Get the status of Intel ME

Once you've installed your modified Intel ME firmware you may want to verify if everything went as expected. There are various ways to accomplish this:

intelmetool

The easiest way is to use intelmetool, a tool able to get the current status of Intel ME. If not already done, clone the coreboot repository:

 $ git clone --depth=1 https://review.coreboot.org/coreboot

and run:

 $ cd coreboot/util/intelmetool
 $ make
 # ./intelmetool -m

The output depends on several factors (-s/-S flag, ME version, ...), see these these two references (without options and with -S).

The output of intelmetool should match the content of this table:

intelmetool line	Stock firmware	me_cleaner with -S or -s	me_cleaner with no options
FW Partition Table	OK	OK	OK
Firmware Init Complete	YES	NO	NO
Current Working State	Normal	Anything but Platform Disable Wait	Anything but Platform Disable Wait
Error Code	No Error	No Error	Image Failure
Progress Phase	Host Communication	BUP Phase	BUP Phase
Progress Phase State	Host communication established	[...] straps say ME DISABLED	M0 kernel load

If it shows an error like

 Error mapping physical memory 0x..... [0x4000] ERRNO=1 Operation not permitted
 Could not map MEI PCI device memory

you just have to run your kernel with the iomem=relaxed option.

me_cleaner -c

You can also dump again the Intel ME firmware again after the successful boot and run me_cleaner.py -c on it; the output should be similar to this one:

Full image detected
The ME/TXE region goes from 0x3000 to 0x500000
Found FPT header at 0x3010
Found 1 partition(s)
Found FTPR header: FTPR partition spans from 0xcc000 to 0x142000
ME/TXE firmware version 7.1.86.1221
Public key match: Intel ME, firmware versions 7.x.x.x, 8.x.x.x
The AltMeDisable bit is SET
Checking the FTPR RSA signature... VALID

Note the two bold lines, which means respectively that only a partition is left (-S or no options) and that the HAP/AltMeDisable bit is set (-S/-s options).