It worked but a simple reboot was not enough. I had to turn it off, remove battery and reset bios to be sure. Pictures are before and after.
There’s not much difference, except for the "EK Revoke State". It’s "Revoked" now but I don’t know what does it mean exacly.
MEInfo report.txt (4 KB)
Intel CSME 11.21 Corporate PCH-H Firmware v11.21.50.1424
@ ilario:
You’re good to go. A general reset via Flash Programming Tool “fptw -greset” command should have been enough. You have a PCH-LP system so that’s why the Re-Key extra fix was needed (something DRM related).
Hi. I have some questions for everyone. Long story short, ME is an important part of my HTPC. In order to play Ultra HD Blu-Rays (i.e., 4K discs) on PCs, Hollywood has forced Cyberlink (the maker of PowerDVD, the only software that can play UHD discs) to use SGX. So, this means installing ME drivers and all that. The system was working fine until I installed the ME 11.8.50.3425 firmware. Now, discs won’t play. Cyberlink’s advisor software claims that the system doesn’t support HDCP 2.2 (encrypted handshake protocol). This isn’t true. Unfortunately, I’ve spent the past few days basically being ignored by Intel and Cyberlink (and ASRock, the motherboard manufacturer).
Any ideas on how this can be resolved, or how I can gather more info, or anything, really? Now that ahem there are alternative methods for accessing the data on some of my discs, it’s not as big an issue. Still, this is a showstopping bug, and it’s not exactly cheap to put together a UHD-conformant system. I’ve pasted relevant (IMO) system info below, along with info from MEInfo. Since the Protected Audio Video Path (PAVP) is present and enabled, it’s hard to say if this is an Intel bug or Cyberlink bug. (Alas, I haven’t found anybody yet who has a similar setup as mine and is willing to help me troubleshoot this issue.) I tried downgrading the firmware but I got an 8805 error (i.e., the SVN prevents downgrades).
Thanks!
-----------
ASRock Fatal1ty Z370 Gaming-ITX/ac motherboard (1.11 beta BIOS)
Coffee Lake i7-8700 CPU
LG WH16NS60 Ultra HD Blu-Ray drive
Windows 10 (1709 - fully up-to-date)
PowerDVD 17 Ultra (fully up-to-date)
Intel UHD 630 driver version 15.60.0.4849 (fully up-to-date)
Intel ME consumer driver version 11.8.50.3425 (fully up-to-date - upgraded from 11.7.4.3314)
No discrete graphics cards
--------
Intel(R) MEInfo Version: 11.6.25.1229
Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.
Intel(R) ME code versions:
BIOS Version L1.11
MEBx Version 0.0.0.0000
GbE Version 0.2
Vendor ID 8086
PCH Version 0
FW Version 11.8.50.3425 H
LMS Version 11.7.0.1037
MEI Driver Version 11.7.0.1032
Wireless Hardware Version 2.1.77
Wireless Driver Version 20.10.2.2
FW Capabilities 0x31101140
Intel(R) Capability Licensing Service - PRESENT/ENABLED
Protect Audio Video Path - PRESENT/ENABLED
Intel(R) Dynamic Application Loader - PRESENT/ENABLED
Intel(R) Platform Trust Technology - PRESENT/DISABLED
TLS Disabled
Last ME reset reason Firmware reset
Local FWUpdate Enabled
BIOS Config Lock Enabled
GbE Config Lock Enabled
Host Read Access to ME Enabled
Host Write Access to ME Disabled
Host Read Access to EC Disabled
Host Write Access to EC Disabled
SPI Flash ID 1 C22018
SPI Flash ID 2 Unknown
BIOS boot State Post Boot
OEM ID 00000000-0000-0000-0000-000000000000
Capability Licensing Service Enabled
OEM Tag 0x00000000
Slot 1 Board Manufacturer 0x00000000
Slot 2 System Assembler 0x00000000
Slot 3 Reserved 0x00000000
M3 Autotest Disabled
C-link Status Disabled
Independent Firmware Recovery Disabled
EPID Group ID 0xFFB
LSPCON Ports None
5K Ports None
OEM Public Key Hash FPF 0000000000000000000000000000000000000000000000000000000000000000
OEM Public Key Hash ME 0000000000000000000000000000000000000000000000000000000000000000
ACM SVN FPF 0x0
KM SVN FPF 0x0
BSMM SVN FPF 0x0
GuC Encryption Key FPF 0000000000000000000000000000000000000000000000000000000000000000
GuC Encryption Key ME 0000000000000000000000000000000000000000000000000000000000000000
FPF ME
— –
Force Boot Guard ACM Disabled Disabled
Protect BIOS Environment Disabled Disabled
CPU Debugging Enabled Enabled
BSP Initialization Enabled Enabled
Measured Boot Disabled Disabled
Verified Boot Disabled Disabled
Key Manifest ID 0x0 0x0
Enforcement Policy 0x0 0x0
PTT Enabled Enabled
PTT Lockout Override Counter 0x0
EK Revoke State Not Revoked
PTT RTC Clear Detection FPF 0x0
Neglected to mention what kind of panel your using? Sure you have a 4k hdcp 2.2 capable monitor? Not all 4k monitors support hdcp 2.2.
