Intel (Converged Security) Management Engine: Drivers, Firmware and Tools (2-15)

@ Muteo:

First, make sure you have Intel MEI Driver v6.2.50.1050 installed. FWUpdate is not used like that so the "invalid usage" error is normal. For the actual issue, run "fptw -greset" command and check if the problem is solved afterwards or if MEInfo works. If not, run "fptw -d spi.bin" and let me know if you receive a cpu access error, otherwise compress and attach the resulting "spi.bin" file.

@ Net7:

So I assume you want to update the ME firmware? What exact system/model do you have? Due to forum attachment limitations, please first compress all the text logs and re-attach them for others to be able to see them.

plutomaniac, thank you for answer,

I have driver for manual install, but i don`t know how can i install it? In system manager? This is response in cmd:
|addpics|cre-2-20e0.jpg-invaddpicsinvv|/addpics|

The errors are self explanatory. Why are you using ME8 tools when you have ME6? Download "ME System Tools v6 1.5MB/5MB" from the 1st post and use these only. To install the driver go to Device Manager > System devices > Intel(R) Management Engine Interface > Driver tab > Update driver > Browse and select the folder with the INF file you downloaded.

@plutomaniac

You have right, my faul, i use tool in wrong folder, here is response from cmd:


I still cant find Intel(R) Management Engine Interface in System Device:


Have you any segestion?|addpics|cre-5-3501.jpg-invaddpicsinvv,cre-6-c888.jpg-invaddpicsinvv|/addpics|

@plutomaniac

can you give me an answer to my above question?|addpics|6lq-3-da6e.png|/addpics|

Yes, system is a MSI GE72-6QD laptop.

I don’t understand the issue with the attachments, 2 of the compressed documents are the SAME size compressed VS uncompressed, and you only save 2 and 7 kb on the other 2… don’t know how screenshots are able to be posted if files with so few lines and so much smaller cant be used… BUT, Its forum software I am not familiar with, might be a limitation of the license!

I have compressed all 4 files, a single zip.

BeforeFlashME-Stuff.zip (3.83 KB)

@ Muteo:

EDIT: The chip that FPT detects is not the correct one as SST25VF040B is only 512KB. Go to the BIOS and start the ASUS Easy Flash Utility, what chip does it detect? The message below might not be relevant after this edit.

I’ve seen that error before. “Address 0x00000000 is not within any region” is due to OEM stupidity back in the day in which they did not specify at what offset the BIOS starts. That causes certain tools such as FPT to not work. For you to fix your problem, the Flash Descriptor needs to be unlocked so that we can repair the (usually read/write locked) ME region firmware. Error 26, cpu access error, means that the FD is locked. However, due to that other OEM mistake, it is not certain that the FD is indeed locked. Basically we need a full SPI dump from your system in order to fix a) the broken FD BIOS starting offset and b) repair the ME region firmware which is definitely corrupted since you cannot even see the MEI device at Device Manager. Post a MEInfo output here. Also, try command “fptw -d desc.bin -desc”, does it work? If not, you cannot use FPT to test if the FD is locked and thus to repair the ME. In such case, there are two alternatives. Either the FD is not locked but FPT cannot detect it due to the OEM mistake at FD or FD is indeed locked and thus performing the “pinmod” or using a hardware programmer is needed. Since we cannot use FPT to check FD lock status, I suggest you install Ubuntu, or some other linux distro if you prefer, at another partition and use the flasher called “flashrom” to try and dump your entire SPI image (binary for Ubuntu here). If the FD is not locked then it should dump it, as flashrom will hopefully not be affected by that OEM mistake which causes FPT to assume that the FD is always locked. The command you need to use at flashrom is “sudo flashrom --programmer internal --read spi.bin” and if you encounter an “unsupported laptop” error then replace “internal” with “internal:laptop=force_I_want_a_brick” and try again. Depending on how that goes, we will know if your FD is locked.

@ wasisdn:

I don’t know why this error appears. Normally MEInfo should not show any red messages/errors to assume that everything is ok. It’s very possible that this is a MEInfo bug as I’ve seen it at other outputs like the one posted by Net7 above.

@ Net7:

It’s not a matter of size, files with .txt extension cannot be opened when attached to this forum due to a bug. That’s why I wanted them packed in something else. To see the exact error that MEManuf reports, just use “-verbose” parameter. Also, use ME 11.0 tools as that’s the most probable root of the error.

