ME stands for Management Engine (or Manageability Engine) and refers to an Embedded Controller found in Intel chipsets. It uses different versions of an ARC 32-bit microcontroller that runs its own operating system independently from the user's. The ME has access to all kinds of buses which allows for out-of-band processing which is used for features like Active Management Technology, but it makes it also a very interesting target for black hats. The firmware it runs is secured by certificates stored in ROM, but it is a complex beast and it is very unlikely that there is no way around its security measures (intentional backdoors included). For further details about the ME please see these excellent slides by Igor Skochinsky (mirror) and the Security Evaluation of AMT by Vassilios Ververis.
Effects on flashrom
The firmware of the ME usually shares the flash memory with the firmware of the host PC (BIOS/UEFI/coreboot). The address space is separated into regions (similar to partitions on a harddisk). The first one (Descriptor region) contains configuration data which contains something similar to a partition table and access rights for the different devices that can access the flash (host CPU, ME, GbE controller). These restrictions are enforced by the chipset's SPI controller which is the main interface for flashrom to access the flash chip(s) attached to the chipset. Intel recommends to set the descriptor region read-only and to forbid reads and writes to the ME region by the host CPU. Writes by the host could interfere with the code running on the ME. This means that flashrom which runs on the host PC can not access the ME firmware region of the flash at all in this configuration. flashrom detects that, warns the user and disables write access for safety reasons in that case.
Unlocking the ME region
There are a few ways to enable full access to the ME region, but they are not user friendly at all in general. Also, the Descriptor region is not affected by these actions, so it is still not possible to access the complete flash memory even when the ME region is unlocked. For the different possibilities please see the documentation in our repository.
- If you just want to update the proprietary firmware of the board use the vendor tool(s).
- If you need full access to the flash chip get an external programmer and try in-circuit programming.
- If you only want to read the BIOS region, or if you really know what you are doing you can access the BIOS region at will with the use of a layout file (and some patches).
- This will also be developed further to become a viable choice for users in the future to update their host firmware. Until then we strongly suggest the first workaround above.