Issue #588 has been reported by Walter Sonius.
----------------------------------------
Support #588: Deguard AssertionError using ./generatedelta.py on Dell Optiplex
5040 SFF (0T7D40) full rom dump
https://ticket.coreboot.org/issues/588
* Author: Walter Sonius
* Status: New
* Priority: Normal
* Category: userspace utilities
* Target version: none
* Start date: 2025-03-31
----------------------------------------
Running the deguard `./generatedelta.py` on the flashrom dumped rom from a Dell
Optiplex 5040 SFF (0T7D40 A00, Q170 chipset, ME 11.8.92.4222) 1.22 BIOS
results in the following AssertionError:
```
./generatedelta.py --input dell_optiplex_5040_sff_bios122.rom --output
data/delta/dell5040sff
Traceback (most recent call last):
File "/home/neon/deguard/./generatedelta.py", line 55, in <module>
mfs = MFS(me.entry_data("MFS"))
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/neon/deguard/lib/mfs.py", line 43, in __init__
page = MFSPage(self.data[page * self.PAGE_SIZE:(page + 1) *
self.PAGE_SIZE], page) # Load page
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/neon/deguard/lib/mfs.py", line 164, in __init__
self.chunks[chunk] = MFSChunk(data, chunk_id)
^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/neon/deguard/lib/mfs.py", line 273, in __init__
assert self.crc == MFS.Crc16(self.data + struct.pack("<H", self.chunk_id))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AssertionError
```
This "AssertionError" can be skipped by using "Filip Lewiński" [filipleple
patch](https://codeberg.org/libreboot/deguard/issues/1) on `lib/mfs.py`:
```
- assert self.crc == MFS.Crc16(self.data + struct.pack("<H",
self.chunk_id))
+ print(f"Chunk ID: {self.chunk_id}, Data: {self.data.hex()[:100]},
Expected CRC: {self.crc}, Calculated CRC: {MFS.Crc16(self.data +
struct.pack('<H', self.chunk_id))}")
+ # assert self.crc == MFS.Crc16(self.data + struct.pack("<H",
self.chunk_id))
+ if (self.crc != MFS.Crc16(self.data + struct.pack("<H",
self.chunk_id))):
+ print ("Invalid CRC!!!\n")
```
It now lists the following 52 CRC invalid errors, but will create a delta
folder structure like the example optiplex 3050 although it misses the `ptt`
folder and some other files differ:
```
./generatedelta.py --input dell_optiplex_5040_sff_bios122.rom --output
data/delta/dell5040sff | grep "CRC: 0,"
Chunk ID: 9662, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 40051
Chunk ID: 9668, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 31713
Chunk ID: 9669, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 18640
Chunk ID: 8173, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 20614
Chunk ID: 8174, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 1493
Chunk ID: 8175, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 14052
Chunk ID: 8176, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 9641
Chunk ID: 8177, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 5784
Chunk ID: 8178, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 17355
Chunk ID: 8179, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 28922
Chunk ID: 8180, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 59757
Chunk ID: 8181, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 55900
Chunk ID: 8182, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 36623
Chunk ID: 8183, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 48190
Chunk ID: 8184, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 44032
Chunk ID: 8185, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 40753
Chunk ID: 8186, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 51810
Chunk ID: 8187, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 63827
Chunk ID: 8188, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 24772
Chunk ID: 8189, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 21493
Chunk ID: 8190, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 1702
Chunk ID: 8191, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 13719
Chunk ID: 8192, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 61908
Chunk ID: 8193, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 49893
Chunk ID: 8194, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 38838
Chunk ID: 8195, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 42119
Chunk ID: 8196, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 15632
Chunk ID: 8197, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 3617
Chunk ID: 8198, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 23410
Chunk ID: 8199, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 26691
Chunk ID: 8200, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 30845
Chunk ID: 8201, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 19276
Chunk ID: 8202, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 7711
Chunk ID: 8203, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 11566
Chunk ID: 8204, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 46265
Chunk ID: 8205, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 34696
Chunk ID: 8206, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 53979
Chunk ID: 8207, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 57834
Chunk ID: 8208, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 62119
Chunk ID: 8209, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 49558
Chunk ID: 8210, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 38085
Chunk ID: 8211, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 42996
Chunk ID: 8212, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 15971
