Intel CSME 11.8 Consumer PCH-LP Firmware v11.8.50.3425
Intel CSME 11.8 Corporate PCH-LP Firmware v11.8.50.3425
Intel CSME System Tools v11 r3
@ p82:
Thank you very much for the clean/stock (RGN) firmware. We only had the dirty (EXTR) before. Thank you for using ME Analyzer as well. 
Intel ME 8 1.5MB Firmware v8.1.70.1590 (EXTR â RGN)
Hey Plutomaniac,
can I update v8.1.70.1590 EXTR to v8.1.70.1590 RGN, via FWUpdate?
Will it be safe to do it?
Thanks in advance
Intel CSME 11.8 Corporate PCH-H Firmware v11.8.50.3425 (CVE-2017-9765, CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-5705, CVE-2017-5708, CVE-2017-5711, CVE-2017-5712, CVE-2017-5729)
after the chipset replaces the hard drive does not deteck if this is problematic about the biosn firmware ⌠thanks for everything
Intel CSME 11.8 Consumer PCH-H Firmware v11.8.50.3425 (CVE-2017-9765, CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-5705, CVE-2017-5708, CVE-2017-5711, CVE-2017-5712, CVE-2017-5729)
Changelog v11.8.50.3425
- Failure to flash Intel ME FW with error âOEM ID verification failedâ when using Intel FWUpdate toolâs EFI and DOS versions.
- Failure to retrieve all variables via Intel FPT on consumer platforms because of attempts to read corporate variables.
- Intel ME FW Update process hangs at 99% when updating consumer images on SKUs with Windows 7 OS.
- Intel MEManuf tool crashes when running -EOL var command with the configuration file.
- Intel MEInfo tool for Linux is missing from the tools folder.
- Intel MEManuf tool prints results repetitively for EOL command.
- The system hangs when running Intel MEInfo tool over EFI Shell with iTouch enabled in FW but not installed in HW.
- The system hangs and a BSOD is observed when stress testing the cold boot cycle on platforms with Windows 7 32-bit OS.
- Intel FWUpdate tool does not check if the image and platform SKUs match (H vs LP).
- Intel MEManuf failed after closemnf for WLAN microcode error with 11.8 firmware/tools.
- Intel MEManuf failed for EOL check with 11.8 firmware/tools.
- Intel MEI setup -tcs command line option is not shown as part of the help results (i.e. run MEISetup.exe -? in CMD).
- After running the command to install Intel TCS services only (i.e. MEIsetup.exe -tcs -nodrv), a message appears to the user stating that Intel MEI driver was installed as well.
- Intel MEI driver becomes unresponsive when upgrading Intel TCS service via Intel MEI SW installer while not connected to the internet.
- Intel FPT fails to read âRedirection Privacy/Security Levelâ variable after updating the FW to 11.8 and running -closemnf.
- Intel AMT wireless does not have a network IP address on the System Status page of the WEBUI after configuring Intel AMT wireless.
- The system hangs and a global reset via Intel FPT fails after updating Intel ME FW to 11.8.
- Black screen observed at the first boot after updating Intel ME FW from 11.0 to 11.8.
- Mitigated security vulnerability CVE-2017-13077
- Mitigated security vulnerability CVE-2017-5729
Note: It looks like Intel is going to disclose the CSME 11, CSTXE 3 and CSSPS 4 vulnerability on November 20th 2017.
Intel CSME 11.10 Corporate PCH-H Firmware v11.10.0.1314
hello,
1. Did I understand it right? ME consists of DATA and CODE sections and if there are bug in DATA(which was configured by manufacturer) updating or reflashing current version using FWUpadate and ME downloaded from first page doesnât affect DATA section?
2. If I just reflash BIOS file with the same ME version, is there are way to recognize was the ME region reflashed too or stayed untouched(mby some counter or date of update)?
