Netgate SG-1000 microFirewall

Author Topic: Is it a "must do" for using me_cleaner to patch a BOIS rom of a firewall  (Read 334 times)

0 Members and 1 Guest are viewing this topic.

Offline newabc

  • Jr. Member
  • **
  • Posts: 29
  • Karma: +0/-0
    • View Profile
Someone mentions intel sa-00075 and sa-00086 issues of Intel Management Engine(ME or IME). For the security of a firewall, is it a must to make Management Engine not functioning?

By looking into me_cleaner's wiki, I found that the most possibly  successful way to use it and flash it is to buy a same model of your BOIS chip or UEFI chip, flash this chip with modified rom, and replace the original chip on motherboard with this chip.

By the way, some useful links:
me_cleaner in github:
https://github.com/corna/me_cleaner

How does me_cleaner work:
https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F

How to apply me_cleaner:
https://github.com/corna/me_cleaner/wiki/How-to-apply-me_cleaner

External flashing:
https://github.com/corna/me_cleaner/wiki/External-flashing
« Last Edit: November 30, 2017, 02:08:16 pm by newabc »

Offline Hugovsky

  • Full Member
  • ***
  • Posts: 265
  • Karma: +6/-0
    • View Profile
Re: Is it a "must do" for using me_cleaner to patch a BOIS rom of a firewall
« Reply #1 on: December 01, 2017, 11:28:13 am »
What hardware do you have? will you try it?

Offline marjohn56

  • Sr. Member
  • ****
  • Posts: 544
  • Karma: +52/-2
    • View Profile
Re: Is it a "must do" for using me_cleaner to patch a BOIS rom of a firewall
« Reply #2 on: December 02, 2017, 02:08:21 am »
It's not a 'must', but anything that reduces risk is worth doing.

We have just carried this out on the Qotom G355G4, see the Qotom thread.

It was very easy to do. As you said, find a copy of your existing bios, run it through me_cleaner and check that it says All OK and Good Luck, then just flash your bios with the modded bios.

Of course, you run the risk of breaking your device, so it's best to have an external programmer you can lay your hands on that you can use to restore the bios if it all goes pear shaped.
pfSense 2.4.3 on Qotom Q355G4 or APU2C4 - Billion 8800NL (bridge) - ISP Zen U.K.
Please do not PM me for help. I have a life to live too.

Offline newabc

  • Jr. Member
  • **
  • Posts: 29
  • Karma: +0/-0
    • View Profile
Re: Is it a "must do" for using me_cleaner to patch a BOIS rom of a firewall
« Reply #3 on: December 03, 2017, 10:14:03 pm »
It's not a 'must', but anything that reduces risk is worth doing.

We have just carried this out on the Qotom G355G4, see the Qotom thread.

Yes. Greatly appreciate this message: "anything that reduces risk is worth doing".

I have a Qotom G355G4 too, and a Atom D525 box will be changed to C3xxx or 7th or 8th generation i3/i5 when pfsense 2.5 is available.