Intel (Converged Security) Management Engine: Drivers, Firmware and Tools (2-15)

David, so you are now on 9.1.42.3002 with 22 microcode?
Great!!!

@Striker1234 ,

Yes I am!

Great!

Un going to upgrade to ME 10, but first I will get a eeprom programmer if I mess with the system…

Dont do it!!!

Ok, I will stay then.

Thanks for the feedback David!

To be honest I’m a little bit curious. You first at your own risk. Lol.

I will do it, but first I need to get an EEPROM writter in case of fire…

Intel CSME 11.8 Consumer PCH-H Firmware v11.8.50.3426

Capture.PNG



Intel PCH-H Firmware 11.8.50.3426 for X299 or not?

Same here, success on a ASUS Z170 Sabertooth S.
Same firmware, same procedure, success on a ASUS B150I Gaming WiFi/Aura, but after restart…continuous BIOS flashing, just like an year ago, same board, same crap.

Need some help please…I am trying to update the Me firmware on a Asus Z270 Maximus Apex mb with the command… FWUpdLcl64.exe -f ME_11.8.50.3426_CON_H_D0_PRD_RGN.bin and I get this error…Error 8714: Firmware update not initiated due to file open or read failure…Is my command typed wrong to get this error.I have not updated me firmware in a while so anyone with some ideas on what im doing wrong will be greatly appreciated…I am using Intel CSME System Tools v11 r6 to flash 11.8.50.3426_CON_H_D0_PRD_RGN.bin by the way…

Corrupt download?

Intel CSME 11.8 Corporate PCH-H Firmware v11.8.50.3426




Could be when you received the red message that u were using either Intel MEI Driver v11.7.0.1058 or Intel MEI v11.7.0.1058 for Consumer systems from the first page?

Had the same happen to me on a Asus Maximus VIII Hero under 3504 BIOS which was on MEI FW version 11.8.50.3426 CON-H RGN, everything was fine and dandy, except under 1058 wouldn’t let me flash the new firmware.

Either drivers are missing in the package, wrongly installing or you have to install them manually. I was in a rush so I just uninstalled the Management Engine Components from the Uninstall window, rebooted, installed the previous 11.7.0.1054 1,5mb for SKL-H Consumer, rebooted, checked MeManuf and MeInfo, everything was still dandy, proceeded to flash succesfully the new 3426 firmware, rebooted, and under MeManuf and MeInfo all is still fine and dandy.

This is the Consumer SKL-H 1,5 mb 11.7.0.1054 package from Station Drivers 11.7.0.1054

@plutomaniac , I’ve spotted some differences between Guy.Ghanem MeManuf/MeInfo logs and mine. Nothing to worry about, I guess, probably differences between motherboards and/or hardware, but better be safe than sorry.

Intel(R) MEManuf Version: 11.8.50.3425
Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.


Windows OS Version : 10.0

FW Status Register1: 0x94000245
FW Status Register2: 0x02F60506 Guy’s is 0x00010506
FW Status Register3: 0x00000020
FW Status Register4: 0x00084000
FW Status Register5: 0x00000000
FW Status Register6: 0x40000000

CurrentState: Normal
ManufacturingMode: Disabled
FlashPartition: Valid
OperationalState: CM0 with UMA
InitComplete: Complete
BUPLoadState: Success
ErrorCode: No Error
ModeOfOperation: Normal
SPI Flash Log: Not Present
Phase: ROM/Preboot
ICC: Valid OEM data, ICC programmed
ME File System Corrupted: No
PhaseStatus: AFTER_SRAM_INIT Guy’s is INIT_HARDWARE
FPF and ME Config Status: Match

FW Capabilities value is 0x31111540
Feature enablement is 0x11111140
Platform type is 0x71220322
No Intel Wireless device was found
Feature enablement is 0x11111140
ME initialization state valid
ME operation mode valid
Current operation state valid
ME error state valid
OEM ICC data valid and programmed correctly
MFS is not corrupted
PCH SKU Emulation is correct
FPF and ME Config values matched

Request Intel(R) ME BIST status command… done

Get Intel(R) ME test data command… done

Get Intel(R) ME test data command… done
Total of 10 Intel(R) ME test result retrieved


Policy Kernel - Boot Guard : Self Test - Passed
MCA - MCA Tests : Blob - Passed
MCA - MCA Tests : MCA Manuf - Passed
SMBus - SMBus : Read byte - Passed
VDM - General : VDM engine - Passed
PAVP - General : Verify Edp and Lspcon Configurations - Passed
PAVP - General : Set Lspcon Port - Passed
PAVP - General : Set Edp Port - Passed

Clear Intel(R) ME test data command… done




MEManuf Operation Passed

Intel(R) MEInfo Version: 11.8.50.3425
Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.



