Overview

I have written a previous blog post about applying me_cleaner on my motherboard with a removable BIOS chip using a Raspberry Pi. This post will therefore be a bit more concise to avoid repetition.

My Lenovo ThinkPad T480 does not have a removable BIOS chip, so a SOIC8 clip was needed instead. This was much easier overall than my experience with my motherboard (see post linked above), and did not require any fiddling about with combining regions of different binary files. I used a CH341A USB programmer to avoid having to worry about wires and timing etc. myself.

Disclaimer

Do this at your own risk. You will void your warranty, you may brick or otherwise break your laptop. Your computer is your responsibility, not mine.

Read the wiki before attempting.

You may wish to check issue #3, 'me_cleaner status' and search for your motherboard/laptop details to see if anyone else has reported success/failure with the same hardware as you.

Summary

  • Connect the SOIC8 clip to the CH341A programmer and plug in via USB
  • Read the contents of the chip using flashrom
  • Apply me_cleaner -S to delete the ME and set the HAP bit
  • Write back to the chip

Section 1: setting everything up

Open your laptop and disconnect power

Unscrew and open up your laptop. This may require the use of a pry tool or something, you should probably look for a video or something on YouTube if this is your first time.

I don't know if this is necessary or not, but I figured it would probably be sensible to connect all power and batteries just to be on the safe side.

Connect to the BIOS chip

Locate the BIOS chip on your motherboard and connect the SOIC8 clip to it. You will notice that the clip has a red wire: this indicates where to connect pin 1. Pin 1 is indicated on the chip by a dot in one corner.

Chip location on motherboard

Clip connected to chip

Connect to the CH341A programmer

The other end of the wires on the SOIC8 clip need to connect to the CH341A programmer.

One side of the top of the programmer has a small diagram which indicates which socket to use depending on whether you have a 25XX or 24XX chip. This should be somewhere in the name written on the chip itself, or in the datasheet if you look up the part number written on the chip.

Chip version diagram

In my case the chip is a W25Q128JV, i.e. 25 series, so I connect it in the left hand side of the socket. The dot on the diagram indicates where to connect wire 1.

Plug the USB in to another computer (you can't use the same one that you're flashing, obviously!) and the POWER LED should turn on.

CH341A fully connected

Interface with the chip

We are going to use flashrom to interface with the chip. Make sure it is installed. We need to specify --programmer ch341a_spi to tell it that we're using a CH341A.

Test if the chip is detected by running without any other options. Look for output that indicates that the chip is found. flashrom -programmer ch341a_spi

Section 2: removing the ME

Extract the existing BIOS image

Read the contents of the chip: flashrom --programmer ch341a_spi -r extracted.bin

This will take a while and look like it's doing nothing. Just let it do it's thing! DO NOT unplug it!

Back this file up. This is your recovery file if your modified image doesn't work or bricks your motherboard.

Apply me_cleaner

Make sure you've read How to apply me_cleaner on the me_cleaner wiki, so that you know what you're doing.

I found that the 'full' application with -S worked fine for me: python me_cleaner.py -S -O modified.bin extracted.bin

The -S option turned out to be the cause of some random crashes where the whole system would freeze entirely, requiring a hard reboot. Using the -s option instead seemed to resolve these problems.

Verify that the ME is removed from the image by following the relevant steps in the wiki guide Get the status of Intel ME.

Flash your modified image back to the chip

Up until this point you haven't modified anything on your motherboard, so no damage done. This is the part where you can brick your motherboard! Make sure you understand the risk and accept what you're doing.

Make sure you have your original extracted.bin. If things go wrong, you can just flash it back with the same command.

Flash the modified image with the command
flashrom --programmer ch341a_spi -w merged.extracted.bin

This will take a while and look like it's doing nothing. Just let it do it's thing! DO NOT unplug it!

Test it

When it's done, unplug the SOIC8 clip. Connect the power up again, replace the case, and power on the laptop.

If all worked then when entering the BIOS you should be able to see that the 'ME Firmware Version' field is empty.

Empty ME Firmware Version in BIOS

Boot into your OS (I'm using Linux) and follow the wiki steps to validate that the ME is gone: Get the status of Intel ME.

If all has gone well, your laptop should work as normal, and the ME should be gone! If not, you can flash back your original extracted.bin to return to the original state.

You can also try me_cleaner with the -s option instead, as -S will not work for everyone.