updates ME Firmware.
The computer restarts automatically after update.
Do you want to continue? (Y/N) : y

Intel (R) Firmware Update Utility Version: 8.1.40.1456
Copyright (C) 2007 - 2013, Intel Corporation. All rights reserved.

Communication Mode: MEI
Checking firmware parameters...

Warning: Do not exit the process or power off the machine before the firmware up
date process ends.
Error 8771: Invalid File
Press any key to continue . . .


so, hmm, maybe my me_cleaned version was flaky. let's try again with original panasonic ME.bin ... yeah, that looks better

C:\UpdateMeFirmware\Data801>FWUpdLcl64.exe -f MEorig.bin -oemid D6B09D64-DA23-49
A9-8888-F663BE603389

Intel (R) Firmware Update Utility Version: 8.1.40.1456
Copyright (C) 2007 - 2013, Intel Corporation. All rights reserved.

Communication Mode: MEI
Checking firmware parameters...

Warning: Do not exit the process or power off the machine before the firmware up
date process ends.
Sending the update image to FW for verification: [ COMPLETE ]

FW Update: [ 100% (Stage: 19 of 19) (|)]
FW Update is complete and a reboot will run the new FW.


so, back to stripping me binary ...

note to self, use -ALLOWSV switch on next try, to allow "same version firmware updates"
note to self: neither BIOS update nor ME update count as hardware change for Metered Boot aka my TPM secret could be unsealed ... scary


hmm, 8771 invalid file issue seems to relate to oemid and/or signing ... seeing that a) me_cleaner wipes out certificate authorities und b) a -SAVE ME_dumped.bin is only half the size of ME.bin ... trying to clean and re-flash the ME_dumped.bin now...

User avatar
Shawn
Posts: 2960
Joined: Fri Jan 18, 2013 11:35 am

Re: ME Update Error 8719

#7 Post by Shawn »

This is a mk6 Cf19, correct?
Any BIOS type work on them is shall I say "challenging". Mk3 CF31's are the same way.
Any custom BIOS work other than a standard Panasonic flash seems to require chip removal and a programmer.
Any software attempt has ended in fail for me.
They will work with ME removed completely. A chip replacement will be required to do that though.
Chip replacement is not for the unskilled. It's VERY easy to ruin a motherboard.
Life will beat you into submission.

User avatar
Karl Klammer
Posts: 193
Joined: Tue Oct 13, 2015 3:19 am
Location: Old Europe

Re: ME Update Error 8719

#8 Post by Karl Klammer »

whatever me_cleaner or intel FIT do output is invalid according to FWUpdLcl64.exe, probably due to OEM RSA signing
current challenge seems to be to get a so called "full dump" and see if corna version of me_cleaner and it's -s option play along with this OEM RSA stuff

Me.bin by panasonc is just ME/TXT
FWUpdLcl64.exe -SAVE is not recognized by me_cleaner at all ... but ok, it is not recognized by FWUpdLcl64.exe either .. wtf

my google-fu is weak tonight, my duckduckgo-fu even worse
try again tomorrow, good night ;-)

User avatar
Karl Klammer
Posts: 193
Joined: Tue Oct 13, 2015 3:19 am
Location: Old Europe

Re: ME Update Error 8719

#9 Post by Karl Klammer »

Anyone have a link for BIOS V06.00L10 ?
can only find BIOS V06.00L12 on pannys site...

want to downgrade again to see if some stuff works on the older version

User avatar
Shawn
Posts: 2960
Joined: Fri Jan 18, 2013 11:35 am

Re: ME Update Error 8719

#10 Post by Shawn »

let me see what I have.
I have a couple backups that are passworded. No idea what version they are.
Life will beat you into submission.

Post Reply

Return to “The LINUX forum!!!”