MSI Pro Z690-A WiFi DDR4 with Alder Lake 12900K

You can disable Intel Management Engine by manually setting the bit a 0x1DE, which should be possible using flashrom with the internal programmer.

Keep in mind, doing this incorrectly can brick the board unless you have an external programmer. I have been able to flash the chip with the ch341a_spi, but it requires a special wson probe to interface with the chip.

I have done it on my system, and it removes mei from lsmod and device reference in /sys/class/mei. It’s been running for some hours now, so I believe it’s stable. The onboard wifi seems to need mei to work, and disabling mei makes the onboard wifi stop working.

I have only tested it with Dasharo, and it might not work with the stock MSI firmware. I’ve seen one person say it makes the stock firmware boot loop, which could be some protection in the msi firmware that detects the modification.

For more info.

Found one major issue with disabling mei, suspending the system no longer works and cash the system to the point it’s unable to boot normally.

The only way to boot the system after suspend is shorting the JBAT1 jumper to reset the CMOS.

Dasharo 1.1.0 has been released for the Z690

It’s now possible to disable ME as a firmware feature, among other things.

https://docs.dasharo.com/variants/msi_z690/releases/

v1.1.0 - 2022-11-22

Added

• Vboot recovery popup informing that platform has booted in recovery mode
• TCG2 TPM Physical Presence Interface support
• Support for DDR5 board variant
• PS/2 Controller enable/disable option
• Chipset watchdog support during boot and watchdog configuration menu
• Early boot DMA protection
• Option to reset Secure Boot keys to defaults
• Intel ME disable support and menu options
• Dasharo setup password
• SED/OPAL disk password support
• SATA disk password
• Firmware performance reporting
• USB stack and mass storage enable/disable option
• Network Boot enable/disable option
• SMM BIOS Write Protection support and enable/disable option
• AcpiView command to UEFI Shell
• Platform will beep 12 times and blink HDD led on critical firmware errors, e.g. if memory training failed
• PCIe 5.0 firmware caching in flash which allows to disable ME without losing PCIe 5.0 port functionality
• cbmem logging from UEFI Payload is now supported and one can check complete firmware logs from OS using coreboot’s cbmem utility
• Added Intel default settings for missing Alder Lake S CPUs

Changed

• Added new ACPI Platform driver that installs coreboot exposed ACPI tables and all allows native EDK2 ACPI table protocol to install new tables, e.g. Firmware Performance Data Table, BGRT (Boot Logo) of VFCT (AMD GPU ACPI table)
• Secure Boot is now disabled by default with all keys erased
• iPXE is now built from source using coreboot-sdk and included externally into UEFI Payload
• Dasharo setup menu full screen mode support
• Disabled PCIe ASPM and Clock PM for better PCIe device compatibility
• Disabled GPIO programming by FSP, coreboot handles the GPIO completely. This additionally fixes a bug in FSP which did not enable SATA DEVSLP properly.
• Changed Super I/O pin for PECI mode to reflect vendor firmware setting
• Switched from IOT FSP to public ADL Client FSP
• Switched to include microcode from public Intel microcode repository
• Disabled PCIe hotplug
• Network boot disabled by default, now configurable via menu option

Fixed

• Vboot recovery popup is displayed before logo, so that logo do not disappear after popup is displayed
• Wrong Tau values from Turbo Boost
• PCI Express OptionROM loading causing certain dGPU cards to not work during POST
• PS/2 keyboard detection and inclusion to platform Console Input causing long delays in Ventoy or lockups in USB enumeration
• Incorrect USB2 PHY tuning values for USB-C ports causing hard USB controller lockups during USB enumeration and resulting in firmware hangs as long as USB Type-C devices were plugged or devices being unable to detect and enumerate in OS
• Broken PCI resource parsing above 4G
• Incorrect SMBIOS product name for non-WiFi variants
• USB storage devices disappear after reboot/power failure

Known issues

• MSI FLASHBIOS feature is not working
• MMIO resource allocation issues with two Video Cards
• Slow video performance with Radeon 5600XT

Everything works in 4.2

Qubes-HCL-Micro_Star_International_Co___Ltd_-MS_7D25-20230910-125833.yml (1.0 KB)

layout:
  'hcl'
type:
  'Desktop'
hvm:
  'yes'
iommu:
  'yes'
slat:
  'yes'
tpm:
  'unknown'
remap:
  'yes'
brand: |
  Micro-Star International Co., Ltd.
model: |
  MS-7D25
bios: |
  Dasharo (coreboot+UEFI) v1.1.2
cpu: |
  12th Gen Intel(R) Core(TM) i9-12900K
cpu-short: |
  FIXME
chipset: |
  Intel Corporation 12th Gen Core Processor Host Bridge/DRAM Registers [8086:4660] (rev 02)
chipset-short: |
  FIXME
gpu: |
  Intel Corporation AlderLake-S GT1 [8086:4680] (rev 0c)
  
  NVIDIA Corporation GP106 [GeForce GTX 1060 3GB] [10de:1c02] (rev a1) (prog-if 00 [VGA controller])
gpu-short: |
  FIXME
network: |
  Intel Corporation Alder Lake-S PCH CNVi WiFi [8086:7af0] (rev 11)
  Intel Corporation Ethernet Controller I225-V [8086:15f3] (rev 03)
memory: |
  65373
scsi: |
  ST3000DM001-1ER1 Rev: CC25
  ST3000DM001-1CH1 Rev: CC47
usb: |
  5
certified:
  'no'
versions:
  - works:
      'FIXME:yes|no|partial'
    qubes: |
      4.2.0-rc3
    xen: |
      4.17.2
    kernel: |
      6.4.7-1
    remark: |
      FIXME
    credit: |
      FIXAUTHOR
    link: |
      FIXLINK

Thank you @renehoj for this update, which is online now!

Is this the right place to ask about PS/2 Y-cables for the Z690 with Dasharo? MSI sells some PS/2 Y-cables along with their motherboards:

(This link has the part number K39-3002004-E06)

So far 2 Y-cables do not work for me, using 2 different PS/2 keyboards and 2 different PS/2 mice.
Is there a known working Y-cable?

I read that different PS/2 Y-cables can have different pinouts (PS/2 Port - ThinkWiki)

Thank you.