Extract and replace ME Configuration

[KingBonecrusher]

Hi!

Will it be possible in the future to extract and/or replace the configuration area inside the me firmware? At the moment this can only be done by Intel FIT. Idea is to extract the configuration and inject the configuration into a new me image.

[skochinsky]

I think for a start it should not be too difficult to just copy over the EFFS/MSF partition from a clean image.

AFAIK currently only parsing of MFS is implemented; I don't know how difficult it would be to implement writing. This may get tricky, especially on recent firmwares that use encryption/signing for some of the data IIRC.

[platomav]

As Igor said, currently full parsing & extraction is implemented. Rebuilding the MFS is a whole other story, more like a nightmare considering its size & complexity. It is definitely possible since FIT can do it, even for Initialized dumps. Of course the latter comes with some limitations when files which are AES encrypted and/or HMAC SHA-256 integrity-protected are encountered.

One issue I can think of right now has to do with System Pages which hold obfuscated Chunk Indexes. When parsing/extracting, we can get their values by reversing the chunk's CRC-16 which is derived by the Index + Data but that doesn't help while rebuilding.

Re-creating the File Allocation Table, which is what the System Pages contain, is also strange challenging. FIT seems to always keep the old configuration chunks within the Data pages (albeit shifted to hold the new at the top too) but they are not directly addressable via the new FAT so their existence makes no sense to me. This is probably done to slightly reduce SPI flash wear upon firmware re-flash.

Generically, there are a lot of things to consider & understand about the MFS before any rebuilding code can be added. If/when MFS rebuilding is added, it will mostly be useful for research purposes only as any actual setting adjustments would still require FIT. For pretty much all normal use cases, you can follow the Engine CleanUp Guide in order to easily & properly transfer MFS settings from one image to another using FIT.

Tl;dr is that rebuilding the MFS is possible but fairly difficult to implement with our current level of understanding. For 99.9% of cases (that 0.1% being research), using FIT is enough though.

[orangecms]

Check out https://github.com/peterbjornx/meimagetool :)

[platomav]

Yes I am aware and have used his utilities for my own repositories. Still a long way from what is needed to re-build the MFS fully but great work indeed.