Intel (Converged Security) Management Engine: Drivers, Firmware and Tools (2-15)

Intel ME System Tools v11.6 r9

Intel MEI v11.7.0.1010 for Corporate systems Drivers & Software

Intel ME 11.6 Corporate PCH-LP Firmware 11.6.25.1229_COR_LP_C0_UPDM1_PRD_RGN.bin

ME_Analyzer_v1.10.2_UPDM1_PRD_RGN.png

Intel ME 11.6 Consumer PCH-H Firmware v11.6.25.1229 (EXTR → RGN)

I am looking for people with 11.6 Consumer LP systems who are able to restore from bad flashes via hardware methods (programmer, dual BIOS with unlocked Flash Descriptors etc) in order to test 11.7 firmware.

Intel Management Engine Interface (MEI) Version 11.7.0.1010 WHQL (Consumer)


hi, maybe i can help, my mobo is gigabyte GA-Z270M-D3H
http://www.gigabyte.com/Motherboard/GA-Z…v-10#support-dl

Actual IME image


BIOS and IME on it

You cannot. I’m looking for PCH-LP, not PCH-H.

Intel ME 11.0 Corporate PCH-LP Firmware v11.0.24.1000

Capture.PNG



Also, is there anyone with 11.6 Consumer LP system who is able to restore from bad flashes (programmer, dual BIOS etc) in order to help me test 11.7 firmware?

A new ME firmware for Intel 100/200 series consumer boards:
Intel Management Engine (ME) Firmware Version 11.7.0.1229 (S & H) (1.5MB)
http://www.station-drivers.com/index.php…id=2819&lang=en



Edit: not for use on Intel 100 series Skylake boards, unless it’s already been updated to a Kabylake-compatible firmware.
Edit: successfully flashed my GIGABYTE - GA-Z170MX-Gaming 5 (rev. 1.0) board’s F21 Kabylake bios to updated ME firmware 11.7.0.1229.

After having successfully flashed the new IntelME Consumer Firmware v11.7.0.1229 (CON H, 1.5MB) into the BIOS of my ARock Z170 mainboard, I can confirm the report posted by rvail623.
Here are the related MEInfo reports I got before (left Pic) and after (right Pic) the Firmware flash procedure using the tool FWUpdLcl64.exe:

MEInfo before FW flash.png

MEInfo after FW flash.png

Just to be sure, Intel ME 11.6 Consumer PCH-H Firmware v11.6.25.1229 is for Intel Skylake 6500 no?

To be sure, you did not read the first post at all, if you ask such a question.

I have PCH_LP Consumer and flashed 11.7.0.1229 LP firmware successfully . I flashed ME_11.7_Consumer_C0_LP_Production.bin ( there was also this firmware file:ME_11.7_Consumer_C0_LP_Power_Down_Mitigation_Production)

I have 100 series (Skylake) … Consumer LP



Intel(R) MEInfo Version: 11.6.25.1229
Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.



Intel(R) ME code versions:

BIOS Version D3CN35WW
MEBx Version 11.0.0.0005
GbE Region does not exist.
GbE Version Unknown
Vendor ID 8086
PCH Version 21
FW Version 11.7.0.1229 LP
LMS Version 11.7.0.1010
MEI Driver Version 11.7.0.1002
Wireless Hardware Version 2.1.77
Wireless Driver Version 19.50.1.5

FW Capabilities 0x31111240

Intel(R) Capability Licensing Service - PRESENT/ENABLED
Protect Audio Video Path - PRESENT/ENABLED
Intel(R) Dynamic Application Loader - PRESENT/ENABLED
Intel(R) Platform Trust Technology - PRESENT/ENABLED

TLS Disabled
Last ME reset reason Firmware reset
Local FWUpdate Enabled
BIOS Config Lock Enabled
GbE Config Lock Enabled
Host Read Access to ME Disabled
Host Write Access to ME Disabled
Host Read Access to EC Disabled
Host Write Access to EC Disabled
SPI Flash ID 1 EF4018
SPI Flash ID 2 Unknown
BIOS boot State Post Boot
OEM ID 00000000-0000-0000-0000-000000000000
Capability Licensing Service Enabled
OEM Tag 0x00000000
Slot 1 Board Manufacturer 0x00000000
Slot 2 System Assembler 0x00000000
Slot 3 Reserved 0x00000000
M3 Autotest Disabled
C-link Status Disabled
Independent Firmware Recovery Disabled
EPID Group ID 0xF85
LSPCON Ports None
5K Ports None
OEM Public Key Hash FPF 0000000000000000000000000000000000000000000000000000000000000000
OEM Public Key Hash ME 0000000000000000000000000000000000000000000000000000000000000000
ACM SVN FPF 0x0
KM SVN FPF 0x0
BSMM SVN FPF 0x0
GuC Encryption Key FPF 0000000000000000000000000000000000000000000000000000000000000000
GuC Encryption Key ME 0000000000000000000000000000000000000000000000000000000000000000

