The pfSense Store

Author Topic: Unofficial QOTOM Hardware Topic  (Read 28018 times)

0 Members and 1 Guest are viewing this topic.

Offline newabc

  • Jr. Member
  • **
  • Posts: 29
  • Karma: +0/-0
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #585 on: December 06, 2017, 01:44:10 pm »
By the way, is dl.qotom.net really secure? Because I got warning from Chrome and Firefox and cannot download any files by them even I ignored the warning. I used other tools to download the file Q3XXG404.zip.

I haven't seen any file there is suspected to be easily affected by viruses or be a malware. Another explanation is that this site was hacked before.

qotom.net gives several links pointed to http://www.minipc.vip/drivers. If you just visit http://www.minipc.vip/ you will see the file Q3XXG404.zip
Great, I will download them if qotom releases new BOIS.

Offline marjohn56

  • Sr. Member
  • ****
  • Posts: 545
  • Karma: +53/-2
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #586 on: December 06, 2017, 03:41:57 pm »
By the way, is dl.qotom.net really secure? Because I got warning from Chrome and Firefox and cannot download any files by them even I ignored the warning. I used other tools to download the file Q3XXG404.zip.

I haven't seen any file there is suspected to be easily affected by viruses or be a malware. Another explanation is that this site was hacked before.

qotom.net gives several links pointed to http://www.minipc.vip/drivers. If you just visit http://www.minipc.vip/ you will see the file Q3XXG404.zip

Very useful post, thanks Minge.

Hmm, minge has a 'meaning' in the U.K. are you aware of it? :)
pfSense 2.4.3 on Qotom Q355G4 or APU2C4 - Billion 8800NL (bridge) - ISP Zen U.K.
Please do not PM me for help. I have a life to live too.

Offline shred

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #587 on: December 08, 2017, 11:08:18 pm »
Oh yes, forgot to mention that the settings get cleared, not a major problem as I only have one drive in it and everything else I have left as default.

Hm, is there a way to confirm ME is actually disabled (mostly)? I flashed the BIOS per your instructions but I'm just wondering if it actually worked because my BIOS settings did not clear (i.e. they did not revert to default). It looked like everything flashed just fine though...

Also, out of curiosity, what CPU temps do you guys show in the BIOS?
« Last Edit: December 08, 2017, 11:33:58 pm by shred »

Offline marjohn56

  • Sr. Member
  • ****
  • Posts: 545
  • Karma: +53/-2
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #588 on: December 09, 2017, 02:38:52 am »
CPU temp is sitting at 41c, with no external fans, if I put the external fans on it drops to 31c.

Not without extracting the running Bios and running ME_Cleaner over it.

You can run ME_Cleaner over the 'cleaned' bios file though, that will show it has the naughty bits removed already.


pfSense 2.4.3 on Qotom Q355G4 or APU2C4 - Billion 8800NL (bridge) - ISP Zen U.K.
Please do not PM me for help. I have a life to live too.

Offline johnkeates

  • Hero Member
  • *****
  • Posts: 645
  • Karma: +52/-1
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #589 on: December 09, 2017, 06:22:52 am »
There is a way to check Intel ME status in the OS using "intelmetool". It attempts to communicate to the ME using it's interface (HECI iirc) and depending on the answer it gets it knows what the state is (i.e. "Ignition", "standby", "disabled" and "awake").

You'll have to compile it yourself: https://github.com/coreboot/coreboot/tree/master/util/intelmetool

Offline marjohn56

  • Sr. Member
  • ****
  • Posts: 545
  • Karma: +53/-2
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #590 on: December 09, 2017, 08:00:43 am »
New tool... Have you tried it John?
pfSense 2.4.3 on Qotom Q355G4 or APU2C4 - Billion 8800NL (bridge) - ISP Zen U.K.
Please do not PM me for help. I have a life to live too.

Offline johnkeates

  • Hero Member
  • *****
  • Posts: 645
  • Karma: +52/-1
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #591 on: December 09, 2017, 08:03:36 am »
New tool... Have you tried it John?

I did, and it does work. I have used most of the coreboot tools, mostly for inspecting running systems or basic firmware analysis. It's not much use from a modification standpoint, but just for reading/exploring it's great.

Offline marjohn56

  • Sr. Member
  • ****
  • Posts: 545
  • Karma: +53/-2
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #592 on: December 09, 2017, 08:21:19 am »
Have you tried it on a Qotom?
pfSense 2.4.3 on Qotom Q355G4 or APU2C4 - Billion 8800NL (bridge) - ISP Zen U.K.
Please do not PM me for help. I have a life to live too.

Offline johnkeates

  • Hero Member
  • *****
  • Posts: 645
  • Karma: +52/-1
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #593 on: December 09, 2017, 08:55:12 am »
Have you tried it on a Qotom?