Test ME FW 11.8.50.3425
MB MSI z270
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
Â
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
Â
BIOS Version 1.30
MEBx Version 0.0.0.0000
GbE Version Unknown
Vendor ID 8086
PCH Version 0
FW Version 11.8.50.3425 H
Security Version (SVN) 3
LMS Version Not Available
MEI Driver Version 11.7.0.1045
Wireless Hardware Version Not Available
Wireless Driver Version Not Available
Â
FW Capabilities 0x31111140
Â
Intel(R) Capability Licensing Service - PRESENT/ENABLED
Protect Audio Video Path - PRESENT/ENABLED
Intel(R) Dynamic Application Loader - PRESENT/ENABLED
Intel(R) Platform Trust Technology - PRESENT/DISABLED
Â
Re-key needed False
TLS Disabled
Last ME reset reason Global system reset
Local FWUpdate Enabled
BIOS Config Lock Enabled
GbE Config Lock Enabled
Host Read Access to ME Enabled
Host Write Access to ME Enabled
Host Read Access to EC Enabled
Host Write Access to EC Enabled
SPI Flash ID 1 EF4018
SPI Flash ID 2 Unknown
BIOS boot State Post Boot
OEM ID 00000000-0000-0000-0000-000000000000
Capability Licensing Service Enabled
OEM Tag 0x00000000
Slot 1 Board Manufacturer 0x00000000
Slot 2 System Assembler 0x00000000
Slot 3 Reserved 0x00000000
M3 Autotest Disabled
C-link Status Disabled
Independent Firmware Recovery Disabled
EPID Group ID 0xFD6
LSPCON Ports None
5K Ports None
OEM Public Key Hash FPF Not set
OEM Public Key Hash ME 0000000000000000000000000000000000000000000000000000000000000000
ACM SVN FPF 0x0
KM SVN FPF 0x0
BSMM SVN FPF 0x0
GuC Encryption Key FPF Not set
GuC Encryption Key ME 0000000000000000000000000000000000000000000000000000000000000000
Â
FPF ME
--- --
Force Boot Guard ACM Not set Disabled
Protect BIOS Environment Not set Disabled
CPU Debugging Not set Disabled
BSP Initialization Not set Enabled
Measured Boot Not set Disabled
Verified Boot Not set Disabled
Key Manifest ID Not set 0x0
Enforcement Policy Not set 0x0
PTT Not set Enabled
EK Revoke State Not Revoked
PTT RTC Clear Detection FPF Not set
Â
FW Status Register1: 0x90000255
FW Status Register2: 0x02F60506
FW Status Register3: 0x00000020
FW Status Register4: 0x00084000
FW Status Register5: 0x00000000
FW Status Register6: 0x00000002
Â
CurrentState: Normal
ManufacturingMode: Enabled
FlashPartition: Valid
OperationalState: CM0 with UMA
InitComplete: Complete
BUPLoadState: Success
ErrorCode: No Error
ModeOfOperation: Normal
SPI Flash Log: Not Present
Phase: ROM/Preboot
ICC: Valid OEM data, ICC programmed
ME File System Corrupted: No
PhaseStatus: AFTER_SRAM_INIT
FPF and ME Config Status: Not committed
 MB Asus z270
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
Â
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
Â
BIOS Version 1010
MEBx Version 0.0.0.0000
GbE Version 0.2
Vendor ID 8086
PCH Version 0
FW Version 11.8.50.3425 H
Security Version (SVN) 3
LMS Version Not Available
MEI Driver Version 11.7.0.1045
Wireless Hardware Version Not Available
Wireless Driver Version Not Available
Â
FW Capabilities 0x31111540
Â
Intel(R) Capability Licensing Service - PRESENT/ENABLED
Protect Audio Video Path - PRESENT/ENABLED
Intel(R) Dynamic Application Loader - PRESENT/ENABLED
Intel(R) Platform Trust Technology - PRESENT/DISABLED
Â
Re-key needed False
TLS Disabled
Last ME reset reason Firmware reset
Local FWUpdate Enabled
BIOS Config Lock Enabled
GbE Config Lock Enabled
Host Read Access to ME Enabled
Host Write Access to ME Enabled
Host Read Access to EC Disabled
Host Write Access to EC Enabled
SPI Flash ID 1 EF4018
SPI Flash ID 2 Unknown
BIOS boot State Post Boot
OEM ID 00000000-0000-0000-0000-000000000000
Capability Licensing Service Enabled
OEM Tag 0x00000000
Slot 1 Board Manufacturer 0x00000000
Slot 2 System Assembler 0x00000000
Slot 3 Reserved 0x00000000
M3 Autotest Disabled
C-link Status Disabled
Independent Firmware Recovery Disabled
EPID Group ID 0xFD2
LSPCON Ports None
5K Ports None
OEM Public Key Hash FPF 0000000000000000000000000000000000000000000000000000000000000000
OEM Public Key Hash ME 0000000000000000000000000000000000000000000000000000000000000000
ACM SVN FPF 0x0
KM SVN FPF 0x0
BSMM SVN FPF 0x0
GuC Encryption Key FPF 0000000000000000000000000000000000000000000000000000000000000000
GuC Encryption Key ME 0000000000000000000000000000000000000000000000000000000000000000
Â