Intel ME 11.6 Consumer PCH-LP Firmware v11.6.10.1196

After flash, report FWStatusRegister3 value as seen at MEInfo -verbose.

Is there anyone with a Consumer LP system who has a hardware programmer and can do some tests?

@plutomaniac

attached the MEInfo (verbose) output after flashing my ASUS NB K456UR with FW 11.6.10.1196 CON LP.
thanks for the new FW

F:\6>meinfowin64 -verbose
 
Intel(R) MEInfo Version: 11.6.10.1198
Copyright(C) 2005 - 2016, Intel Corporation. All rights reserved.
 

 
FW Status Register1: 0xA0000245
FW Status Register2: 0x02F60506
FW Status Register3: 0x00000420
FW Status Register4: 0x00084000
FW Status Register5: 0x00000000
FW Status Register6: 0x40000000
 
  CurrentState:                         Normal
  ManufacturingMode:                    Disabled
  FlashPartition:                       Valid
  OperationalState:                     CM0 with UMA
  InitComplete:                         Complete
  BUPLoadState:                         Success
  ErrorCode:                            No Error
  ModeOfOperation:                      Normal
  SPI Flash Log:                        Not Present
  Phase:                                ROM/Preboot
  ICC:                                  Valid OEM data, ICC programmed
  ME File System Corrupted:             No
  PhaseStatus:                          AFTER_SRAM_INIT
 
  FPF and ME Config Status:             Match
FW Capabilities value is 0x31111240
Feature enablement is 0x31111240
Platform type is 0x41110321
No Intel Wireless device was found
Intel(R) ME code versions:
 

  Windows OS Version : 6.2.9200 ""
    Table Type   0 ( 0x 00 ) found, size of  24 (0x 18 ) bytes
BIOS Version                                 X456UR.203
 
  Windows OS Version : 6.2.9200 ""
    Table Type   0 ( 0x 00 ) found, size of  24 (0x 18 ) bytes
    Table Type   1 ( 0x 01 ) found, size of  27 (0x 1B ) bytes
    Table Type   2 ( 0x 02 ) found, size of  15 (0x 0F ) bytes
    Table Type   3 ( 0x 03 ) found, size of  22 (0x 16 ) bytes
    Table Type  10 ( 0x 0A ) found, size of  26 (0x 1A ) bytes
    Table Type  11 ( 0x 0B ) found, size of   5 (0x 05 ) bytes
    Table Type  32 ( 0x 20 ) found, size of  20 (0x 14 ) bytes
    Table Type   7 ( 0x 07 ) found, size of  19 (0x 13 ) bytes
    Table Type   7 ( 0x 07 ) found, size of  19 (0x 13 ) bytes
    Table Type   7 ( 0x 07 ) found, size of  19 (0x 13 ) bytes
    Table Type   7 ( 0x 07 ) found, size of  19 (0x 13 ) bytes
    Table Type   4 ( 0x 04 ) found, size of  48 (0x 30 ) bytes
    Table Type  16 ( 0x 10 ) found, size of  23 (0x 17 ) bytes
    Table Type  17 ( 0x 11 ) found, size of  40 (0x 28 ) bytes
    Table Type  17 ( 0x 11 ) found, size of  40 (0x 28 ) bytes
    Table Type  19 ( 0x 13 ) found, size of  31 (0x 1F ) bytes
    Table Type 221 ( 0x DD ) found, size of  12 (0x 0C ) bytes
    Table Type  20 ( 0x 14 ) found, size of  35 (0x 23 ) bytes
    Table Type  20 ( 0x 14 ) found, size of  35 (0x 23 ) bytes
    Table Type 130 ( 0x 82 ) found, size of  20 (0x 14 ) bytes
    Table Type 131 ( 0x 83 ) found, size of  64 (0x 40 ) bytes
        MEBx Version found is 0.0.0.0000
MEBx Version                                 0.0.0.0000
GbE Region does not exist.
 