I don't have one on hand, but I can run it on a remote one and share the binary. Most of the remote ones still have ME firmware enabled since they won't be flashed until the next service cycle.

Offline marjohn56

  • Sr. Member
  • ****
  • Posts: 545
  • Karma: +53/-2
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #594 on: December 09, 2017, 09:07:57 am »
If you can share the binary that would be good, save me from compiling it myself. :)
« Last Edit: December 09, 2017, 09:13:06 am by marjohn56 »
pfSense 2.4.3 on Qotom Q355G4 or APU2C4 - Billion 8800NL (bridge) - ISP Zen U.K.
Please do not PM me for help. I have a life to live too.

Offline shred

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #595 on: December 09, 2017, 11:49:49 am »
CPU temp is sitting at 41c, with no external fans, if I put the external fans on it drops to 31c.

Not without extracting the running Bios and running ME_Cleaner over it.

You can run ME_Cleaner over the 'cleaned' bios file though, that will show it has the naughty bits removed already.

Thatís the temp reading from the BIOS? Mine was showing around 54c and climbed up to about 59c after sitting for a bit. I was doing some research and it sounds like the CPU runs at 100% or at least the max clock speed while in the BIOS, so Iím assuming thatís why but if youíre seeing 41c in the BIOS then I think something is wrong with my setup. I even applied Arctic Silver thermal compound when I received my Qotom Q355G4 (Intel Core i5-5250U).

Iíll just trust the BIOS you posted are good to go. :) Itís just weird my BIOS settings didnít revert to default... I even flashed in twice. I do show the modified and original BIOS file sizes are identical though.
« Last Edit: December 09, 2017, 12:56:24 pm by shred »

Offline johnkeates

  • Hero Member
  • *****
  • Posts: 645
  • Karma: +52/-1
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #596 on: December 09, 2017, 07:19:10 pm »
Here is the Q330G4 (I think) standard UEFI firmware intelmetool report for ME:

Code: [Select]
Bad news, you have a `8 Series LPC Controller` so you have ME hardware on board and you can't control or disable it, continuing...

MEI found: [8086:9c3a] 8 Series HECI #0

ME Status   : 0x1e000245
ME Status 2 : 0x6000a306

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : YES
ME: Manufacturing Mode      : NO
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Normal
ME: Current Operation State : M0 with UMA
ME: Current Operation Mode  : Normal
ME: Error Code              : No Error
ME: Progress Phase          : Host Communication
ME: Power Management Event  : Clean Moff->Mx wake
ME: Progress Phase State    : Host communication established

ME: Extend SHA-256: 030227cb5e946355f991187f369388ee2db824d513e8947a7c5041d17a607679

ME: Firmware Version 10.0.1048.25 (code) 10.0.1048.25 (recovery) 10.0.1048.25 (fitc)

ME Capability: Full Network manageability                 : OFF
ME Capability: Regular Network manageability              : OFF
ME Capability: Manageability                              : OFF
ME Capability: Small business technology                  : OFF
ME Capability: Level III manageability                    : OFF
ME Capability: IntelR Anti-Theft (AT)                     : OFF
ME Capability: IntelR Capability Licensing Service (CLS)  : ON
ME Capability: IntelR Power Sharing Technology (MPC)      : OFF
ME Capability: ICC Over Clocking                          : ON
ME Capability: Protected Audio Video Path (PAVP)          : ON
ME Capability: IPV6                                       : OFF
ME Capability: KVM Remote Control (KVM)                   : OFF
ME Capability: Outbreak Containment Heuristic (OCH)       : OFF
ME Capability: Virtual LAN (VLAN)                         : ON
ME Capability: TLS                                        : OFF
ME Capability: Wireless LAN (WLAN)                        : OFF

Report for Boot Guard:
Code: [Select]
Bad news, you have a `8 Series LPC Controller` so you have ME hardware on board and you can't control or disable it, continuing...

MEI found: [8086:9c3a] 8 Series HECI #0

ME Status   : 0x1e000245
ME Status 2 : 0x6000a306

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : YES
ME: Manufacturing Mode      : NO
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Normal
ME: Current Operation State : M0 with UMA
ME: Current Operation Mode  : Normal
ME: Error Code              : No Error
ME: Progress Phase          : Host Communication
ME: Power Management Event  : Clean Moff->Mx wake
ME: Progress Phase State    : Host communication established

ME: Extend SHA-256: 030227cb5e946355f991187f369388ee2db824d513e8947a7c5041d17a607679

ME: Firmware Version 10.0.1048.25 (code) 10.0.1048.25 (recovery) 10.0.1048.25 (fitc)