Intel MEI Driver v11.7.0.1052 MEI-Only Installer
Intel CSME 11.8 Consumer PCH-LP Firmware v11.8.50.3425 (YPDM & NPDM)
Intel CSME System Tools v11 r6
@ crown_nick:
Please download the latest CSME System Tools v11 from this thread and post a “MEInfo -verbose” report in spoiler tags.
Thanks for your answer regarding my local FwUpdate problem. I did not notice that you already answered me weeks ago. So today I tried it again. FPT can read the FwUpdLcl variable but it cannot write it because "EOM - End of Manufacturing?" bit is set.
My next try was to flash in pure DOS mode with CSM enabled in the UEFI - without success.
Next year Dell wants to release the current CSME version officially for my Alienware 17 R3 notebook without updating the complete bios.
I suppose that this will be getting very interesting because of my problem when they release it together with the regular FwUpdate tool.
Is there any other chance to enable local FwUpdate?
In the german MSI FTP repository there is a patch:
http://msi-ftp.de:8080/login.html (enter as Anonym and select the BIOS folder)
it worked for me (apart from “updating” to an older driver version)
WORD OF WARNING!!! try it at your risk, it may cause you issues or BSOD.
Hi guys,
Got a Dell Inspiron H81 chipset running a i5-4460. Trying to run Meinfo64 from the 9.1 system tools package to get the ME details but MEInfo fails miserably errors all in red that it cant access the ME. HWInfo64 however details all the ME info: 9.1 build 1120.
So are Dells extra special? The usual tools not compatible?
Thanks
Yep. Vizio M55-E0. As mentioned before, everything was fine before the ME firmware was updated. (Well, Cyberlink’s software didn’t work half the time, but their software is notoriously buggy. Yay.)
Thank you. It’s pasted below, after upgrading various bits of software as mentioned a bit later. The only thing that jumps out at me at first glance is the lack of LSPCON ports. I have no idea if that’s accurate but I do know that LSPCON is part of the HDMI/HDCP chain. I believe what’s happening is that the motherboard actually uses DisplayPort 1.2 natively and then uses a MegaChips MDCP2800 chip to convert the signal to HDMI 2.0 with HDCP 2.2. Not ideal but it does work, or at least, it worked before the firmware upgrade. Maybe the upgrade somehow altered the chip and/or its connection? I took a huge gamble and tried upgrading the chip’s firmware (1.66 -> 1.72) via an upgrade tool Intel supplies for a couple of their NUCs. The upgrade seemed to finish successfully but, even after upgrading the ME drivers to the latest version and reinstalling my display drivers, HDCP 2.2 is still not listed as functional by Cyberlink. (Does anybody know of a program I can run that’ll test for HDCP 2.2? Frankly, I wouldn’t be surprised if the FW upgrade exposed a bug in Cyberlink’s code.)
@ MorLipf:
To leave the “Manufacturing Done bit” unset, you need to use Flash Image Tool. Also, you need to leave all Flash Descriptor permissions to 0xFFF. Then reflash the output SPI image back. Of course you need to have read/write access to do that (programmer or maybe a BIOS option to Enable ME Re-Flash etc). Then, theoretically you can play with the VNARs. Sometimes the FWUpdate capability is blocked by the OEM via the BIOS from what I’ve seen.
@ davidm71:
Close any background programs when using Intel tools which require the MEI driver. For example, HWInfo must not be running at the same time. Otherwise, use the DOS and/or EFI versions of the Intel tools which avoid OS interferences.