Error 329: Region does not exist.
GbE Version                                  Unknown
Vendor ID                                    8086
PCH Version                                  21
FW Version                                   11.6.10.1196 LP
LMS Version                                  11.6.0.1035
MEI Driver Version                           11.6.0.1042
Wireless Hardware Version                    Not Available
Wireless Driver Version                      Not Available
 
FW Capabilities                              0x31111240
 
    Intel(R) Capability Licensing Service - PRESENT/ENABLED
    Protect Audio Video Path - PRESENT/ENABLED
    Intel(R) Dynamic Application Loader - PRESENT/ENABLED
    Service Advertisement & Discovery - NOT PRESENT
    Intel(R) NFC Capabilities - NOT PRESENT
    Intel(R) Platform Trust Technology - PRESENT/ENABLED
 
TLS                                          Disabled
Last ME reset reason                         Global system reset
Local FWUpdate                               Enabled
BIOS Config Lock                             Enabled
GbE Config Lock                              Enabled
Get flash master region access status...done
Host Read Access to ME                       Disabled
Host Write Access to ME                      Disabled
Get EC region access status...done
Host Read Access to EC                       Disabled
Host Write Access to EC                      Disabled
Protected Range Register Base #0 0x0
Protected Range Register Limit #0 0x0
Protected Range Register Base #1 0x0
Protected Range Register Limit #1 0x0
Protected Range Register Base #2 0x0
Protected Range Register Limit #2 0x0
Protected Range Register Base #3 0x0
Protected Range Register Limit #3 0x0
Protected Range Register Base #4 0x0
Protected Range Register Limit #4 0x0
SPI Flash ID 1                               EF4017
SPI Flash ID 2                               Unknown
BIOS boot State                              Post Boot
OEM ID                                       00000000-0000-0000-0000-000000000000
Capability Licensing Service                 Enabled
OEM Tag                                      0x00001043
Slot 1 Board Manufacturer                    0x00001043
Slot 2 System Assembler                      0x00000000
Slot 3 Reserved                              0x00000000
M3 Autotest                                  Disabled
C-link Status                                Disabled
Independent Firmware Recovery                Disabled
EPID Group ID                                0xF94
 
Retrieving Variable "LSPCON Port Configuration"
LSPCON Ports                                 None
 
Retrieving Variable "eDP Port Configuration"
5K Ports                                     None
OEM Public Key Hash FPF                      0000000000000000000000000000000000000000000000000000000000000000
 
Retrieving Variable "OEM Public Key Hash"
OEM Public Key Hash ME                       0000000000000000000000000000000000000000000000000000000000000000
ACM SVN FPF                                  0x0
KM SVN FPF                                   0x0
BSMM SVN FPF                                 0x0
GuC Encryption Key FPF                       0000000000000000000000000000000000000000000000000000000000000000
 
Retrieving Variable "GuC Encryption Key"
GuC Encryption Key ME                        0000000000000000000000000000000000000000000000000000000000000000
 
                                             FPF                      ME
                                             ---                      --
Force Boot Guard ACM                         Disabled
Retrieving Variable "Force Boot Guard ACM Enabled"
          Disabled
Protect BIOS Environment                     Disabled
Retrieving Variable "Protect BIOS Environment Enabled"
          Disabled
CPU Debugging                                Enabled
Retrieving Variable "CPU Debugging"
          Enabled
BSP Initialization                           Enabled
Retrieving Variable "BSP Initialization"
          Enabled
Measured Boot                                Disabled
Retrieving Variable "Measured Boot Enabled"
          Disabled
Verified Boot                                Disabled
Retrieving Variable "Verified Boot Enabled"
          Disabled
Key Manifest ID                              0x0
Retrieving Variable "Key Manifest ID"
          0x0
Enforcement Policy                           0x0
Retrieving Variable "Error Enforcement Policy"
          0x0
PTT                                          Enabled
Retrieving Variable "Intel(R) PTT Supported"
          Enabled
PTT Lockout Override Counter                 0x2
EK Revoke State                              Not Revoked
PTT RTC Clear Detection FPF                  0x0
 

Thank you wasisdn for the report. It’s NOPDM.

Hi, i’m looking to update the MEI of my Dell Inspiron N5110.

What i have:






Which drivers are the best for me?

Gotcha, thats a rather annoying bug, but, no matter, they happen!

Attached are the verbose outputs from MEInfo and MEManuf from the ME11.0 tools, they look clear to me and it looks like I am safe to TRY the update, if you get some spare moments to second glance, I would appreciate it.

I come from the era of flash in DOS or die, whats your thoughts on flashing with the Win64 route?