FPF ME
— –
Force Boot Guard ACM Disabled Disabled
Protect BIOS Environment Disabled Disabled
CPU Debugging Enabled Enabled
BSP Initialization Enabled Enabled
Measured Boot Disabled Disabled
Verified Boot Disabled Disabled
Key Manifest ID 0x0 0x0
Enforcement Policy 0x0 0x0
PTT Enabled Enabled
PTT Lockout Override Counter 0x0
EK Revoke State Not Revoked
PTT RTC Clear Detection FPF 0x0


Intel ME 11.7 Consumer PCH-H Firmware v11.7.0.1229
Intel ME 11.7 Consumer PCH-LP Firmware v11.7.0.1229


Capture.PNG



Intel ME System Tools v11.6 r10

Note: ME 11.7 firmware targets 100/200-series (SPT/KBP) systems and adds support for KabyLake Refresh (KBL-R) processors.

I was using the link posted by atomota - I get a prompt that says illegal download. I am looking for MEI 11.7.0.1002 and cant get it.
Can someone please post a link if you have it. Thanks,

MEI 11.7.0.1002 needed badly.PNG

What about looking into the start post of this thread? Your desired "pure" Intel ME driver v11.7.0.1002 and the complete Intel ME Installer Set v11.7.0.1010 are available there.

I’m Consumer LP(i5-6200U).I have tried to flash from 11.6.25.1229 to 11.7.0.1229(YPDM) provided at the first page.No error or malfunctioning at all by now.
Indeed, my notebook(HP 15q aj109TX)was shipped with version 11.0.0.1160. I first tried to upgrade it to 11.0.16.1000, then 11.0.18.1002, then 11.6.25.1229, and then 11.7.0.1229. All without any error and went as smooth as it should be.BTW, these are all done with fwlcl64.
Sorry for my poor English.

thx, i update my GA-Z270M-D3H (rev. 1.0) (Z270 Chipset) from 11.6.25.1229 to 11.7.0.1229, and works perfect.

FYI, as it seems Intel provided new MEI firmware to OEMs to fix a major security hole, for more see the article at Semiaccurate


Here is the official Advisory from Intel:

https://security-center.intel.com/adviso…anguageid=en-fr

Here are the mitigation steps until the OEMs update their BIOS (oh boy…):

https://downloadcenter.intel.com/download/26754

The firmware that fix this vulnerability are the following:

6.2.61.3535
7.1.91.3272
8.1.71.3608
9.1.41.3024
9.5.61.3012
10.0.55.3000
11.0.25.3001
11.6.27.3264


Intel should have released those firmware at their own site in my own opinion instead of waiting for the OEMs to update their BIOS (which won’t happen easily for older systems with ME6,7 etc). When any of these firmware are found I will update the thread as usual. This is one of the main reasons why this thread exists.

Regarding ME 11.7:

Intel hasn’t acknowledged ME 11.7 at their advisory because KBL Refresh is not out yet but you can assume that the version we have currently found (11.7.0.1229 - based on 11.6.25.1229) is also affected. At least, maybe, since this vulnerability targets AMT and thus Corporate firmware which we don’t have any at 11.7 yet. Nevertheless, I advise people to roll back to 11.6.25.1229 while they still can (VCN is the same between 11.6.25.1229 and 11.7.0.1229 so hopefully it’s possible) and wait for Intel’s 11.6.27.3264.

Edit: Lenovo didn’t get the memo apparently:

Read that SemiAccurate (what a name ^^) article just a few hours ago via HN and it basically says nothing. Also Intel says "This vulnerability does not exist on Intel-based consumer PCs"… i really dunno what to expect from all of this and i am curious about the whole situation.


This vulnerability targets all systems not only AMT enabled?