Very likely you can also unlock the ME Region for reading and writing by booting a modified grub and change these two settings
ME State, Variable: 0x3D4 => default value 0x01 (enabled) => setup_var 0x3D4 0x00
Me FW Image Re-Flash, Variable: 0x3C5 => default value 0x00 (disabled) => setup_var 0x3C5 0x01
If the modified grub doesn’t work you can use fpt to flash a patched NVAR Store (size 0x20000). This is what I usually do, because it is much quicker. Of course you must know what you are doing …
Intel CSME 11.11 Consumer PCH-H Firmware v11.11.50.1402
Intel CSME 11.8 Consumer PCH-H Firmware v11.8.50.3399
@ eroli23:
A driver update cannot cause this issue so it must have been like that from before you tried anything. Use the DOS or EFI tools. First run Flash Programming Tool with command “fpt -greset” and after the reboot boot into DOS/EFI again and try MEInfo and MEManuf.
Successfully updated to Intel CSME 11.8 Consumer PCH-H Firmware v11.8.50.3399
System : i7-7700K , MB: Asus Strix Z720H
MEInfo:
Intel(R) MEInfo Version: 11.8.50.3399
Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.
Intel(R) ME code versions:
BIOS Version 1009
MEBx Version 0.0.0.0000
GbE Version 0.2
Vendor ID 8086
PCH Version 0
FW Version 11.8.50.3399 H
Security Version (SVN) 3
LMS Version 11.7.0.1043
MEI Driver Version 11.7.0.1040
Wireless Hardware Version Not Available
Wireless Driver Version Not Available
FW Capabilities 0x31111540
Intel(R) Capability Licensing Service - PRESENT/ENABLED
Protect Audio Video Path - PRESENT/ENABLED
Intel(R) Dynamic Application Loader - PRESENT/ENABLED
Intel(R) Platform Trust Technology - PRESENT/DISABLED
Re-key needed False
TLS Disabled
Last ME reset reason Firmware reset
Local FWUpdate Enabled
BIOS Config Lock Enabled
GbE Config Lock Enabled
Host Read Access to ME Enabled
Host Write Access to ME Disabled
Host Read Access to EC Disabled
Host Write Access to EC Disabled
SPI Flash ID 1 20BA18
SPI Flash ID 2 Unknown
BIOS boot State Post Boot
OEM ID 00000000-0000-0000-0000-000000000000
Capability Licensing Service Enabled
OEM Tag 0x00000000
Slot 1 Board Manufacturer 0x00000000
Slot 2 System Assembler 0x00000000
Slot 3 Reserved 0x00000000
M3 Autotest Disabled
C-link Status Disabled
Independent Firmware Recovery Disabled
EPID Group ID 0x1FD9
LSPCON Ports None
5K Ports None
OEM Public Key Hash FPF 0000000000000000000000000000000000000000000000000000000000000000
OEM Public Key Hash ME 0000000000000000000000000000000000000000000000000000000000000000
ACM SVN FPF 0x0
KM SVN FPF 0x0
BSMM SVN FPF 0x0
GuC Encryption Key FPF 0000000000000000000000000000000000000000000000000000000000000000
GuC Encryption Key ME 0000000000000000000000000000000000000000000000000000000000000000
FPF ME
— –
Force Boot Guard ACM Disabled Disabled
Protect BIOS Environment Disabled Disabled
CPU Debugging Enabled Enabled
BSP Initialization Enabled Enabled
Measured Boot Disabled Disabled
Verified Boot Disabled Disabled
Key Manifest ID 0x0 0x0
Enforcement Policy 0x0 0x0
PTT Enabled Enabled
PTT Lockout Override Counter 0x0
EK Revoke State Not Revoked
Thank you for the report kostar20071.
I see that Intel now added a Security Version Number (SVN) field at MEInfo 11.8. Neat.
Ok, thanks for the help until now.
@ jjxaker: I don’t have SPI programmer, because my BIOS is not unlocked.
