Intel (Converged Security) Management Engine: Drivers, Firmware and Tools (2-15)

ME 9.5 and 10.0 are LP (mobile) only whereas 9.0 and 9.1 are H (desktop) only.

I wasnā€™t aware of that. Thank you very much!



+1 Iā€™d like to know too. Iā€™ve the same thing like you.

Good afternoon. Dear plutomaniac tell me, do I understand correctly that firmware x_PRD_RGN "clean" it is flash from DOS using fwupdlcl an existing one. Do I need to migrate any settings or erase the old one ?
Thank you for your attention.


Not when using FWUpdate tool.



+1 Iā€™d like to know too. Iā€™ve the same thing like you.




9.5.60.1952 and 9.1.37.1002 are the latest 1.5 MB consumer versions. 9.5.62.3002 and 9.1.42.3002 are the latest 5 MB corporate versions.

Hello

sorry if itā€™s not the right topic for my question

Following the update of the firmware ME for my motherboard, the vulnerability has been corrected
But Capability Licensing Service Client software is not up to date according to Intel detection tool

Capture.PNG



Asus has released a new bios with the new firmware (the same one that I had put) but the software is still not updated
How can I do ?
itā€™s up to Asus to update if I understood correctly

Thanks



This one is included in the ME drivers. Just grab the latest ones (full package, section A3) from the first page.


Thanks
But I install the MEI drivers by the device manager (.inf)
It is mandatory to use the setup ?

I am on Asus Rampage VI Extreme, and i have updated the IME Firmware through FWUpdLcl64.exe tool, when testing for HDCP 2.2 and old HDCP compatibility through Cyberlink Advisor I am getting most of it to be false.

Here is my Meinfo :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
Ā 

Intel(R) MEInfo Version: 11.8.50.3425
Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.
Ā 

Ā 
Intel(R) ME code versions:
Ā 
BIOS Version 1102
MEBx Version 0.0.0.0000
GbE Version 0.2
Vendor ID 8086
PCH Version 0
FW Version 11.11.50.1436 H
Security Version (SVN) 3
LMS Version 11.7.0.1060
MEI Driver Version 11.7.0.1057
Ā 
FW Capabilities 0x20110540
Ā 
Intel(R) Capability Licensing Service - PRESENT/ENABLED
Intel(R) Dynamic Application Loader - PRESENT/ENABLED
Intel(R) Platform Trust Technology - PRESENT/DISABLED
Ā 
Re-key needed False
Platform is re-key capable True
TLS Disabled
Last ME reset reason Global system reset
Local FWUpdate Enabled
BIOS Config Lock Enabled
GbE Config Lock Enabled
Host Read Access to ME Enabled
Host Write Access to ME Disabled
Host Read Access to EC Disabled
Host Write Access to EC Disabled
SPI Flash ID 1 C22018
SPI Flash ID 2 Unknown
BIOS boot State Post Boot
OEM ID 00000000-0000-0000-0000-000000000000
Capability Licensing Service Enabled
OEM Tag 0x00000000
Slot 1 Board Manufacturer 0x00000000
Slot 2 System Assembler 0x00000000
Slot 3 Reserved 0x00000000
M3 Autotest Disabled
C-link Status Disabled
Independent Firmware Recovery Disabled
EPID Group ID 0x1FF6
LSPCON Ports None
5K Ports None
OEM Public Key Hash FPF 0000000000000000000000000000000000000000000000000000000000000000
OEM Public Key Hash ME 0000000000000000000000000000000000000000000000000000000000000000
ACM SVN FPF 0x0
KM SVN FPF 0x0
BSMM SVN FPF 0x0
Ā 
FPF ME
--- --
Force Boot Guard ACM Disabled Disabled
Protect BIOS Environment Disabled Disabled
CPU Debugging Enabled Enabled
BSP Initialization Enabled Enabled
Measured Boot Disabled Disabled
Verified Boot Disabled Disabled
Key Manifest ID 0x0 0x0
Enforcement Policy 0x0 0x0
PTT Enabled Enabled
PTT Lockout Override Counter 0x0
EK Revoke State Not Revoked
PTT RTC Clear Detection FPF 0x0
Ā 
Ā 


From cyberlink advisor :


Luckily i have backup the original firmware through the FWUpdLcl64.exe tool, did i have just screwed up?, when trying to flashing the old backup firmware i am getting unable to downgrade error from the fwupdate tool.