ME Capability: Full Network manageability                 : OFF
ME Capability: Regular Network manageability              : OFF
ME Capability: Manageability                              : OFF
ME Capability: Small business technology                  : OFF
ME Capability: Level III manageability                    : OFF
ME Capability: IntelR Anti-Theft (AT)                     : OFF
ME Capability: IntelR Capability Licensing Service (CLS)  : ON
ME Capability: IntelR Power Sharing Technology (MPC)      : OFF
ME Capability: ICC Over Clocking                          : ON
ME Capability: Protected Audio Video Path (PAVP)          : ON
ME Capability: IPV6                                       : OFF
ME Capability: KVM Remote Control (KVM)                   : OFF
ME Capability: Outbreak Containment Heuristic (OCH)       : OFF
ME Capability: Virtual LAN (VLAN)                         : ON
ME Capability: TLS                                        : OFF
ME Capability: Wireless LAN (WLAN)                        : OFF
Bad news, you have a `8 Series LPC Controller` so you have ME hardware on board and you can't control or disable it, continuing...

ME Capability: BootGuard                                  : OFF

Your system isn't bootguard ready. You can flash other firmware!

The compiled binary should be FreeBSD 11.1 compatible, you can get it here: https://www.dropbox.com/s/p0doypoyqavigtu/intelmetool?dl=0

The file is: ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 11.1, FreeBSD-style, not stripped

SHA256 sum (to make sure you don't download a malware version): b17455d9fa87bacdc0c1536fc08c95d4031efd200024c6f60d26b8b544b8a71d

It needs PCI access, and I have set it to use PCI_ACCESS_FBSD_DEVICE which means it uses /dev/pci which might need root access (so the tool may not work for a normal user).

For ME I run it with: ./intelmetool -m
For Boot GuardL ./intelmetool -b

For people that want to compile their down, get the sources from: https://github.com/coreboot/coreboot
You will need a normal FreeBSD install as you cannot really compile stuff well on pfSense (as it's really not intended for that sort of stuff).
At a minimum you probably need:

- git
- gmake
- pciutils

and make a few changes once you cloned the repository:

Code: [Select]
diff --git a/util/intelmetool/intelmetool.c b/util/intelmetool/intelmetool.c
index 0b0e509bcc..c33fc03b88 100644
--- a/util/intelmetool/intelmetool.c
+++ b/util/intelmetool/intelmetool.c
@@ -121,7 +121,7 @@ static int pci_platform_scan(void)
        const char *name;
 
        pacc = pci_alloc();
-       pacc->method = PCI_ACCESS_I386_TYPE1;
+       pacc->method = PCI_ACCESS_FBSD_DEVICE;
 
        pci_init(pacc);
        pci_scan_bus(pacc);
@@ -221,7 +221,7 @@ static struct pci_dev *pci_me_interface_scan(const char **name, char *namebuf,
        int me = 0;
 
        pacc = pci_alloc();
-       pacc->method = PCI_ACCESS_I386_TYPE1;
+       pacc->method = PCI_ACCESS_FBSD_DEVICE;
 
        pci_init(pacc);
        pci_scan_bus(pacc);
diff --git a/util/intelmetool/me.c b/util/intelmetool/me.c
index 6517022c64..76c16c0c81 100644
--- a/util/intelmetool/me.c
+++ b/util/intelmetool/me.c
@@ -18,7 +18,6 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include <sys/io.h>
 #include <assert.h>
 #include <unistd.h>
 
diff --git a/util/intelmetool/rcba.c b/util/intelmetool/rcba.c
index fcc9bc59c9..7385836203 100644
--- a/util/intelmetool/rcba.c
+++ b/util/intelmetool/rcba.c
@@ -29,7 +29,7 @@ static u32 get_rcba_phys(void)
        uint32_t rcba_phys;
 
        pacc = pci_alloc();
-       pacc->method = PCI_ACCESS_I386_TYPE1;
+       pacc->method = PCI_ACCESS_FBSD_DEVICE;
 
        pci_init(pacc);
        pci_scan_bus(pacc);

Then you can just 'gmake' in the utils/intelmetool directory to get the binary.
« Last Edit: December 09, 2017, 07:22:55 pm by johnkeates »

Offline marjohn56

  • Sr. Member
  • ****
  • Posts: 545
  • Karma: +53/-2
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #597 on: December 10, 2017, 02:28:36 am »
CPU temp is sitting at 41c, with no external fans, if I put the external fans on it drops to 31c.

Not without extracting the running Bios and running ME_Cleaner over it.

You can run ME_Cleaner over the 'cleaned' bios file though, that will show it has the naughty bits removed already.

Thatís the temp reading from the BIOS? Mine was showing around 54c and climbed up to about 59c after sitting for a bit. I was doing some research and it sounds like the CPU runs at 100% or at least the max clock speed while in the BIOS, so Iím assuming thatís why but if youíre seeing 41c in the BIOS then I think something is wrong with my setup. I even applied Arctic Silver thermal compound when I received my Qotom Q355G4 (Intel Core i5-5250U).

