This is a new utility to analyze and edit firmware images for Intel platforms.
Based on knowledge from other projects, such as
me_cleaner, coreboot's ifdtool, ME Analyzer and related research,
intel_fw is written from scratch in Rust, allowing for integration with other
projects, including a flexible API.
The architecture and design is based on experience.
To test this tool, you will need sample firmware images. For convenience, take a look at the scripts used for development.
The me command lets you print, edit and check the (CS)ME firmware.
The me clean command is compatible with me_cleaner, with minor differences:
- The
--whitelistand--blacklistflags do not cause deletion of partitions when multiple partitions refer to the same range, but at least one of them is to be retained. This is considered a bug fix. - The
--checkflag checks all directory partitions as well as the presence of the FTPR. Analysis details are printed unconditionally. - The
--truncuateoption may result in smaller ME images thanme_cleaner.
To run the CLI via cargo directly, remember to add arguments after an extra
--; i.e., to print the general help, invoke cargo run --relase -- -h, or,
for a subcommand, e.g. cargo run --relase -- me clean -h.
- bootstrap a new, general CLI,
intel_fw, with anmesubcommand- mimic the
me_cleanerCLI, using similar+same arguments and switches for compatibility
- mimic the
- port the logic to Rust, using
me_cleaner-edited images as test fixtures- NOTE: committing the test fixtures would be big and a potential license issue; instead, add notes on how to reproduce them, via public vendor images and extraction utilities (e.g. from Lenovo)
- step 1: port core logic to produce the same output as
me_cleanerfor Lenovo ThinkPad X230 + X270 - step 2: full feature parity with
me_cleaner
- expand the documentation
- higher-level view on Intel platform boot flows
- how the Intel data structures work, in prose
- adding support for more platforms and variants
- work out a reusable library, i.e., a Rust crate for https://crates.io/
- turn all
unwrap()s intoOption/Result; add lint rule - add bounds checks
- publish the crate
- turn all
- sync up; https://github.com/corna/me_cleaner has another patch that coreboot is missing, doing rework and adding ME Gen 1 support