+1 Iā€™d like to know too. Iā€™ve the same thing like you.




9.5.60.1952 and 9.1.37.1002 are the latest 1.5 MB consumer versions. 9.5.62.3002 and 9.1.42.3002 are the latest 5 MB corporate versions.




Now Iā€™m using 9.1.37.1002 (This system is vulnerable.) so how to fix it? Thanks.


And is it possible to install the LMS driver without going through the package (installer .exe) ?

Thanks

Hi,

I have Dell XPS 9550 laptop, and after . updating to latest bios (1.6.1) that had update for ME (to 11.8.50.3426 version). After updating BIOS now i have to ME interface device visible in OS.
This is output of MEInfo


https://flic.kr/p/JCLXop

There is archive with: full MEInfo output, BIOS update package (Dell exe format) and full BIOS dump made with hardware programmer

https://drive.google.com/open?id=1r89y0Oā€¦6H1KDWejwYuqAbj

Any idea what happened and how to fix this?

Hi all,

This is a really great and resourceful thread, thank you all for contributing such detailed information. Over the last 3-4 hours Iā€™ve been trying to wrap my head around an issue I believe is related to my Intel Management Engine. Iā€™ve posted over on /r/techsupport initially so to save spamming this thread with a huge post I figure itā€™s easier if I just link the thread. Iā€™ll check back here to see if anyone has any ideas.


https://www.reddit.com/r/techsupport/comā€¦e_causing_bsod/


Many thanks again in advanced and for all the information in this thread thus far.

Dan

@ tistou77:

Install the latest Drivers & Software and additionally execute ā€œSetupME.exe -tcs -nodrv -sā€.

@ echelon:

Contact ASUS support for HDCP issues.

@ khanmein:

Itā€™s not vulnerable. Intel-SA-00086 applies to 5MB ME 6-10 SKUs only, not 1.5MB.

@ goodwin_c:

Follow the CleanUp Guide on your SPI chip dump and use the programmer to flash back.

@ GLaDOSDan:

Run Flash Programming Tool with command ā€œfptw64 -gresetā€. After the reboot, run ā€œMEInfo -verboseā€ tool under EFI or DOS (not Windows). Do you see any errors?


Thanks, it is required to install the ME package (installer), then
Or this command line is for what exactly ?

ME 1.5MB also have the vulnerability SA-00086 (X299 sure)

@plutomaniac v1.0.0.128 shown ā€œThis system is not vulnerable.ā€ but how come v1.0.0.152 show ā€œThis system is vulnerable.ā€ This doesnā€™t make any sense at all. May I know why it shows my system is vulnerable? False alarm or?

Iā€™ve emailed ASRock for more than one week & no response from them yet.


v1.0.0.128 ā€”> "This system is not vulnerable."

v1.0.0.152 ā€”> ā€œThis system is vulnerable.ā€

@ tistou77:

Read the Intel-SA-00086 section of the first post, everything is there. X229 (CSME 11) has nothing to do with X99 (ME 9). Pay attention to what I said which is ME 6-10 5MB.

@ khanmein:

As I said, 5MB SKUs only for ME 6-10. Itā€™s up to Intel to fix their detection tool if it has problems.

Intel said: Versions of the INTEL-SA-00086 Detection Tool earlier than 1.0.0.146 did not check for CVE-2017-5711 and CVE-2017-5712.
So v1.0.0.152 is a more severe than v1.0.0.138 may explain the test results differences.



May i ask you to help me with cleaning my ME? My current problem is that FITC is not opening my image (it just closes with bunch of errors). I did try to open full SPI dump, or extracting just ME image with UEFITool - i have always same result. Btw, maybe itā€™s because itā€™s not Consumer but Corporate type of ME? Sorry, Iā€™m new on intel me