I wrote this using notes that I took in 2024 while working on a cluster of Dell Precision 3240 Compact (CSME14) and Dell Precision 3450 SFF (CSME15) workstations. The Win-Raid forums has extensive documentation covering this subject but it is scattered and not beginner friendly so hopefully this guide can bridge that gap. Users should read the relevant sections on the Win-Raid forums as the procedure can vary based on chipset generation. Big thanks to plutomaniac and other maintainers at the Win-Raid forums that have made this procedure possible.
Please submit corrections or improvements to make this guide better. If you are successful please mention the make/model/chip of the machine you flashed and variations to the procedure that you had to make.
Prerequisites
Tools
In addition to the computer with an Intel AMT capable chipset and NIC, the following items are required and can be found on Amazon, AliExpress, etc. Setup Photo
Programming IC
Preparation
MEAnalyzer
Analyze dump file
Unpack dump file (not necessary unless you are using CSME15)
Enabling AMT
Clean ME
Follow the exact steps from this post under Section D4: [Guide] Clean Dumped Intel Engine (CS)ME/(CS)TXE Regions with Data Initialization
From the MEAnalyzer output.txt that we saved earlier - view the version, SKU, and chipset (For 3240_UFF 14.1.72.2287 it is SKU Corporate H Chipset A). Use this version for all the tools and firmware referenced below.
From the CSME Firmware zip, find the firmware that matches the parameters above (For 3240_UFF 14.1.72.2287_COR_H_A_PRD_EXTR-Y_DC95469B.bin)
Create a new folder and copy the firmware from above to it and rename it "ME Sub Partition.bin"
From the CSME System Tools zip, run Flash Image Tool and drag the full SPI dump obtained from reading the chip with the programmer (3240_UFF_SPI.bin). Since ME>=12 the full dump must be provided rather than just the ME dump. Reference: [Guide] Clean Dumped Intel Engine (CS)ME/(CS)TXE Regions with Data Initialization
NOTE: if using ME Version 15 (Such as 3450_SFF) go to the section after this title ME15 as by default the dump will fail to parse. After you are done there come back to this step.
Make the necessary changes to enable AMT/vPRO:
HideMEBxFwUpdCtrl value=“No”
AmtSupported value=“Yes”
MngHwStatus value=“Enabled” (This setting will permanently disable Manageability hardware through platform FPFs. At End-of-Manufacturing (EOM), enable/disable policy value is committed to FPF and can never be changed.)
NetServicesSupported value=“Yes”
MngAppSupported value=“Yes”
MngAppPowerUpState value=“Enabled”
AmtWdAutoReset value=“No”
KvmScreenBlnkEnable value=“No”
KvmSupported value=“Yes”
TlsCryptoSupport value=“Yes”
Go to "Build > Build Settings", select "No" at the option to "Generate Intermediate Files", leave all other settings intact and click Close.
File --> Save As <filename>.xml
Close FIT
Skip section 7 since we do not have CSTXE. To verify you do not need to do this search the MEAnalyzer_Output.txt for SMIP. If yes you will need to do section 7 and all relevant signed key sections.
In the root directory where Flash Image Tool as launched, there should be a subfolder for the SPI dump. Navigate into the decompiled folder and copy the "ME Sub Partition.bin" from the earlier step.
Open FIT and open the .xml saved just above.
Click Build (icon on tool bar) and the outimage.bin will be generated. This is the full SPI dump with the cleaned ME region.
Now, you need to verify that the resulting image ("outimage.bin") is indeed not Initialized. Import the output file to ME Analyzer and check if the Major/Minor versions, SKU & Stepping are the same as before. In order to verify that the DATA section is now Configured and not Initialized, make sure that the File System State is reported as "Configured".
Last but not least, once your new cleaned+configured SPI/BIOS dump or Engine region is flashed on the target system, run Flash Programming Tool with command fpt -greset and wait for the system to reset (no settings are lost). This step is very important because it forces the Engine co-processor to re-initialize and properly accept any changes to its SPI/BIOS image region counterpart.
FPTW64.exe -greset
Flash original chip using method of choice (Write IC in Programming section above)
Extra Steps for ME15
Reference:
winraid.level1techs.com
winraid.level1techs.com
For some reason Flash Image Tool will fail to parse the SPI dump direct and must be manually cleaned prior to inserting into Flash Image Tool.
Download the latest bios from the manufacturer. Check out the "Extract Images by Manufacturer" section below to extract it.
