Intel (Converged Security) Management Engine: Drivers, Firmware and Tools (2-15)

Funny.

Although I had started this thread in September 2013, the start post and the support of the complete thread has been kindly overtaken by our Intel ME Guru plutomaniac in November 2014. The only important residue of the time between September 2013 and November 2014 is the post #2 within this thread. Misleadingly it shows me as the author, but the complete text incl. the links are from plutomaniac and it was fortunately him, who updated its content whenever it was reasonable (lastly on Wed Apr 12, 2017 1:07 am). Since nobody (inclusive myself) can completely adopt a certain post by changing the author name, plutomaniac was only able to edit the text and to insert new links. I explicitly agreed with that procedure.

https://en.wikipedia.org/wiki/Irony

Intel CSME 11.11 Corporate PCH-H Firmware v11.11.50.1402 (EXTR → RGN) (INTEL-SA-00086)

Capture1.PNG



Intel ME 9.5 5MB Firmware v9.5.62.3002 (INTEL-SA-00101)

Capture2.PNG



Intel ME System Tools v9.5 r4

Intel ME System Tools v9.1 r4

Intel ME System Tools v8 r3

Intel ME System Tools v7 r2


Notice for INTEL-SA-00086 vulnerability:

INTEL-SA-00086.PNG



Notice for INTEL-SA-00101 vulnerability:

INTEL-SA-00101.PNG

你好,我的电脑在在一次意外的升级中,造成了ME固件损坏。

我根据帖子里描述下载了
Intel CSME System Tools v11 r4
Intel CSME Firmware v11.0.12.1010 (SLM LP)

但在启动MEInfoWin64后一闪而过。有红色的的字符,但看不清楚。
出现报警:

Error 86: Communication error between application and Intel(R) ME module (FWU client)

Error 81: Internal error (Could not determine FW features information)



启动FWUpdLcl64 后出现报警
Error 8716: Invalid usage

还请指导一下有什么方法解决。
非常感谢。THINK YOU VERY MUCH!!!

电脑是THINKPAD YOGA260 I7-6500U skylake架构 BGA 1356
原先未损坏BIOS显示ME版本: ME FIRMWARE VERSION:11.0.12.1008
损坏后ME版本不显示。空白

@skykiss0
http://pcsupport.lenovo.com/downloads/ds112240

Intel CSME 11.10 Slim PCH-H Firmware v11.10.0.1300

Capture.PNG



Thank you Igor!

I just found at ASUS site for my mobo [see my signature] ME firmware update to reflect what you said regarding v11.8.50.3399, so I update the firmware with the proprietary ME firmware update tool from ASUS. The update also recommended to update the ME chipset driver to v11.7.0.1040 also supplied by ASUS, which I also used to update my system. For the interested I have included the output of the MEInfoWin64.exe tool from “Intel(R) MEInfo Version: 11.7.0.1292” from post #1 … please see spoiler.

Intel(R) MEInfo Version: 11.7.0.1292
Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.



Intel(R) ME code versions:

BIOS Version 3504
MEBx Version 0.0.0.0000
GbE Version 0.7
Vendor ID 8086
PCH Version 31
FW Version 11.8.50.3399 H
LMS Version 11.7.0.1043
MEI Driver Version 11.7.0.1040
Wireless Hardware Version Not Available
Wireless Driver Version Not Available

FW Capabilities 0x31111540

Intel(R) Capability Licensing Service - PRESENT/ENABLED
Protect Audio Video Path - PRESENT/ENABLED
Intel(R) Dynamic Application Loader - PRESENT/ENABLED
Intel(R) Platform Trust Technology - PRESENT/DISABLED

Intel(R) AMT State Disabled
TLS Disabled
Last ME reset reason Global system reset
Local FWUpdate Enabled
BIOS Config Lock Enabled
GbE Config Lock Enabled
Host Read Access to ME Enabled
Host Write Access to ME Disabled
Host Read Access to EC Disabled
Host Write Access to EC Disabled
SPI Flash ID 1 EF4018
SPI Flash ID 2 Unknown
BIOS boot State Post Boot
OEM ID 00000000-0000-0000-0000-000000000000
Capability Licensing Service Enabled
OEM Tag 0x00000000
Slot 1 Board Manufacturer 0x00000000
Slot 2 System Assembler 0x00000000
Slot 3 Reserved 0x00000000
M3 Autotest Disabled
C-link Status Disabled
Independent Firmware Recovery Disabled
EPID Group ID 0xF83
LSPCON Ports None
5K Ports None
OEM Public Key Hash FPF 0000000000000000000000000000000000000000000000000000000000000000
OEM Public Key Hash ME 0000000000000000000000000000000000000000000000000000000000000000
ACM SVN FPF 0x0
KM SVN FPF 0x0
BSMM SVN FPF 0x0
GuC Encryption Key FPF 0000000000000000000000000000000000000000000000000000000000000000
GuC Encryption Key ME 0000000000000000000000000000000000000000000000000000000000000000