@ analyzer64:

The latest v11.0 INF driver found at the first post.

@ Net7:

There is nothing attached.

Indeed it is safer to flash from within DOS or EFI to avoid OS interferences. One exception is when you have read/write access to the ME region (unlocked Flash Descriptor) and the flashing goes wrong for some weird reason. If you are at DOS/EFI, you won’t be able to do anything other than restart which will cause a brick. But if you are at Windows, you can open Flash Programming Tool at another window and flash back your previous/backed ME region and avoid the consequences of the bad FWUpdate flash. In your case, the FD is locked so you are not able to backup or restore your ME region if shit hits the fun either way. So you should use DOS or EFI if you like and everything should be just fine.

fun stuff, forgot to hit the upload after browse but before submit! Cool, works for me!

EDIT: copied unsaved MEInfo doc… fixed and reuploaded

BeforeFlash-Verbose.zip (2.94 KB)

Everything looks ok at the verbose logs. Thank you for using ME Analyzer as well.

Sweet!

No problem, I liked the output as well (im sure you saw it in my first post)


EDIT: Figure Id edit this post instead of make a new one since no-one else posted after, attached is the after report since I have finished updating. Also, should I use the older 11.0 drivers as well? or 11.6 drivers do just fine? (annoying a 2016 laptop came with 11.0 not 11.5 or 11.6 and cant be updated… its an i7-6700HQ for updating sake! bah, i bet its a recycled board/chipset design from yesteryear…)

EDIT2: whilist im being an UPDATE ALL THE THINGS whore, while I know there is no NEED because there is no vPro, I noticed that the MEBx version did NOT upgrade, anyway to upgrade it as well?

AfterFlash-Verbose.zip (3.03 KB)

You should use the latest v11.6 drivers from the first post. ME 11.6 firmware is an upgrade from 11.0 which adds Kaby Lake cpu support among other stuff. So your system can be upgraded to 11.6 firmware but it should have been done by the manufacturer. Although it seems to work just fine based on other people’s experiences, it is best if the BIOS is also updated by the OEM to work properly with ME 11.6. Besides, at your case, the current BIOS does not even contain KBL cpu microcodes or other modules such as RST, VBIOS etc. So without an update from MSI you cannot upgrade to KBL in the future no matter if you can upgrade to 11.6 firmware without any issues. Any SKL motherboard can be updated to work with KBL and ME 11.6 but the OEM needs to care first and foremost. I suggest you ask their support when they plan to release a new BIOS for your model. To summarize, driver is ok but firmware should remain at 11.0 until the OEM releases a new BIOS with said support.

MEBx should not be there to begin with. MEBx is found at the BIOS region as a module, it is not part of the ME itself. It doesn’t work at all at Consumer ME SKUs but some OEMs leave it there by accident and MEInfo happens to detect it. Although MEBx research hasn’t been done yet, updating it should be as simple as replacing its two modules (MEBx, MEBxSetupBrowser) at the BIOS region using a tool such as CodeRush’s UEFITool. It would be possible in your case because from the MEInfo report, it’s obvious that Intel BootGuard is disabled so BIOS modifications will (hopefully) work. However, there is no point in risking a laptop brick (very hard to recover, soldering/desoldering might be required) in case something goes wrong with the MEBx update or with a security measure implemented by the OEM. Especially for something completely useless, in this case, like MEBx. So I do not advise you to deal with MEBx.

[p34217]Intel Management Engine (ME) Firmware Version 11.6.13.1208 (S&H)(1.5Mo)




http://station-drivers.com/download/www/…rivers.com).exe

After flash, report FWStatusRegister3 value as seen at MEInfo -verbose.

Thanks   Fdrsoft & Pacman ! and Station-drivers

The good news here is that it seems Intel has fixed the bug that caused FWUpdate to give an error with EXTR images,
i could flash the extracted image unmodified without problems.

I don’t know yet if the bugfix is in the 11.6.10.1198 flasher or on FW level.

Interesting. Try to use FWUpdate v11.0.0.1205 with v11.6.13.1208 firmware. If it works, the problem was at the FW releases. If it doesn’t, the problem was at FWUpdate itself. Parameter -allowsv will not tell us which is true so the update needs to be done from 11.6.10 or earlier. Also, what does “FW Status Register3” report?

11.0.0.1205.rar (1.65 MB)