Upon extracting, unpack the Intel ME firmware using MEAnalyzer:
-unp86 "3 TreasureRkl_15.0.47.2521_EVT_CHPB_64 v1.25.0 -- 2 Intel Management Engine Corporate Firmware Update v15.0.47.2521"
OR (the EFS and MFS should be the same regardless if it's taken from the manufacturer BIOS or the firmware package):
From the CSME Firmware zip, find the firmware that matches the parameters above (For 3450_SFF 15.0.47.2521_COR_H_B_PRD_EXTR-Y_02C833D2.bin)
Unpack it via MEAnalyzer
-unp86 15.0.47.2521_COR_H_B_PRD_EXTR-Y_02C833D2.bin
From the output, save the `EFS 0000 [0x6D9000].bin` and open with a hex editor such as HxD. MFS is not needed in this case but in case it is, instructions are included below.
First we need to find where the EFS and MFS regions are in our bios file. Open UEFIToolNE and drag the full dumped SPI that we pulled from the chip. Expand the regions to locate MFS and EFS:
Intel image --> ME region --> Data partition --> MFS
Address: FE2CE000h
Full size: 13E000h (1302528)
Intel image --> ME region --> Data partition --> EFS
Address: FE410000h
Full size: 10000h (65536)
Make a copy of the SPI dump obtained from the programmer and open with a hex editor.
Now we need to replace the EFS content of the dump we took from our computer with the default EFS values. Open the dump we read in the hex editor (HxD) and find the existing block and replace with the clean block.
Procedure:
Open 3450_SFF_SPI_COPY.bin
Search --> Go to... --> Offset --> 410000 --> hex --> relative to begin
Edit --> Select Block --> Length --> 10000 --> hex
Edit --> Delete
Copy everything from the clean `EFS 0000 [0x6D9000].bin` CTRL+C --> CTRL+V into the SPI dump at 0x410000 where the cursor should be.
Save as 3450_SFF_SPI_EFS_CLEANED.bin
Repeat same procedure for MFS if required, using the address and size obtained in previous steps.
Now the new saved file can be opened with Intel Flash Image Tool.
Configure AMT
Using AMT
For full functionality, we can replace the default Intel AMT WebUI with the MeshCommander one that includes KVM and many other things.
NOTE2: If you're using the Intel AMT NIC as part of a network bond you will face various challenges where the AMT interface becomes unavailable. To prevent this make sure your bond uses a MAC that is not the same as the AMT NIC and the primary interface is set to AMT NIC.
Extract Images By Manufacturer
Download latest release: GitHub - platomav/BIOSUtilities: Collection of various BIOS/UEFI-related utilities which aid in research and/or modding purposes.
Download desired BIOS update file from manufacturer website.
Please submit corrections or improvements to make this guide better. If you are successful please mention the make/model/chip of the machine you flashed and variations to the procedure that you had to make.
Prerequisites
Tools
In addition to the computer with an Intel AMT capable chipset and NIC, the following items are required and can be found on Amazon, AliExpress, etc. Setup Photo
- CH341A Black Programmer
- 8 or 16 Pin CH341 board
- 8 Pin Clip
- 16 Pin Clip terminated with dupont female ends (only if your chip is 16 pin) Photo
- Driver for CH341A: Nanjing Qinheng Microelectronics Co., Ltd.
- ASProgrammer: Releases · nofeletru/UsbAsp-flash
- MEAnalyzer: GitHub - platomav/MEAnalyzer: Intel Engine & Graphics Firmware Analysis Tool
Programming IC
Preparation
- Turn off computer, disconnect from power source, press power button to drain residual power, and remove CMOS battery. Do not attempt to Read or Write while power is connected.
- Locate and identify BIOS Chip (W25Q256JV for 3240_UFF) Photo
- Connect clip to BIOS chip and then connect the clip ends to the 8 pin clipboard
- For 8 pin clips, the first pin is indicated in red. Match this to the chip where the first pin is usually indicated with a notch or circle indent.
- For 16 pin chips, consult the SOP16 to SOP8 photo. Standard 16 pin clips may not have the right pin out which is why the dupont variant above is necessary. Photo
- Connect clipboard to Programmer in the 25XX slot.
