It’s not dangerous but you can always do the “manual” method outlined above.
the manual method didn’t succeed
Then the ME firmware is corrupt. To repair it you would need read/write access to its region at the BIOS/SPI chip. That can only happen, if warranty is not valid anymore, by physically opening the laptop and doing some actions.
so what are these actions?
You can either temporarily (until next reboot) enable read/write access by sorting two pins of the audio chip while the system starts or you can use a hardware programmer to manually desolder, program and resolder the BIOS/SPI chip of the board. I avoid saying more to not waste my time as most less-knowledgeable/handy people refuse to continue with such solutions.
That’s what we need. Give him some instructions on how to use an EFI shell to change whatever setup_var controls that option. Is it permanent though? I’m asking because that option needs a restart to work after being set.
Press RCtrl+RShift+LAlt+F2 in BIOS menu to unhide them.
Hello everybody. I’m new to this forum and this thread.
I wanted to update the Intel ME firmware on my laptop but I don’t know which firmware should I use, and what’s the proper procedure.
Anybody can help me, please?
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
Intel(R) MEInfo Version: 11.6.29.3287
Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.
Intel(R) ME code versions:
BIOS Version F.23
MEBx Version 0.0.0.0000
GbE Version Unknown
Vendor ID 8086
PCH Version 21
FW Version 11.0.0.1198 LP
LMS Version 11.7.0.1013
MEI Driver Version 11.7.0.1014
Wireless Hardware Version 2.1.77
Wireless Driver Version 19.51.0.4
FW Capabilities 0x31111A40
Intel(R) Capability Licensing Service - PRESENT/ENABLED
Protect Audio Video Path - PRESENT/ENABLED
Intel(R) Dynamic Application Loader - PRESENT/ENABLED
Intel(R) Platform Trust Technology - PRESENT/ENABLED
Intel(R) AMT State Disabled
TLS Disabled
Last ME reset reason Firmware reset
Local FWUpdate Enabled
BIOS Config Lock Enabled
GbE Config Lock Enabled
Host Read Access to ME Disabled
Host Write Access to ME Disabled
Host Read Access to EC Enabled
Host Write Access to EC Enabled
SPI Flash ID 1 C84017
SPI Flash ID 2 Unknown
BIOS boot State Post Boot
OEM ID 00000000-0000-0000-0000-000000000000
Capability Licensing Service Enabled
OEM Tag 0x00000000
Slot 1 Board Manufacturer 0x00000000
Slot 2 System Assembler 0x00000000
Slot 3 Reserved 0x00000000
M3 Autotest Disabled
C-link Status Disabled
Independent Firmware Recovery Disabled
EPID Group ID 0xFC4
LSPCON Ports None
5K Ports None
OEM Public Key Hash FPF 0000000000000000000000000000000000000000000000000000000000000000
OEM Public Key Hash ME 0000000000000000000000000000000000000000000000000000000000000000
ACM SVN FPF 0x0
KM SVN FPF 0x0
BSMM SVN FPF 0x0
GuC Encryption Key FPF 0000000000000000000000000000000000000000000000000000000000000000
GuC Encryption Key ME 0000000000000000000000000000000000000000000000000000000000000000
FPF ME
--- --
Force Boot Guard ACM Disabled Disabled
Protect BIOS Environment Disabled Disabled
CPU Debugging Enabled Enabled
BSP Initialization Enabled Enabled
Measured Boot Disabled Disabled
Verified Boot Disabled Disabled
Key Manifest ID 0x0 0x0
Enforcement Policy 0x0 0x0
PTT Enabled Enabled
PTT Lockout Override Counter 0x0
EK Revoke State Not Revoked
PTT RTC Clear Detection FPF 0x0
Is there a special reason why I should downgrade[?] to the latest ME firmware v11.6 when I already have v11.7.0.1229? Does it have something to do with why I can no longer find v11.7.0.1229 on page 1 but a placeholder instead? [unless I am mistaken I am certain that I downloaded ME firmware v11.7.0.1229 update that I used to update my system, from page 1 a few months ago? why is there only a placeholder for it now?]
I’ve read all of page 1 but I can not decipher anything meaningful that would shed some light on these particular questions. Anything to help me understand this, would be very appreciated. TIA for any help and for your patience.
Then I should be OK with v11.7.0.1229 because the vulnerability of ME v11.7 only effects corporate not consumer systems, and for build 3000, whereas the version I have is of build 1229.
I quote what plutomaniac said in the link you provided:
"@ all:
It looks like (at least) 11.7 was also vulnerable to INTEL-SA-00075/CVE-2017-5689. The presence of 11.7 firmware with build 3000-something proves that. So use 11.6 firmware as provided at the first post, not 11.7 yet.As always, this is relevant to systems with Corporate firmware only, not Consumer"
So i think that unless there’s another reason that I should use the latest v11.6 I might as well stay with v11.7.0.1229. What do the experienced folk think?
@ ilario:
What don’t you understand from the first post exactly? Have you read it carefully?
@ myDNA:
ME 11.7 is not released yet. It adds support for KBL Refresh, which is not even announced yet. The versions that were posted here in the past were old, older than the equivalent from branch 11.6, which is still the proper firmware to have applied. The Version Control Number (VCN) of those 11.7 firmware was/is older than the ones we have from 11.6 so, for the currently released platforms in which are are interested in, they are older. When 11.7 is ready to be released widely, we’ll probably see a big jump in VCN to disallow downgrading to 11.6 but for now 11.7 seems just a side branch of 11.6 with KBL-R support. For Corporate systems, there is the extra issue with the vulnerability. Just stay at 11.6. It’s not a downgrade to go from 11.7.0.1229 (VCN 178, 2017-02-19) to 11.6.29.3287 (VCN 193, 2017-05-04).