FPF ME
--- --
Force Boot Guard ACM Disabled Disabled
Protect BIOS Environment Disabled Disabled
CPU Debugging Enabled Enabled
BSP Initialization Enabled Enabled
Measured Boot Disabled Disabled
Verified Boot Disabled Disabled
Key Manifest ID 0x0 0x0
Enforcement Policy 0x0 0x0
PTT Enabled Enabled
PTT Lockout Override Counter 0x0
EK Revoke State Not Revoked
PTT RTC Clear Detection FPF 0x0
Â
FW Status Register1: 0x90000245
FW Status Register2: 0x06F60546
FW Status Register3: 0x00000020
FW Status Register4: 0x00084004
FW Status Register5: 0x00000000
FW Status Register6: 0x40000000
Â
CurrentState: Normal
ManufacturingMode: Disabled
FlashPartition: Valid
OperationalState: CM0 with UMA
InitComplete: Complete
BUPLoadState: Success
ErrorCode: No Error
ModeOfOperation: Normal
SPI Flash Log: Present
Phase: ROM/Preboot
ICC: Valid OEM data, ICC programmed
ME File System Corrupted: Yes
PhaseStatus: AFTER_SRAM_INIT
FPF and ME Config Status: Match
 Intel MEI Driver v11.7.0.1045 (Windows 8 & Windows 10) INF for manual installation
Thanks to Microsoft for the update and khanmein for letting me know. 
@ vickygameboy:
I doubt your problem is CSME-related. Have you run MEInfo and MEManuf tools to verify that everything works properly, as explained at the first post? If these seem ok, I suggest you apply the latest Dell BIOS or wait for the inevitable update which should come soon which officially includes ME 11.8.
@ Octopuss & Atem90:
You both have not understood the difference between RGN/EXTR/UPD and the difference between Flash Programming Tool and FWUpdate. Read the first post carefully.
@ kenzo2:
I can neither understand your English nor your situation. A lot more info and better explanation is required.
@ andr84:
1. Exactly, youâve understood correctly.
2. That greatly depends on the way the OEM has decided to release BIOS and/or ME updates.
@ Gus.Ghanem & jjxaker:
Thank you for your reports guys! Everything looks fine (still donât know what âRe-Keyâ is).
@ jjxaker:
Your other ASUS Z170 board still does not properly accept CSME firmware updates I assume (MFS corrupted), right?
Latest firmware and ME driver successfully applied to Gigabyte GA-Z170MX-Gaming 5 (motherboard bios version F21):
i could also confirm working ME 11.8.50.3425 on ASRock Z270 SuperCarrier:
https://www2.pic-upload.de/img/34264110/âŚ1.8.50.3425.jpg
@ plutomaniac
Thank you,
1. so the only solution to reflash whole ME region(DATA + CODE)is to follow the âcleaningâ guide? I read the article with this guide, but donât understand a bit what does âcleaning processâ exactly mean and what model specific settings it removes? Cleaning is only useful when the system is already built (branded desktop PC /dell,hp for example/ or any laptop) and if I purchased only motherboard there is nothing to âcleanâ because it can be used in many different systems or it has âdirtyâ ME also?
2. This final modified BIOS with âcleanâ ME must be flashed via intelâs flash programming tool or can use manufacturer bios utility?
3. If I will flash modified BIOS with âcleanâ ME , later is possible to flash original BIOS from manufacturer home page + update ME via FWUpdate?
- The ME region of the SPI chip firmware is usually read/write protected when using software solutions (hardware programmers work of course). FWUpdate tool can update the CODE only (effectively the firmware âversionâ) while keeping all settings/configuration (DATA) intact. Flash Programming Tool is a general SPI chip flasher so it does not care about CODE or DATA, it just rewrites the entire ME region (if access is possible via software methods, Flash Descriptor unlocked). The ME firmwareâs settings must always be configured by the OEM (EXTR) for end-user use. The stock region images (RGN) are the ones which are configured by the OEM and turn into EXTR. Their settings are âdefaultâ, thus not configured for any given model. Basically, RGN must not be flashed directly via general flashers such as FPT, programmers and so on. Only after they are configured (FWUpdate tool excluded). The cleanup guide is irrelevant to all that. It is useful when there is DATA corruption or initialization info which need removal to make the ME run healthy in case of issues (read Section A of the guide to understand that properly).