- Open ASProgrammer
- Click Read ID and select the model of the chip (W25Q256JV)
- Click Read IC (if fails to detect, try to reseat the clip on the chip)
- After reading click verify to verify the dump that we just read
- If the verification is successful, save the file as 3240_UFF_SPI.bin
- MX25L25673G
- W25Q256JV
- GD25B256D
- Open ASProgrammer
- Select the model of the IC (W25Q256JV)
- Open the outimage.bin that was built in FIT
- Click the dropdown next to Program IC and select the Unprotect --> Erase --> Program --> Verify option. It should take ~10 minutes to write and verify.
MEAnalyzer
Analyze dump file
- Run command prompt as Administrator
- `python MEA.py`
- `-dfpt <filename>.bin`
- Copy and paste this output to a text file MEA_Output.txt
Unpack dump file (not necessary unless you are using CSME15)
- Run command prmopt as Administrator
- `python MEA.py`
- `-unp86 <filename>.bin`
Enabling AMT
Clean ME
Follow the exact steps from this post under Section D4: [Guide] Clean Dumped Intel Engine (CS)ME/(CS)TXE Regions with Data Initialization
From the MEAnalyzer output.txt that we saved earlier - view the version, SKU, and chipset (For 3240_UFF 14.1.72.2287 it is SKU Corporate H Chipset A). Use this version for all the tools and firmware referenced below.
From the CSME Firmware zip, find the firmware that matches the parameters above (For 3240_UFF 14.1.72.2287_COR_H_A_PRD_EXTR-Y_DC95469B.bin)
Create a new folder and copy the firmware from above to it and rename it "ME Sub Partition.bin"
From the CSME System Tools zip, run Flash Image Tool and drag the full SPI dump obtained from reading the chip with the programmer (3240_UFF_SPI.bin). Since ME>=12 the full dump must be provided rather than just the ME dump. Reference: [Guide] Clean Dumped Intel Engine (CS)ME/(CS)TXE Regions with Data Initialization
NOTE: if using ME Version 15 (Such as 3450_SFF) go to the section after this title ME15 as by default the dump will fail to parse. After you are done there come back to this step.
Make the necessary changes to enable AMT/vPRO:
HideMEBxFwUpdCtrl value=“No”
AmtSupported value=“Yes”
MngHwStatus value=“Enabled” (This setting will permanently disable Manageability hardware through platform FPFs. At End-of-Manufacturing (EOM), enable/disable policy value is committed to FPF and can never be changed.)
NetServicesSupported value=“Yes”
MngAppSupported value=“Yes”
MngAppPowerUpState value=“Enabled”
AmtWdAutoReset value=“No”
KvmScreenBlnkEnable value=“No”
KvmSupported value=“Yes”
TlsCryptoSupport value=“Yes”
Go to "Build > Build Settings", select "No" at the option to "Generate Intermediate Files", leave all other settings intact and click Close.
File --> Save As <filename>.xml
Close FIT
Skip section 7 since we do not have CSTXE. To verify you do not need to do this search the MEAnalyzer_Output.txt for SMIP. If yes you will need to do section 7 and all relevant signed key sections.
In the root directory where Flash Image Tool as launched, there should be a subfolder for the SPI dump. Navigate into the decompiled folder and copy the "ME Sub Partition.bin" from the earlier step.
Open FIT and open the .xml saved just above.
Click Build (icon on tool bar) and the outimage.bin will be generated. This is the full SPI dump with the cleaned ME region.
Now, you need to verify that the resulting image ("outimage.bin") is indeed not Initialized. Import the output file to ME Analyzer and check if the Major/Minor versions, SKU & Stepping are the same as before. In order to verify that the DATA section is now Configured and not Initialized, make sure that the File System State is reported as "Configured".
Last but not least, once your new cleaned+configured SPI/BIOS dump or Engine region is flashed on the target system, run Flash Programming Tool with command fpt -greset and wait for the system to reset (no settings are lost). This step is very important because it forces the Engine co-processor to re-initialize and properly accept any changes to its SPI/BIOS image region counterpart.
FPTW64.exe -greset
Flash original chip using method of choice (Write IC in Programming section above)
Extra Steps for ME15
Reference:
[Help please] Dell Optiplex 7090 - Enabling Intel ME
Alright, for some reason, FIT refuses to work with the initialized/dumped SPI images, even though they seem healthy when checked/unpacked via ME Analyzer (MEA). The only way to get them to work with FIT is to manually clean their initialized File Systems (MFS, EFS) by replacing those regions...
winraid.level1techs.com
[Solved] 7090MFF active intel AMT(Vpro) intel FIT error
Delete the block in firmware Select all in the stock EFS (Ctrl-A) Copy (Ctrl-C) Paste into firmware at 0x410000, cursor should still be in right position Should be enough with EFS!
winraid.level1techs.com
For some reason Flash Image Tool will fail to parse the SPI dump direct and must be manually cleaned prior to inserting into Flash Image Tool.