@ Ferrous
I’ve tried your method but nothing hidden appeared.
here are my computer specs.
@The_Engineer
You have to access them with this guide.
To enable the Me FW Image Re-Flash use
setup_var 0x226 0x1
After reboot, you will be able to reflash ME Region.
Hi all, I am new to this excellent forum. Alt-P or RShift RCtrl LAlt F2 wasn’t working either on my Asrock H77Pro4-M board.
An external programmed BIOS ME update is “featured” to be rolled back on next reboot by the same BIOS. Even when BIOS ME version is higher than original ME. Shame you Asrock.
After cleaning the Intel ME from BIOS using the excellent tool by Nicola Corna and a reboot, BIOS powers down and up, then throws a screen “INTEL ME UPDATE” w/ user uninterruptible progress bar. Thus I ended up with the same old uncleaned ME.
I could temporarily stop reflashing by putting the BIOS chip on HOLD. Unfortunately, the program just waits the flashing to be finished… To circumvent the reflashing behavior completely, user Lordkag already found a nice assembly mod. Being a relatively noob on assembly, I found a nice and simple solution using the nifty UEFI Tool and an external programmer:
1. Open the (eventually already me_cleaned) BIOS file with UEFITool
2. Search for flashmedxe and remove
GUID 8F5C2D02-[...]
3. Search for MeFwDowngrade and Remove
GUID 5820EEB4-[...]
4. Save image
5. Flash the saved image back to the BIOS chip.
Possibly only removing the flashmedxe module is already sufficient. TLDR; kick out the internal flasher.
This proved to work on BIOS versions 1.55 to 2.00 of my Asrock H77Pro4-M board. Not all Asrock BIOSes seem to do reflashing: Asrock Z87 Pro3 BIOS could be cleaned straightforward.
Edit: PC is now running in ME BUP Phase according to coreboot intelmetool.
The point is that I have to be sure of what I’m doing.
I don’t wanna risk to brick my laptop. That’s why I’m asking help for the firmware upgrade.
If you (or somebody else) can help me, I would appreciate that.
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
Intel(R) MEManuf Version: 11.6.29.3287
Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.
Windows OS Version : 10.0
FW Status Register1: 0x90000245
FW Status Register2: 0x00F60506
FW Status Register3: 0x00000200
FW Status Register4: 0x00084400
FW Status Register5: 0x00000000
FW Status Register6: 0x40000000
CurrentState: Normal
ManufacturingMode: Disabled
FlashPartition: Valid
OperationalState: CM0 with UMA
InitComplete: Complete
BUPLoadState: Success
ErrorCode: No Error
ModeOfOperation: Normal
SPI Flash Log: Not Present
Phase: ROM/Preboot
ICC: Valid OEM data, ICC programmed
ME File System Corrupted: No
PhaseStatus: AFTER_SRAM_INIT
FPF and ME Config Status: Match
FW Capabilities value is 0x31111A40
Feature enablement is 0x31111A40
Platform type is 0x41110321
No Intel Wireless device was found
Feature enablement is 0x31111A40
ME initialization state valid
ME operation mode valid
Current operation state valid
ME error state valid
OEM ICC data valid and programmed correctly
MFS is not corrupted
PCH SKU Emulation is correct
FPF and ME Config values matched
Request Intel(R) ME BIST status command... done
Get Intel(R) ME test data command... done
Warning 463: A test returned from FW does not match known test by the tool: App(34) Comp(0) Test(2)
Get Intel(R) ME test data command... done
Total of 11 Intel(R) ME test result retrieved
Policy Kernel - Boot Guard : Self Test - Passed
Policy Kernel - Embedded Controller : Power source type - Passed
MCA - MCA Tests : Blob - Passed
MCA - MCA Tests : MCA Manuf - Passed
SMBus - SMBus : Read byte - Passed
VDM - General : VDM engine - Passed
Policy Kernel - ME Configuration : PROC_MISSING - Passed
Unknown App(34) - Unknown Comp(0) : Unknown Test(2) - Passed
Clear Intel(R) ME test data command... done
MEManuf Operation Passed (with warnings)
@ plutomaniac:
Sorry for the delay. The laptop in question is not my own. I work for a small business and address all of our internal IT needs. I confess that I failed to check the BIOS version before attempting to flash it. Based on the purchase date and information dialog box that pops up when running the BIOS .exe file from within Windows (see attached image), my best guess is that it was A00. As far as problems, the laptop has never performed as fast as I expected it to based on the hardware configuration, but I am not aware of any specific problems. I did not run MEInfo or MEManuf prior to experiencing the problem.
I do agree that the reboot issue could be associated with the battery losing connection. After using it for a week, the User of this laptop states that the main issue he is experiencing is that there is no video shown on the laptop screen when he opens it after he undocks it (black screen). The only way to recover is to reboot. I have done some searching and it seems that the main solution is to flash the BIOS to the latest version. As you know, I cannot do that successfully.
I removed the cord + battery for 1 minute, then re-ran MEInfo and MEManuf. No change. I got the same errors.
FYI, I also attempted to flash all 9 available versions of the BIOS without success (same error).
Can you offer any other solutions?