Intel (Converged Security) Management Engine: Drivers, Firmware and Tools (2-15)


Correct.


Ok. By the way, can I use that as a means to downgrade to the previous ME Firmware if there are any problems after updating the Firmware through FWUpdLcl.exe?

Zitat von Ferrous im Beitrag #2886


Yes, but you should not run MESET while updating, or the ME region will get overwritten.




Are you really sure about this? I donā€™t think so cause normally this is only the case if itā€™s a newer versionā€¦


Is this the thingy that this mentioned here? https://twitter.com/gsuberland/status/859814308078923776
If it would be possible to flash the ME without the need for a SPI that would be great :slight_smile:


Yes


Get overwritten by older one, I meanā€¦
My CLEVO laptop model is P655SA, whose latest BIOS version is 1.05.01 with ME FW 9.1.30.1008 (VCN 11). I managed to update ME FW to 9.1.37.1002 (VCN 12) with fptw64, but it went back to 9.1.30.1008 after I re-flashed the BIOS.
MESET temporarily unlocks the flash descriptor, so it allows ME FW downgrade with fpt.

The FWUpdate procedure is correct. As for MESET, it disables the FD lock until the next reboot which does allow reflashing the ME region via FPT. In such case the ME region needs to be configured though based on the BIOS/SPI image provided by Clevo.

Get overwritten by older one, I meanā€¦



@plutomaniac Sorry to mention you here but just to clarify this one last time (maybe @Fernando could put this in the start posting):
From what i know it is not possible to flash the same version or older ME versions. This is only possible if there is no lock present (which normally isnā€™t the case) or you are doing it via a SPI flasher.
Is this correct?


Yes. IIRC for HM86 I applied momentary weak +3V on the HDA_SDO (pin A24) at power on. It was either that, or ground the pin. You need trial and error to get the timing.

To be honest, I donā€™t think HM86 is hardware limited from running Haswell Refresh (i.e. initial information shared here could be wrong). There are boards with this configuration if you google. It would be great if anyone has any idea what BIOS prerequisites allow me to flash MEI 9.1.x

All 9.0 systems can (and should - by the OEM) be updated to 9.1 firmware, there is no Mobile restriction like it was between Cougar and Panther Point (ME7 ā†’ ME8). So it is not a matter of hardware compatibility but a matter of BIOS preparation by the OEM. That is also clear at the Warning seen at the first post.



Thanks, plutomaniac. 3 years ago it was said that flashing 9.1 on HM86 was not correct. That information has since been removed.

BIOS preparation by the OEM. Does anyone know what preparation(s)? What are all the tests to check that 9.1 is working 100%?


So if I understand it correctly:

1. After ME Update through FWUpdate, if a BIOS update comes and the BIOS file has an older ME version, I can safely update the BIOS with that file if I just skip the MESET part during the update process. Right?

2. If there is some problem after the ME Update through FWUpdate, I can flash the current or newer BIOS file which has the older ME version. The BIOS flash will overwrite the ME to the older version. Now the only confusion is whether any changes are required in the BIOS/SPI image before flashing it. Apparently Ferrous was able to flash it without making any changes. Please confirm the correct/recommended process.

By the way, which is the recommended MEI driver for Z97 chipset: 11.7.0.1002 or 11.0.5.1189? I am currently on 11.0.0.1157.


Yes.


You should disable Intel Anti-Theft Technology. In my case, it has already been disabled so no need to change anything.


Yes. IIRC for HM86 I applied momentary weak +3V on the HDA_SDO (pin A24) at power on. It was either that, or ground the pin. You need trial and error to get the timing.



Nice. Thanks! Will give it a shot as soon as i find some time.

I examined a ASRock BIOS where they updated from 9.0 to 9.1. There were only 4 modules in the BIOS that were changed. One of them was MePlatformPolicy. Dunno what it does but the name suggests to look there :wink:

HPā€™s sp80196 is up (6.2.61.3535 DT) but donā€™t try to flash it yet as HP made a mistake during packaging :

Capture.PNG

Hi

I just want to install the driver only version and wondering which one I should use.

I have an asus maximus viii z170 motherboard (bios 3401) and the MEI firmware is 11.6.10.1196

Cheers

Intel MEI Driver v11.7.0.1002 (Windows 8.x & Windows 10) INF for manual installation

with this driver install - I need to manually update individual items in my device manager? if so which ones do I need to update?

Cheers

Intel ME 11.6 Consumer PCH-H Firmware v11.6.27.3264

Capture.PNG



Note: Based on the nature of the recent INTEL-SA-00075/CVE-2017-5689 vulnerability, this Consumer firmware shouldnā€™t address anything related to that. It is very possible though that 11.6.27 does fix other ME issues in general besides the obvious Corporate vulnerability.

@ spluff:

The MEI device can be found under Device Manager > System devices > Intel(R) Management Engine Interface. Alternatively, you can use the MEI-Only Installer driver which does everything automatically for you.

Cheers guys - I thought there may need to be many devices to update - I can easily update the oneā€¦

Intel ME 11.0 Corporate PCH-LP Firmware v11.0.25.3001 (INTEL-SA-00075/CVE-2017-5689)

Capture1.PNG



Intel ME 10.0 5MB Firmware v10.0.55.3000 (INTEL-SA-00075/CVE-2017-5689)

Capture.PNG



Intel ME System Tools v6 1.5MB/5MB r2

Updated the notice regarding INTEL-SA-00075/CVE-2017-5689 (found 10.0.55.3000 from Intel and 11.0.25.3001 COR LP from Intel):

bug.PNG


Sadly for me that only for the H110 chipset not for Z270

@atomota

Have you tried it? just because the FIT SKU say H110 doesnā€™t mean it will not work for other SKUā€™s.
I donā€™t see why it would not work on Z270.