Intel(R) ME code versions:

BIOS Version 3504
MEBx Version 0.0.0.0000
GbE Version 0.7
Vendor ID 8086
PCH Version 31
FW Version 11.8.50.3426 H
Security Version (SVN) 3
LMS Version 11.7.0.1054
MEI Driver Version 11.7.0.1045
Wireless Hardware Version Not Available
Wireless Driver Version Not Available

FW Capabilities 0x31111540

Intel(R) Capability Licensing Service - PRESENT/ENABLED
Protect Audio Video Path - PRESENT/ENABLED
Intel(R) Dynamic Application Loader - PRESENT/ENABLED
Intel(R) Platform Trust Technology - PRESENT/DISABLED

Re-key needed False Guy’s is True
Platform is re-key capable True
TLS Disabled
Last ME reset reason Global system reset Wasn’t this FW reset or something like that?
Local FWUpdate Enabled
BIOS Config Lock Enabled
GbE Config Lock Enabled
Host Read Access to ME Enabled
Host Write Access to ME Disabled
Host Read Access to EC Disabled
Host Write Access to EC Disabled
SPI Flash ID 1 EF4018
SPI Flash ID 2 Unknown
BIOS boot State Post Boot
OEM ID 00000000-0000-0000-0000-000000000000
Capability Licensing Service Enabled
OEM Tag 0x00000000
Slot 1 Board Manufacturer 0x00000000
Slot 2 System Assembler 0x00000000
Slot 3 Reserved 0x00000000
M3 Autotest Disabled
C-link Status Disabled
Independent Firmware Recovery Disabled
EPID Group ID 0x1FAF Guy’s is 0xFB2
LSPCON Ports None
5K Ports None
OEM Public Key Hash FPF 0000000000000000000000000000000000000000000000000000000000000000
OEM Public Key Hash ME 0000000000000000000000000000000000000000000000000000000000000000
ACM SVN FPF 0x0
KM SVN FPF 0x0
BSMM SVN FPF 0x0
GuC Encryption Key FPF 0000000000000000000000000000000000000000000000000000000000000000
GuC Encryption Key ME 0000000000000000000000000000000000000000000000000000000000000000

FPF ME
— –
Force Boot Guard ACM Disabled Disabled
Protect BIOS Environment Disabled Disabled
CPU Debugging Enabled Enabled
BSP Initialization Enabled Enabled
Measured Boot Disabled Disabled
Verified Boot Disabled Disabled
Key Manifest ID 0x0 0x0
Enforcement Policy 0x0 0x0
PTT Enabled Enabled
PTT Lockout Override Counter 0x0
EK Revoke State Not Revoked
PTT RTC Clear Detection FPF Not set



Thanks folks!

Re-Keying is the process of renewing the Intel Enhanced Privacy ID (EPID) and Intel PTT’s TPM 2.0 Endorsement Key, CSME’s remote attestation keys. It requires software running on the host OS to communicate with Intel servers. Re-Key needs to be False after the 11.8, 11.11 or 11.21 firmware updates. Download the latest Drivers & Software and execute command “SetupME.exe -tcs -nodrv -s” via a command line prompt.

Intel to Deploy Management Engine Lock to Prevent Disabling, Rollback

Anyone know how to lock your ME region down? Just did a mod with Flashback and it rolled me back to a previous ME version. I’m guessing Flashback rewrites your ME?

Thanks

What is the difference between consumer and slim?

Hmm… I was updating one Asus Maximus IX Apex (Z270/Kaby-Lake) and one Asus Maximus X Apex (Z370/Coffee-Lake) to firmware version 11.8.50.3426. The utility claims it went successfully and upon rebooting the Maximus IX Apex I can verify the firmware as 11.8.50.3426 in the UEFI BIOS and by using MeInfo afterwards.

On the Maximus X Apex on the other hand I’m stuck with v0.0.0.0 in the UEFI BIOS and the MeInfo-tool doesn’t seem able to work anymore. I suppose its a bad flash and now the MEI Firmware has been corrupted or something? Am I totally screwed or is there something I can do to restore it? And does it really matter? What exactly does the MEI on consumer boards do?

@RamGuy

Try restoring your bios back to factory with USB Flashback if you have it. Flashback on my Z170 rolled me back to 11.6 from 11.8 when in past I could swear regular bios flash updates never touched a higher ME version.

I have tried the BIOS Flash Back but it doesn’t seem to do anything with the MEI firmware.