FPF ME
— –
Force Boot Guard ACM Disabled Disabled
Protect BIOS Environment Disabled Disabled
CPU Debugging Enabled Enabled
BSP Initialization Enabled Enabled
Measured Boot Disabled Disabled
Verified Boot Disabled Disabled
Key Manifest ID 0x0 0x0
Enforcement Policy 0x0 0x0
PTT Disabled Enabled
PTT Lockout Override Counter 0x0
EK Revoke State Not Revoked
PTT RTC Clear Detection FPF 0x0

EDIT by Fernando: Unneeded blank lines removed (to save space)

I have been out of the loop for quite sometime and my have things changed. So my mobo is Asus Maximus VIII Hero and at that time I tried updating the Intel ME firmware and I got an error message. I came and was told that I should not because some how Asus put some magic pixie dust in the BIOS and if we forced it that it would brick the mobo.

Years later now I see that the firmware library has expanded and was wondering from all the reading that may be back then I was using the wrong firmware, meaning all the flavors you can see today.

I want to update my Intel firmware and was wondering if because of this expansion of firmwares that now it is much easier to update? I read at the Asus site that the newest is 11.8.50.3399. I have the latest BIOS which has 11.6.10.1196. So a couple of questions

a) Should I update using the Asus tool to 11.8.50.3399 then come and use the tools here to update to 11.8.50.3425? Or just go straight to 11.8.50.3425?

b) I should be using 11.8.50.3425 Consumer PCH-H for my LGA1151, correct?

c) I don’t remember if I need to insert the firmware in to the BIOS or if I can just flash it to the new without having a BIOS? I’m reading the guide, but not getting it.

Thanks again as always

INTEL-SA-00086/CVE-2017-5705 vulnerabilities have now been published officially by Intel. Current fixed firmware state:

INTEL-SA-00086.PNG



@ denaba:

a) Update to the latest ASUS BIOS first and then straight to 11.8.50.3425.
b) Correct.
c) No you don’t, use FWUpdate tool.

Thanks for the help plutomaniac, all done and updated. Checked things out and all green.

Edit: spelling

I have been checking my systems and my logs and I ran in to something that I wanted to pass by you. I have an Asus board P8P67 Pro which is a 6-series board. Reading here 6-series that came with v7 should be using 7.1.80.1214 and the BIOS’ from 0105 through 2302 had version 7.0.4.1197. But in BIOS version update 3602 that changed to 8.0.2.1410. At some time I came here and I was offered to update to 8.1.65.1568 and I now wondering if this is correct or do I really need to be on the v8.0.2.1410. If I am to be on version 8.0.2.1410 do I just stay here? Of if I am suppose to be on the v8.1.65.1496 should I update to 8.1.70.1590?

Thanks

ASRock support said; My current bios ME v9.1.37.1002.

Thanks for your mail to remind us about the call to action from Intel.

We are aware that Intel has recently suggested ODM/user/MB Manufacture to update the corresponding ME version to fix the security flaw in their Management Engine (ME).

According to Intel’s announcement, this flaw only appears in “Corporate ME” which with AMT function.

As ours H97 Pro4 Motherboard is using the “Consumer ME” in our BIOS code, so there’s no such concern on this case.

Please don’t worry about it.

@fylgja

安装时出现错误提示:

intel(R) Management Engine Interface is not installed in the system.

@ skykiss0:

This is an English-only forum, further posts in Chinese will be deleted.

@plutomaniac - I was about to update one of my laptops and I came across something I want to make sure. It is a Lenovo E450 and it has the latest BIOS version 1.29. Checking on that BIOS it has the Intel ME ver 10.0.30.1072 when I read it from meinfo, but at the end it had "LP". In this case, is this a "corporate ME" which would updating be 10.0.56.3002?

I was able to flash 11.8.50.3425 just fine on my Asus Maximus VIII Formula z170 board with the UEFI version 3504

New Drivers Intel Management Engine Interface (MEI) Version 11.7.0.1052 WHQL :slight_smile:

http://www.station-drivers.com/index.php…id=3204&lang=fr


Update: Sorry i see it, in the list

This 11.7.0.1052 on first page is Corporate…

Intel MEI v11.7.0.1052 for Consumer systems Drivers & Software

Intel CSME System Tools v11 r4 (Updated)

Intel ME System Tools v9.5 r4 (Updated)