Is it a "must do" for using me_cleaner to patch a BOIS rom of a firewall



  • Someone mentions intel sa-00075 and sa-00086 issues of Intel Management Engine(ME or IME). For the security of a firewall, is it a must to make Management Engine not functioning?

    By looking into me_cleaner's wiki, I found that the most possibly  successful way to use it and flash it is to buy a same model of your BOIS chip or UEFI chip, flash this chip with modified rom, and replace the original chip on motherboard with this chip.

    By the way, some useful links:
    me_cleaner in github:
    https://github.com/corna/me_cleaner

    How does me_cleaner work:
    https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F

    How to apply me_cleaner:
    https://github.com/corna/me_cleaner/wiki/How-to-apply-me_cleaner

    External flashing:
    https://github.com/corna/me_cleaner/wiki/External-flashing



  • What hardware do you have? will you try it?



  • It's not a 'must', but anything that reduces risk is worth doing.

    We have just carried this out on the Qotom G355G4, see the Qotom thread.

    It was very easy to do. As you said, find a copy of your existing bios, run it through me_cleaner and check that it says All OK and Good Luck, then just flash your bios with the modded bios.

    Of course, you run the risk of breaking your device, so it's best to have an external programmer you can lay your hands on that you can use to restore the bios if it all goes pear shaped.



  • @marjohn56:

    It's not a 'must', but anything that reduces risk is worth doing.

    We have just carried this out on the Qotom G355G4, see the Qotom thread.

    Yes. Greatly appreciate this message: "anything that reduces risk is worth doing".

    I have a Qotom G355G4 too, and a Atom D525 box will be changed to C3xxx or 7th or 8th generation i3/i5 when pfsense 2.5 is available.


Log in to reply