Iíll just trust the BIOS you posted are good to go. :) Itís just weird my BIOS settings didnít revert to default... I even flashed in twice. I do show the modified and original BIOS file sizes are identical though.

System->Advanced->PowerD Enable and set Adaptive. It will then use speed-stepping.
pfSense 2.4.3 on Qotom Q355G4 or APU2C4 - Billion 8800NL (bridge) - ISP Zen U.K.
Please do not PM me for help. I have a life to live too.

Offline shred

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #598 on: December 10, 2017, 03:12:40 am »
CPU temp is sitting at 41c, with no external fans, if I put the external fans on it drops to 31c.

Not without extracting the running Bios and running ME_Cleaner over it.

You can run ME_Cleaner over the 'cleaned' bios file though, that will show it has the naughty bits removed already.

Thatís the temp reading from the BIOS? Mine was showing around 54c and climbed up to about 59c after sitting for a bit. I was doing some research and it sounds like the CPU runs at 100% or at least the max clock speed while in the BIOS, so Iím assuming thatís why but if youíre seeing 41c in the BIOS then I think something is wrong with my setup. I even applied Arctic Silver thermal compound when I received my Qotom Q355G4 (Intel Core i5-5250U).

Iíll just trust the BIOS you posted are good to go. :) Itís just weird my BIOS settings didnít revert to default... I even flashed in twice. I do show the modified and original BIOS file sizes are identical though.

System->Advanced->PowerD Enable and set Adaptive. It will then use speed-stepping.

Iím actually running Sophos XG on this Qotom device but I was just curious about the BIOS temps. I ended up taking the Qotom device apart and reapplying the thermal paste just to make sure I didnít mess it up the first time. After powering everything back on, temps in the BIOS were showing 43c and after letting it sit for about 5-10 mins, slowly climbed to 54c. I ran a live version of Ubuntu and used ďcat /sys/class/thermal/thermal_zone*/tempĒ in the terminal and itís showing 33c at idle. So for anyone else that sees your temp in the BIOS, donít be alarmed if it seems high as it appears to be running at max clock speeds when in the BIOS.

Offline marjohn56

  • Sr. Member
  • ****
  • Posts: 545
  • Karma: +53/-2
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #599 on: December 10, 2017, 04:42:52 am »
@johnkeates

So it is 11.1 compat, just needed to instal libpci,

OK, this is the output from my intelmetool  on my live system. Looks fine I think.

Code: [Select]
/usr/bin: ./intelmetool -m
MEI found: [8086:9cba] Wildcat Point-LP MEI Controller #1

ME Status   : 0x1e000245
ME Status 2 : 0x6600a306

ME: FW Partition Table      : OK
ME: Bringup Loader Failure  : NO
ME: Firmware Init Complete  : YES
ME: Manufacturing Mode      : NO
ME: Boot Options Present    : NO
ME: Update In Progress      : NO
ME: Current Working State   : Normal
ME: Current Operation State : M0 with UMA
ME: Current Operation Mode  : Normal
ME: Error Code              : No Error
ME: Progress Phase          : Host Communication
ME: Power Management Event  : Pseudo-global reset
ME: Progress Phase State    : Host communication established

ME: Extend SHA-256: 030227cb5e946355f991187f369388ee2db824d513e8947a7c5041d17a607679

ME: Firmware Version 10.0.1048.25 (code) 10.0.1048.25 (recovery) 10.0.1048.25 (fitc)

ME Capability: Full Network manageability                 : OFF
ME Capability: Regular Network manageability              : OFF
ME Capability: Manageability                              : OFF
ME Capability: Small business technology                  : OFF
ME Capability: Level III manageability                    : OFF
ME Capability: IntelR Anti-Theft (AT)                     : OFF
ME Capability: IntelR Capability Licensing Service (CLS)  : ON
ME Capability: IntelR Power Sharing Technology (MPC)      : OFF
ME Capability: ICC Over Clocking                          : ON
ME Capability: Protected Audio Video Path (PAVP)          : ON
ME Capability: IPV6                                       : OFF
ME Capability: KVM Remote Control (KVM)                   : OFF
ME Capability: Outbreak Containment Heuristic (OCH)       : OFF
ME Capability: Virtual LAN (VLAN)                         : ON
ME Capability: TLS                                        : OFF
ME Capability: Wireless LAN (WLAN)                        : OFF
« Last Edit: December 10, 2017, 04:46:02 am by marjohn56 »
pfSense 2.4.3 on Qotom Q355G4 or APU2C4 - Billion 8800NL (bridge) - ISP Zen U.K.
Please do not PM me for help. I have a life to live too.