2-3. Again, it depends on what the OEM utility does. For example, ASUS USB Flashback takes as an input an entire SPI image but only flashes the BIOS region, not ME. So itâs useless for reflashing the ME region. Gigabyteâs in-BIOS flasher is usually capable of reflashing the entire SPI chip. And so on. It depends. One thing is certain, if you flash the SPI image (BIOS + ME) via a hardware programmer, the entire contents are reflashed. Software methods rely on OEM design & security locks.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
Â
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
Â
Intel(R) MEInfo Version: 11.8.50.3399
Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.
Â
Â
Intel(R) ME code versions:
Â
BIOS Version 3504
MEBx Version 0.0.0.0000
GbE Version 0.7
Vendor ID 8086
PCH Version 31
FW Version 11.8.50.3425 H
Security Version (SVN) 3
LMS Version Not Available
MEI Driver Version 11.7.0.1040
Wireless Hardware Version Not Available
Wireless Driver Version Not Available
Â
FW Capabilities 0x31111540
Â
Intel(R) Capability Licensing Service - PRESENT/ENABLED
Protect Audio Video Path - PRESENT/ENABLED
Intel(R) Dynamic Application Loader - PRESENT/ENABLED
Intel(R) Platform Trust Technology - PRESENT/DISABLED
Â
Re-key needed False
TLS Disabled
Last ME reset reason Firmware reset
Local FWUpdate Enabled
BIOS Config Lock Enabled
GbE Config Lock Enabled
Host Read Access to ME Enabled
Host Write Access to ME Disabled
Host Read Access to EC Disabled
Host Write Access to EC Disabled
SPI Flash ID 1 EF4018
SPI Flash ID 2 Unknown
BIOS boot State Post Boot
OEM ID 00000000-0000-0000-0000-000000000000
Capability Licensing Service Enabled
OEM Tag 0x00000000
Slot 1 Board Manufacturer 0x00000000
Slot 2 System Assembler 0x00000000
Slot 3 Reserved 0x00000000
M3 Autotest Disabled
C-link Status Disabled
Independent Firmware Recovery Disabled
EPID Group ID 0xF8A
LSPCON Ports None
5K Ports None
OEM Public Key Hash FPF 0000000000000000000000000000000000000000000000000000000000000000
OEM Public Key Hash ME 0000000000000000000000000000000000000000000000000000000000000000
ACM SVN FPF 0x0
KM SVN FPF 0x0
BSMM SVN FPF 0x0
GuC Encryption Key FPF 0000000000000000000000000000000000000000000000000000000000000000
GuC Encryption Key ME 0000000000000000000000000000000000000000000000000000000000000000
Â
FPF ME
--- --
Force Boot Guard ACM Disabled Disabled
Protect BIOS Environment Disabled Disabled
CPU Debugging Enabled Enabled
BSP Initialization Enabled Enabled
Measured Boot Disabled Disabled
Verified Boot Disabled Disabled
Key Manifest ID 0x0 0x0
Enforcement Policy 0x0 0x0
PTT Enabled Enabled
PTT Lockout Override Counter 0x0
EK Revoke State Not Revoked
PTT RTC Clear Detection FPF 0x0
 Works fine on Asus Z170 Sabertooth S on bios 3504 (bios had 11.6)
I do not have motherboards on the chipset Z170, only z270 
But yes, the problem with MFS remains on my boards MAXIMUS IX APEX, and the situation cannot be rectifiedâŚ
Most likely the problem in the BIOS code, because even the firmware of the original BIOS via the programmer does not solve the problem. well at least at work is not affectedâŚ
I wonder if itâs possible to include "ManufacturingMode" for Asus boards?
Personally I would try the CleanUp Guide with the stock BIOS & ME firmware version (pick the same version from repo, if RGN). If that doesnât solve the problem, then either the BIOS is buggy or thereâs some sort of unique hardware/software issue (I assume MEInfo reports the same even under EFI or DOS environments).
What do you mean by that?
upd. the question is closed, I found where it turns on
Does not helpâŚ