Download the latest bios from the manufacturer. Check out the "Extract Images by Manufacturer" section below to extract it.
Upon extracting, unpack the Intel ME firmware using MEAnalyzer:
-unp86 "3 TreasureRkl_15.0.47.2521_EVT_CHPB_64 v1.25.0 -- 2 Intel Management Engine Corporate Firmware Update v15.0.47.2521"
OR (the EFS and MFS should be the same regardless if it's taken from the manufacturer BIOS or the firmware package):
From the CSME Firmware zip, find the firmware that matches the parameters above (For 3450_SFF 15.0.47.2521_COR_H_B_PRD_EXTR-Y_02C833D2.bin)
Unpack it via MEAnalyzer
-unp86 15.0.47.2521_COR_H_B_PRD_EXTR-Y_02C833D2.bin
From the output, save the `EFS 0000 [0x6D9000].bin` and open with a hex editor such as HxD. MFS is not needed in this case but in case it is, instructions are included below.
First we need to find where the EFS and MFS regions are in our bios file. Open UEFIToolNE and drag the full dumped SPI that we pulled from the chip. Expand the regions to locate MFS and EFS:
Intel image --> ME region --> Data partition --> MFS
Address: FE2CE000h
Full size: 13E000h (1302528)
Intel image --> ME region --> Data partition --> EFS
Address: FE410000h
Full size: 10000h (65536)
Make a copy of the SPI dump obtained from the programmer and open with a hex editor.
Now we need to replace the EFS content of the dump we took from our computer with the default EFS values. Open the dump we read in the hex editor (HxD) and find the existing block and replace with the clean block.
Procedure:
Open 3450_SFF_SPI_COPY.bin
Search --> Go to... --> Offset --> 410000 --> hex --> relative to begin
Edit --> Select Block --> Length --> 10000 --> hex
Edit --> Delete
Copy everything from the clean `EFS 0000 [0x6D9000].bin` CTRL+C --> CTRL+V into the SPI dump at 0x410000 where the cursor should be.
Save as 3450_SFF_SPI_EFS_CLEANED.bin
Repeat same procedure for MFS if required, using the address and size obtained in previous steps.
Now the new saved file can be opened with Intel Flash Image Tool.
Configure AMT
- Boot the computer that was just updated and enable Intel AMT in the BIOS under Manageability
- Enabled the option to show MEBx on the boot menu
- Reboot the computer and either press CTRL+P to go into the AMT menu or select it from the boot menu if the option was enabled in the step above
- Default login is "admin" and password is "admin"
- Change password to something with an uppercase, lowercase, symbol, and more than 8 chars
- Setup network configuration, hostname and domain name should match whatever is set on the OS
- Disable user consent on KVM.
- Accessible via http://ip.address:16992
- Default idle timeout is 1 (one second), recommended to set to the max value 65535.
Using AMT
For full functionality, we can replace the default Intel AMT WebUI with the MeshCommander one that includes KVM and many other things.
- Download the mesh commander 0.9.5 firmware (not the installer): MeshCentral - Firmware or MeshCentral - Downloads
- Run the .exe on a windows client and enter the host, username, and password that we setup above
- Next click the advanced option and it will update the WebUI (basic one is also OK it just adds KVM whereas the advanced adds everything)
- Now you can access the KVM and full functionality of AMT from the WebUI and not need to rely on a tool like MeshCentral or MeshCommander.
- This can be reverted by running the program again and selecting the remove option.
NOTE2: If you're using the Intel AMT NIC as part of a network bond you will face various challenges where the AMT interface becomes unavailable. To prevent this make sure your bond uses a MAC that is not the same as the AMT NIC and the primary interface is set to AMT NIC.
Extract Images By Manufacturer
Download latest release: GitHub - platomav/BIOSUtilities: Collection of various BIOS/UEFI-related utilities which aid in research and/or modding purposes.
Download desired BIOS update file from manufacturer website.
- Run command prompt as Administrator
- `python Dell_PFS_Extract.py`
Attachments
Last edited:
