WARNING: the steps described below can and will brick your machine if performed improperly, make sure to always have a backup of your SPI Flash and a way to recover from a bad flash. Additionally, this will void your warranty.

Some machines of the exact same model and configuration are sold with and without AMT. In this case, AMT may in fact exist but simply be disabled in the Intel ME (Management Engine) configuration from factory.

At Dell, these systems are identified by a code 3 DISABLE instead of a code 1 ENABLE sticker. When ordering a machine, you can sometimes choose between Intel Management Engine disabled and Intel Management Engine with vPro, the former corresponding to 3 DISABLE and the latter to 1 ENABLE. Note that even with 3 DISABLE the Intel Management Engine stays enabled unlike what Dell seems to imply, only the Intel AMT feature is disabled.

When this is the case, the Manageability menu under the UEFI Setup will be missing.

There is no simple straightforward 1-button click solution to enable it back since it has been permanently disabled from factory.

System firmware modification

However, it is possible to edit the Intel ME region inside the firmware, the difficulty to do so will depend on the generation of the machine, since it is required to modify the system firmware.

The system firmware EEPROM, often called BIOS although the BIOS is now replaced by UEFI, also contains other things as well, such as the ME firmware we are interested in. For more details, you can check this extensive documentation: https://github.com/ISpillMyDrink/UEFI-Repair-Guide/wiki. It is, however, not necessary to understand these details here.

Access to the system firmware from the operating system is restricted due to the configuration of the Flash Descriptor (stored at the beginning of the system firmware). In particular, write access to ME region is disabled, and read access to some other pages is also disabled on Dell systems.

Therefore, we cannot easily modify the system firmware to change the Intel ME configuration. Doing so generally requires flashing the system SPI Flash with an external programmer.

However, on some Dell desktops a Service Mode jumper is present to bypass these restrictions, and be able to dump/flash the SPI Flash from the operating system using flashrom

Dump the system firmware

Service Mode jumper

The service mode jumper is a 3-pin header on some Dell desktop motherboards, that by default has no effect (Flash Descriptor locks various region of the system firmware), but when enable bypass the Flash Descriptor restrictions, among other things (Intel ME is partially disabled).

This is done using an Intel chipset feature called "Flash Descriptor Security Override", which consists in pulling up the HDA_SDO signal that typically connects to the audio codec but also doubles as a hardware strap.

However, one major change that happened around the release of Intel 10th Generation Core processors from Dell is the removal of the Service Mode jumper from the motherboard. Therefore, it is much more difficult to obtain full Flash access. It is possible that Dell moved the strap to a different header without documenting it, but without schematics for these boards it would require some reverse engineering.

In this case, we will then use an external programmer.

For more information, you can read this article: https://winraid.level1techs.com/t/guide-unlock-intel-flash-descriptor-read-write-access-permissions-for-spi-servicing/32449

Using flashrom with Service Mode jumper

Note that each machine will have different content in the SPI Flash (serial number, Windows license among others) so it is not possible to work with a single dump, you have to perform these steps on every machine to unlock. An alternative would be to flash back only the ME region, this possibility is not covered here.

First, turn off the machine and set the Service Mode jumper to the enable position. Refer to the service manual of the machine if you cannot find it. If there is no mention of Service Mode, it may not exist on you machine.

Turn on the machine and install flashrom, e.g. on Ubuntu 22.04:

sudo apt install flashrom

Perform a full dump of the SPI Flash:

sudo flashrom --programmer internal SPI_Flash_dump.bin

If Flash access has been unlocked successfully, no warning about locked region should appear.

In some cases, if you encounter mmap() errors, it may be necessary to add iomem=relaxed to your kernel command line.

Using an external programmer without Service Mode jumper

Take a look at https://www.badcaps.net/forum/showthread.php?t=103526.

There are many external programmers available and many ways to perform it. While using the CH341A with a clip may sound the easiest and the cheapest way to do so, it is also generally the most prone to errors.

I personally use a TL866 II+ and always desolder the SPI Flash IC to put it either in a socket or on an adapter board.

Note that on modern Dell desktops, the SPI Flash is in a SOIC16 package, not in the much more common SOIC8 package.

Always make sure to dump 3 times and compare the result. Make sure the resulting file does not mostly contain 0x00 or 0xFF, which would indicate that the Flash is not being read properly.

Also make sure to unplug the machine from any source of power.

Clean ME region and modify its configuration

It is necessary to clean the ME region from the dumped Flash in order to be able to edit the ME configuration.

First, open the dumped file in MEAnalyzer to get information about the Management Engine version and SKU as well as the Intel Flash Image Tool version.

Also open the dumped file in UEFITool-NE to make sure there is no blatant parsing errors.

Follow the guide at: https://winraid.level1techs.com/t/guide-clean-dumped-intel-engine-cs-me-cs-txe-regions-with-data-initialization/31277

Note that Intel Flash Image Tool is a Windows application and may not run under Wine properly, so it is recommended to use a Windows virtual machine.

After opening the dump in Intel Flash Image Tool, you have to change the Intel AMT parameters before saving the configuration.

In the Intel(R) AMT tab, enable Intel(R) AMT Supported, Intel(R) ME Network Services Supported, Manageability Application Supported, Manageability Application initial power-up stage and KVM Redirection Supported. Set Intel(R) AMT Idle Timeout to 0xFFFF (this may not be required).

Once this is done, save the configuration, close Intel Flash Image Tool, replace the ME region by an uninitialized one as explained in the guide above. Run Intel Flash Image Tool again and open back the previously saved confiuration then build the image.

Open the resulting outimage.bin file in MEAnalyzer and UEFITool-NE to make sure everything looks good.

You can then flash the new firmware image to the SPI Flash.

Flash the system firmware

Using flashrom with Service Mode jumper

Run:

flashrom --programmer internal -w outimage.bin

Make sure the SPI Flash content is verified properly.

Turn off the machine, unplug it entirely from power (required to reset the ME) and wait for a few seconds.

You can put the Service Mode jumper back to its original position.

Using an external programmer without service mode jumper

See the remarks above about working with an external programmer

Enable AMT

Turn on the machine and immediately enter the UEFI setup to enable Intel AMT in the Manageability menu.