@ crown_nick:
I believe the issue is related to this “Re-key needed True” result. It should be “False” if the OEM has done their job properly from what I’ve seen. The fix is relatively new so I’m not sure what “Re-Key” is exactly, probably some key revocation that needs to be done due to Intel-SA-00086 fix. Download this (hopefully) fixed SPI image and flash it via the in-BIOS flasher (InstantFlash). Once it is done, reboot and run Flash Programming Tool with command “fptw -greset” and check if the problem persists after the reboot. Show us a new “MEInfo -verbose” as well after these are done.
Thanks for your immediate answer. That sounds hard to accomplish. I will wait for Dell’s official update in january and then see what will happen.
Thanks for helping. I really appreciate it. 
Alas, this didn’t fix the problem. The key thing is a good catch. I’ve pasted the MEInfo log below. Looks like a re-key is still being requested.
Thanks Plutomaniac. Must have been either hwinfo or driver issue. Just wish I knew how to extract the Dell bios from the executable. Thanks.
@ crown_nick:
Thing is, I am not really sure whether InstantFlash did a full SPI reflash, maybe just the BIOS region which is not what we need. If you flash the official 1.11 BIOS/SPI (which has CSME 11.8.50.3399), do you see version 11.8.50.3399 at MEInfo (or BIOS menu > Advanced etc - should also be there)? If yes, that means that InstantFlash reflashes the entire SPI chip (Flash Descriptor + CSME + GbE + BIOS). In that case, you should be able to go back to BIOS with 11.7 firmware with the same method.
@ davidm71:
There are some python scripts online to get the HDR from Dell executables if you search. Usually PhoenixTool can do that as well. Then you can use CodeRush’s PFSExtractor to unpack it into its components.
@ crown_nick: I had a same issue here with Re-Key Needed.
I’ve accidentaly reflashed ME fw when I was preparing HP soft-paq for other pcs (autorun sucks). Fortunately I was able to upgrade BIOS from my manufacturer (GB) which fixed the re-key. But it’s older bios with 11.6 ME fw without SA-00086 fix.
However there are still some differences . I have saved MEinfo before/after flash.
Original BIOS:
Re-key needed False
MEBx Version 11.0.0.0005
FW Capabilities 0x31101940
C-link Status Enabled
EK Revoke State Not Revoked
after accidental ME fw update (FW capabilities, C-link status, EK Revoke State changed):
Re-key needed False
MEBx Version 11.0.0.0005
FW Capabilities 0x31101140
C-link Status Disabled
EK Revoke State Revoked
after Intel ME driver 11.7.0.1050 installed (Re-key changed)
Re-key needed True
after upgrade to latest BIOS from manufactures website (MEBx gone, Re-key back to normal)
MEBx Version 0.0.0.0000
Re-key needed False
FW Capabilities 0x31101140
C-link Status Disabled
EK Revoke State Revoked
Anyone with ideas what these changes actually mean, do I have problem with something now? I particulary don’t like EK Revoke State FPF change.
@ crown_nick & bgr02:
So maybe it’s a driver thing? Not sure. What can you guys see when you run Intel’s official SA-00086 Detection Tool? There is an interesting report about this “Re-Key” a few posts back.
@plutomaniac ,
Thanks will look into it though I read in another thread that if the dell has Bootgaurd flashing modded bioses will brick the system. Hope I’m Bootgaurd free. Thanks.
@ plutomaniac:
Same
Intel(R) Capability Licesing Service Client software is installed and healthy, but re-key has failed. Please contact your system manufacturer for support.
Installing older driver didn’t fix it. Only bios upgrade helped. But still with this latest BIOS compared to my original BIOS FW capabilities, C-link status, EK Revoke State Revoked remained changed and MEBx gone) .
Is it possible to have some kind of MEBx on consumer platform? I have it on corporate pcs which I can access by hotkey when booting computer, but this boards didn’t offer any hotkey for MEBx during boot and shouldn’t be Full SKU afaik.
Let’s try something. Download the latest MEI Drivers & Software for Consumer systems (11.7.0.1054), open a command prompt and execute “SetupME.exe -tcs -nodrv -s”. Then reboot. If Re-Key is still True, open a command prompt and execute “ping -n 10 127.0.0.1” around 5 times. Shutdown. Once you boot back, has anything changed?
I don’t think IF is doing a full flash. If the official 1.11 had 11.8 FW, that’s news to me! The UEFI reported 11.7.whatever after I originally flashed 1.11 during system setup last month.
The SetupME command disabled the need for re-keying. Unfortunately, Cyberlink still says HDCP 2.2 is unavailable.