Chunk ID: 8213, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 3410
Chunk ID: 8214, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 22529
Chunk ID: 8215, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 27440
Chunk ID: 8216, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 31502
Chunk ID: 10199, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 3459
Chunk ID: 6000, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 48953
Chunk ID: 6001, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 35848
Chunk ID: 6002, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 55643
Chunk ID: 6003, Data:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
Expected CRC: 0, Calculated CRC: 60010
```
A tree view of the new delta folder:
```
data/delta/dell5040sff/
└── home
├── amt
│ ├── rtfd
│ │ ├── acl
│ │ │ ├── tnf0
│ │ │ ├── tnf1
│ │ │ └── tnf2
│ │ ├── amt.wol
│ │ ├── hshStr.crt19
│ │ ├── hshStr.crt23
│ │ ├── hshStr.crt24
│ │ ├── hshStr.crt25
│ │ └── hshStr.crt26
│ └── skip_rtfd
│ └── uim.policy
├── bup
│ ├── bup_sku
│ │ ├── emu_fuse_map
│ │ ├── fuse_ip_base
│ │ └── plat_n_sku
│ ├── invokemebx
│ └── mbp
├── fwupdate
│ ├── fwuavgerase
│ ├── fwuavgwrite
│ └── fwuoemid
├── gpio
│ └── csme_pins
├── icc
│ ├── dynregs
│ ├── header
│ ├── namestr
│ ├── prof0
│ ├── prof1
│ ├── prof2
│ ├── prof3
│ ├── prof4
│ ├── prof5
│ └── prof6
├── mca
│ ├── eom
│ └── ish_policy
├── mctp
│ └── device_ports
├── pavp
│ ├── hdcp_ports
│ └── lspcon_port
├── policy
│ ├── Bist
│ │ └── auto_config
│ ├── cfgmgr
│ │ └── cfg_rules
│ ├── hci
│ │ ├── sysintid1
│ │ ├── sysintid2
│ │ └── sysintid3
│ └── pwdmgr
│ └── segreto
└── secureboot
├── bootpolres
├── bootpoltype
├── enfpolicy
├── kmid
└── pubkeyhash
```
Diffing this compared to the example delta 3050 folder:
```
diff -bur optiplex_3050 optiplex_5040_sff_strip
Binary files optiplex_3050/home/bup/bup_sku/emu_fuse_map and
optiplex_5040_sff_strip/home/bup/bup_sku/emu_fuse_map differ
Binary files optiplex_3050/home/bup/bup_sku/plat_n_sku and
optiplex_5040_sff_strip/home/bup/bup_sku/plat_n_sku differ
Only in optiplex_5040_sff_strip/home/bup: invokemebx
Binary files optiplex_3050/home/bup/mbp and
optiplex_5040_sff_strip/home/bup/mbp differ
Binary files optiplex_3050/home/icc/dynregs and
optiplex_5040_sff_strip/home/icc/dynregs differ
Binary files optiplex_3050/home/icc/prof0 and
optiplex_5040_sff_strip/home/icc/prof0 differ
Only in optiplex_3050/home/icc: prof10
Only in optiplex_3050/home/icc: prof7
Only in optiplex_3050/home/icc: prof8
Only in optiplex_3050/home/icc: prof9
Only in optiplex_5040_sff_strip/home/policy: Bist
Binary files optiplex_3050/home/policy/cfgmgr/cfg_rules and
optiplex_5040_sff_strip/home/policy/cfgmgr/cfg_rules differ
diff -bur optiplex_3050/home/policy/hci/sysintid1
optiplex_5040_sff_strip/home/policy/hci/sysintid1
--- optiplex_3050/home/policy/hci/sysintid1 2025-03-31 15:36:47.220784635
+0200
+++ optiplex_5040_sff_strip/home/policy/hci/sysintid1 2025-03-31
16:01:29.335254012 +0200
@@ -1 +1 @@
-�n$�
\ No newline at end of file
+_��
\ No newline at end of file
diff -bur optiplex_3050/home/policy/hci/sysintid2
optiplex_5040_sff_strip/home/policy/hci/sysintid2
--- optiplex_3050/home/policy/hci/sysintid2 2025-03-31 15:36:47.220784635
+0200
+++ optiplex_5040_sff_strip/home/policy/hci/sysintid2 2025-03-31
16:01:29.335254012 +0200
@@ -1 +1 @@
-��t`
\ No newline at end of file
+����
\ No newline at end of file
diff -bur optiplex_3050/home/policy/hci/sysintid3
optiplex_5040_sff_strip/home/policy/hci/sysintid3
--- optiplex_3050/home/policy/hci/sysintid3 2025-03-31 15:36:47.220784635
+0200
+++ optiplex_5040_sff_strip/home/policy/hci/sysintid3 2025-03-31
16:01:29.335254012 +0200
@@ -1 +1 @@
-Ȯ�
\ No newline at end of file
+�a<
\ No newline at end of file
diff -bur optiplex_3050/home/policy/pwdmgr/segreto
optiplex_5040_sff_strip/home/policy/pwdmgr/segreto
--- optiplex_3050/home/policy/pwdmgr/segreto 2025-03-31 15:36:47.221784637
+0200
+++ optiplex_5040_sff_strip/home/policy/pwdmgr/segreto 2025-03-31
16:01:29.335254012 +0200
@@ -1 +1 @@
-��к
\ No newline at end of file
+�"�H
\ No newline at end of file
```
After deleting (strip) the `secureboot` and `amt,fwupd,pavp` folders it will
generate a 2M consumer ME image when using `finalimage.py`.
`./finalimage.py --delta data/delta/dell5040sff --version 11.6.0.1126 -pch H
--sku 2M --fake-fpfs data/fpfs/zero --input
external/asrock_h110_me_11.6.0.1126.bin --output 5040sff_patched_me.bin`
When enabling the HAP bit on the original IFD and replacing the ME with the
downgraded and deguarded ME should complete the manual.
Is it correct to replace the current corporate ME firmware around ~7MB from the
original image with this 2MB donor consumer variant, will it be similar like
the Optiplex 3050 from the example or should I find a older vulnerable
corporate ME firmware?
Which file(s) of this dump may I distribute / upload to this ticket license
wise to improve debugging?
Using the service mode jumper on this Dell Optiplex 5040 SFF I was able to
fully read and write the whole firmware even the ME regions (checksum checked
it). Anyone else experience or success using a 'ch341a_spi' or 'raspberry spi'
doing in-situ flash recover on this particular Dell or similar in case I need
it?
https://www.dell.com/support/product-details/en-uk/product/optiplex-5040-sff/drivers
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
https://ticket.coreboot.org/my/account
_______________________________________________
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
