This patch took alot of tweaking but i can confirm it works !
The soft-disable path for ME 14 (gen 5) in the original code writes to
fpsba+0x80 which is incorrect for Comet Lake LP boards (ThinkPad X13,
X1C Gen 8 etc). The HAP bit on CML-LP lives at fpsba+0x70 bit 16.
Confirmed via byte diff of stock vs Intel FIT-patched BIOS:
stock PCHSTRP28 = 0x801801b8 (bit 16 = 0)
patched PCHSTRP28 = 0x801901b8 (bit 16 = 1)
Also adds ME 13 (Ice Lake) which was completely missing from the
version map and would silently fail.
Fork with hardware-confirmed fixes for 8th-10th gen intel / ME8-16:
https://github.com/MangoKiwiPlumGrape/me_cleaner_thinkpad
Confirmed working:
- ThinkPad X1 Carbon 6th-9th gen (ME 12, CFL-U LP)
- ThinkPad X13 Gen 1 (ME 14, CML-U LP)
What Happens After Setting HAP
Once the patched BIOS is flashed, the Intel ME halts itself immediately after hardware initialisation. No tool, driver or OS interface can communicate with it.
BIOS / Firmware
- ME version field is empty/blank
- No ME information is displayed anywhere in the BIOS
lspci
$ lspci | grep -i "mei\|management engine\|heci"
# returns nothing
Intel MEInfo
$ sudo ./MEInfo
# returns nothing — no ME interface to talk to
intelmetool
$ sudo intelmetool -m
# returns nothing — no ME interface to talk to
MEAnalyzer
Cannot communicate with the live ME. Can still parse the BIOS file and will confirm HAP/AltMeDisable: Yes.
Summary
| Tool |
Before HAP |
After HAP |
| BIOS ME version |
14.x.x.x |
blank |
lspci |
visible |
nothing |
| MEInfo |
returns ME data |
nothing |
| intelmetool |
returns ME data |
nothing |
| MEAnalyzer (file) |
HAP = No |
HAP = Yes |
| Any ME tool (live) |
functional |
no device to bind to |
Related
For OS-level ME disable (blocks kernel modules, removes from lspci):
https://github.com/MangoKiwiPlumGrape/intel-me-disable
This patch took alot of tweaking but i can confirm it works !
The soft-disable path for ME 14 (gen 5) in the original code writes to
fpsba+0x80 which is incorrect for Comet Lake LP boards (ThinkPad X13,
X1C Gen 8 etc). The HAP bit on CML-LP lives at fpsba+0x70 bit 16.
Confirmed via byte diff of stock vs Intel FIT-patched BIOS:
stock PCHSTRP28 = 0x801801b8 (bit 16 = 0)
patched PCHSTRP28 = 0x801901b8 (bit 16 = 1)
Also adds ME 13 (Ice Lake) which was completely missing from the
version map and would silently fail.
Fork with hardware-confirmed fixes for 8th-10th gen intel / ME8-16:
https://github.com/MangoKiwiPlumGrape/me_cleaner_thinkpad
Confirmed working:
What Happens After Setting HAP
Once the patched BIOS is flashed, the Intel ME halts itself immediately after hardware initialisation. No tool, driver or OS interface can communicate with it.
BIOS / Firmware
lspci
Intel MEInfo
$ sudo ./MEInfo # returns nothing — no ME interface to talk tointelmetool
$ sudo intelmetool -m # returns nothing — no ME interface to talk toMEAnalyzer
Cannot communicate with the live ME. Can still parse the BIOS file and will confirm
HAP/AltMeDisable: Yes.Summary
lspciRelated
For OS-level ME disable (blocks kernel modules, removes from lspci):
https://github.com/MangoKiwiPlumGrape/intel-me-disable