@ plutomaniac: I ran the „FPT -greset” as you described, then the PC restarted automatically. I booted from a pendrive and I used DOS files. I could earn these informations.
MEinfo Video
I apologise, I do this for the first time but I would really like to do it.
Did someone tested 11.8.50.3399 on Z170?
Yes, works as expected on my Z170 Sabretooth S.
@ eroli23:
The CSME looks just fine, healthy. Since it works under DOS, everything else you see is OS related. Make sure you have valid MEI drivers installed and that you are not running background utilities which might cause interferences. In your case, I suggest you use the DOS tools to update or receive info from MEInfo and MEManuf. By the way, you can add “> meinfo.txt”, “> memanuf.txt” or similar at the end of the command to save the output into text files which you can then compress and attach here.
Thank you for the report Gus.Ghanem. This is also something new with MEInfo v11.8, probably related to the very important vulnerability that got fixed at the equivalent CSME firmware. Not sure what it means though, at least not yet.
What vulnerability? Got me worried!
Fwiw I would imagine if you’ve got an Asus Z170 type board you should be on the 3000 series bios release if you plan to run higher than 11.6?
Thanks
It is neither confirmed by Intel nor by the researchers, but I believe that these Minor version increases with Hotfix 50 (11.8.50, 11.11.50 and possibly 11.21.50) patch this vulnerability which will be presented in early December.
@ Gus.Ghanem:
It’s probably something for the OEM to do or maybe only 100-series related. I don’t know but I suppose we’ll learn at some point in the near future.
INTEL-SA-00101 Wi-Fi Protected Access II (WPA2) protocol vulnerability
I think it means Intel recommend upgrade from 11.0-11.7 to 11.8.
I installed another ME driver and managed to solve it meinfowin64.exe and memanufwin64.exe from the windows (Admin Command prompt).
I can also update 11.8.50.3399 version?
ME info.rar (1.26 KB)
As I said earlier, everything looks good indeed. Yes it is possible to update to v11.8 firmware. To be on the safe side, I always urge people to first check the 2nd “Warning for all 100/200/300-series systems” at the first post.
Looks like a small startup has figured out how to remove/disable ME: http://www.tomshardware.com/news/purism-…brem,35741.html
Nah, they just use me_cleaner and leave BootGuard in unconfigured state.
Intel CSME 11.21 Corporate PCH-H Firmware v11.21.50.1400
Intel CSME 11.8 Consumer PCH-LP Firmware v11.8.50.3399
Intel CSME 11.8 Corporate PCH-LP Firmware v11.8.50.3399
Hello. I have Asus X99-A II with i7-6850K running under Windows 7 x64 OS. I’ve read opening posts of this topic a few times but they seem to be beyond my comprehension and I need some kind of additional explanation.
Asus is offering many different drivers on my mainboard’s webpage to download. These are drivers for Chipset, Audio, LAN, USB, SATA and, also, Intel Management Engine Interface. The problem is that I know what all of them do except one: this last IMEI "driver".
I know that, for example, Chipset drivers allow to identify chipset devices to let them do their jobs, SATA drivers allow to increase drives transfer rates, Audio drivers allow to increase sound quality, Graphics drivers allow to work/play in greater resolutions etc.
But what does IMEI give to "average PC user" like me? I’ve installed all drivers except IMEI and I can’t see any more unidentified devices. Do I need to install IMEI even then? What are the main benefits? Are there any applications that require IMEI to be installed?
Here is a quote from 3rd post:
Based on this quote, my closest idea "what does IMEI do?" is: it provides more accurate data required by system monitoring applications (like HWiNFO) or when we would like to test overall system stability (like OCCT) - with no IMEI installed such monitoring applications could display incorrect values. Am I right?
@Lex My paranoid mind reads…
Jokes aside…
I read everything about Windows. What about Linux users? I use Linux exclusively
help me!
I downloaded the Intel CSME System Tools v11.8 on success but no ftc file run, pls help me
thanks!