Internal flashing with coreboot
Since you're using coreboot this procedure is much easier than the non-coreboot case. First get a copy of your current firmware (and save it somewhere safe, in case something goes wrong) and check the ME region protections with ifdtool; if you have a laptop run
$ flashrom -p internal:laptop=force_I_want_a_brick -c <CHIP MODEL> -r dump.bin
otherwise run
$ flashrom -p internal -c <CHIP MODEL> -r dump.bin
Now run ifdtool -d dump.bin and check the section
FLMSTR1: 0x........ (Host CPU/BIOS)
If the lines Intel ME Region Write Access and Intel ME Region Read Access are disabled you're out of luck, you have to use an external programmer to apply me_cleaner (or you can directly unlock the read/write access to the ME region with ifdtool -u dump.bin, but you still need an external programmer to flash the new permissions). Otherwise, if you have read/write access to the ME regions, you can proceed with this guide.
If you don't need to recover the space freed by me_cleaner just change the coreboot build option Strip down the Intel ME/TXE firmware (CONFIG_USE_ME_CLEANER) to y, rebuild coreboot and flash it with the usual methods.
If you instead want to recover the extra ROM space (which is a considerable amount of space, ~1 MB or ~5 MB, depending on the firmware type):
$ python me_cleaner.py -r -t -d -O out.bin -D ifd_shrinked.bin -M me_shrinked.bin original_dump.bin
me_cleaner should print some output; note the lines
Modifying the regions of the extracted descriptor...
00003000:004fffff me --> 00003000:0001ffff me
00500000:007fffff bios --> 00020000:007fffff bios
This means that me_cleaner has modified the original descriptor with this layout
to this new one, where the BIOS region is 4.9 MB bigger than before.
Three files should have been generated:
-
out.bin, a flashable full image with the original layout (which we don't need) -
ifd_shrinked.bin, an Intel Flash Descriptor with the new layout -
me_shrinked.bin, a modified Intel ME image, truncated to fit in the ME region of the new layout
Rebuild coreboot selecting ifd_shrinked.bin as IFD_BIN_PATH, me_shrinked.bin as ME_BIN_PATH and increasing CBFS_SIZE accordingly and flash the resulting image.
Great! If you want to check the status of Intel ME you can see this guide.
Don't panic! Just use an external programmer to flash back a working firmware:
$ flashrom -p linux_spi:dev=/dev/spidev0.0,spispeed=10000 -c <CHIP MODEL> -w dump.bin
Everything should be now exactly as before, and the system should boot again. If you really want to have a deblobbed Intel ME firmware you can take a look at this page and, if nothing works, open an issue on GitHub and look for possible solutions.