Contribute
Register

[Guide] Install High Sierra or Mojave on the Dell Optiplex 7010 / 9010 Desktop PC - Revision II

Status
Not open for further replies.
I opened up the box and it says ME Lockout 6 on the sticker and CTRL-P does not work. So it appears IMEI isn’t available and also not showing in Clover boot logs.
6 means that it has been disabled from the factory. It's done for security reasons.

Is there any way you can return this to the seller and get one with a 1 on the sticker ?
You can also simply buy a USFF replacement mobo and install it yourself.


It should look like this if Intel ME/AMT is enabled:

AMT_DASH_VPRO: DEFAULT
1


It is generally agreed that Intel ME cannot be disabled. At least Intel says that. I think that the Dell you got was probably from some govt. agency that needed the highest level of security so Dell sold it with that disabled. Intel obviously has a way to disable it since they created it. It's kept secret from the general public.

Here's what HTG site says:
You can’t disable the Intel ME. Even if you disable Intel AMT features in your system’s BIOS, the Intel ME coprocessor and software is still active and running. At this point, it’s included on all systems with Intel CPUs and Intel provides no way to disable it.
 
Last edited:
6 means that it has been disabled from the factory. It's done for security reasons.

Is there any way you can return this to the seller and get one with a 1 on the sticker ?
You can also simply buy a USFF replacement mobo and install it yourself.


It should look like this if Intel ME/AMT is enabled:

AMT_DASH_VPRO: DEFAULT
1

Thank you for your detailed reply, I really appreciate it.

Unfortunately I was unaware of the ME lockout issue, and I am stuck with this unit as it’s been about a year since I bought it on eBay used.

The motherboard idea is excellent! Do you have any idea if the motherboard has the lockout applied? It seems like this sticker is usually on the PC case the computer came from. I can ask the seller I suppose.


It would be good for those who are considering the used Dell 7010 route and want to use HD4000 with full acceleration to be aware of this limitation. Maybe we can add this to the guide? Preliminary 3 doesn’t really explain that without ME you can’t get HD4000 to work.

( I have another Dell 7010 MT which appears to be fine (Metal is available), couldn’t find any sticker on the case. I’m using that one as a headless box though. )
 
It seems like this sticker is usually on the PC case the computer came from. I can ask the seller I suppose.
I don't think the seller will know what the sticker had on it. They've only got the board which was removed from the case a long time ago by a tech.

The odds are pretty low that you would receive one with ME completely disabled. I've actually only heard your one report of someone getting a ME lockout 6 on their Dell. More often you'll see a 3 which means that just AMT is disabled. For those that don't know, AMT is a remote management feature of Intel ME. It's one subset of ME that you can turn off in the BIOS in the HP Elite and Pro systems they sell to businesses. It's not an option on the Dell Optiplex.

So even in the rare chance you'd have the same problem and get a 6, just return it within 30 days of purchase. Easy to ship a motherbard. Let us know if the next one you get works or not. If you get another 6 that would be interesting. Probably have a much higher chance of getting a 1 instead of 6.

If you read the HowtoGeek article you know that the AMT feature is just for Business PCs. While modern Macs with Intel CPUs do also have the Intel ME, they do not include Intel AMT. So a hackintosh really has no need for AMT to be enabled. Real Macs can't utilize it because it's not even possible to. All PCs sold to consumers have AMT disabled from the factory. It just happens that these Dell Optiplexes are sold primarily to business customers when they're new. That's why AMT is enabled most of the time.

If you get a Dell with a 3 instead of a 1 on that white sticker inside the side panel, it's actually the best scenario. Dell didn't give us the option of disabling AMT via the BIOS. There are lots of security features there, way more than for any consumer PC. It's because many of these are sold to government agencies and corporations that need high level security.

Dell never had hackintoshing in mind when they built these ! Look at everything under security in the Dell 9020 BIOS. There are 15 entries under the Security tab not including Secure Boot. I don't even understand how many of these security features function but don't really care. Don't use any of them.

20191019_082657 2.jpg
 
Last edited:
Another post I found mentions the exact same symptoms of unreliable HD4000 acceleration:

There might be a way to enable ME (see referred link to win-raid site), but it looks complex and not clear exactly what tools are required.

Once again thanks for the help and responses. I think the MB route is easiest, will let you know what happens.
 
Once again thanks for the help and responses. I think the MB route is easiest, will let you know what happens.
I have changed the MEBx section to now say:
If you see the number 6 & ME Lockout it has been factory disabled. These will not work well if you want to use HD4000 graphics. Return or exchange it immediately. It will cause problems with graphics acceleration that are not fixable.
 
I don't intend to go off topic here but this is really interesting. Google wants to completely get rid of Intel ME. MINIX simply stands for a "mini unix" operating system. It's what is running all the time on every Intel based computer. This is why for security reasons, you should be running the most current BIOS version with included patches for IME security holes.

Google wants to remove MINIX from its internal servers
According to Google, which is actively working to remove Intel’s Management Engine (MINIX) from their internal servers (for obvious security reasons), the following features exist within Ring -3:
  • Full networking stack
  • File systems
  • Many drivers (including USB, networking, etc.)
  • A web server
That’s right. A web server. Your CPU has a secret web server that you are not allowed to access, and, apparently, Intel does not want you to know about.

Why on this green Earth is there a web server in a hidden part of my CPU? WHY?

The only reason I can think of is if the makers of the CPU wanted a way to serve up content via the internet without you knowing about it. Combine that with the fact that Ring -3 has 100 percent access to everything on the computer, and that should make you just a teensy bit nervous.

The security risks here are off the charts — for home users and enterprises. The privacy implications are tremendous and overwhelming.

Note to Intel: If Google doesn’t trust your CPUs on their own servers, maybe you should consider removing this “feature.” Otherwise, at some point they’ll (likely) move away from your CPUs entirely.

Note to AMD: Now might be a good time to remove similar functionality from your CPU lines to try to win market share from Intel. Better to do so now before Intel removes the “Management Engine.” Strike while the iron’s hot and all that.

Note to Andrew Tanenbaum: Your operating system, MINIX, is now one of the most used on modern computers! That’s kinda cool, right?

Note to everyone else: We’re all MINIX users now.

From:
 
Graphics Card for your Dell Optiplex 7010 Mini Tower

Sapphire Pulse RX 570 4GB

This card from Newegg.com is the best bang for your buck. Much better than the RX560 which is now hard to get and over priced. This will not block your Sata Ports or the USB 3 header on your motherboard. Price is low too. Make sure you upgrade your Dell PSU to one that is 450W or better. Modular is best. These are 70 dollars less than the MSI RX 560 4GB cards that are for sale new on Newegg. This will have macOS native support much longer than the Nvidia Kepler cards.

https://www.newegg.com/sapphire-radeon-rx-570-100412p4gitxl/p/N82E16814202311?

14-202-311-V05.jpg
$129.99 at Newegg

Look at the price of a used MSI RX560 4GB on Amazon right now:

Screen Shot 13.jpg
 
Last edited:
Last edited:

You can also simply buy a USFF replacement mobo and install it yourself.

I have a replacement mobo and before I install it wanted to check— will this mean my UEFI nvram is lost or is there a way to save and install the same nvram settings so my install still boots? Or is enough changed that I might be facing a reinstall?
 
Status
Not open for further replies.
Back
Top