Web lists-archives.com

Re: INTEL-SA-00075




	Hi.

On Sat, Sep 23, 2017 at 10:54:34AM +0200, tomas@xxxxxxxxxx wrote:
> On Sat, Sep 23, 2017 at 11:34:49AM +0300, Reco wrote:
> 
> [...]
> 
> > Frankly, if you *really* need to do something about Intel AMT, you don't
> > need [1].
> > What you really need is [2] [...]
> 
> Sad, but true :-(

I disagree. Not sad, but fun.
Seeing /dev/mei0 disappear for good from yet another of my systems
filled by heart with joy.

Which brings me to this, in case anyone needs to do it *right* way:

1) apt-get install flashrom git

2) reboot with iomem=relaxed put into kernel commandline

3) flashrom -p internal -r /tmp/bad.rom

4) git clone https://github.com/corna/me_cleaner /tmp/me_cleaner

They should put this into Debian main's archive if not into
Debian-installer IMO.

5) python /tmp/me_cleaner -O /tmp/good.rom -s /tmp/bad.rom

6) Cross your fingers.

7) flashrom -p internal -w /tmp/good.rom

8) poweroff (reboot won't cut it), then boot without iomem=relaxed

Of course, you may brick the hardware, or it'll just start to behave
funny but the world would be a better place without Intel AMT.

Reco