Intel (Converged Security) Management Engine: Drivers, Firmware and Tools (2-15)

Special Topics Intel Management Engine
3797

Easy launcher for FWUpdate tool for those unskilled with Command Prompt:
https://github.com/pal1000/MEUpdateEasy

Have this script, FWUpdate tool and the ME firmware on same folder. Just double-click FWUpdate.bat, let it elevate, enter firmware filename and extension. Using rename then CTRL+C trick on the firmware filename followed by CTRL+V in Command Prompt is highly advised. Then press Enter and ME firmware update is engaged.

3798



Done it!
And it was easy this time, really easy, thank you :wink:

https://s10.postimg.org/oy6zgjo87/Capture.jpg

3799

Intel CSME 11.8 Consumer PCH-H Firmware v11.8.50.3448

Capture1.PNG



Intel CSME 11.8 Corporate PCH-H Firmware v11.8.50.3448

Capture2.PNG

3801

Intel ME System Tools v6 IBX r2

3802

Hi, since I have a Sony VAIO with a non-upgradable ME firmware (last time I had to use a SPI flasher), how can I apply or merge the "6.2.50.1062_1.5MB_PRD_UPD.bin" update fw to "6.2.0.1022_1.5MB_PRD_EXTR.bin" base fw to edit and full flash?
Thanks.

3803


Not really possible, very unsafe and corruption-prone. You must update via FWUpdate tool.

3804

Back again. I have one of the biosā€™s on my Rampage ApexVI with ME FW in failed state. Shows up as 0.0.00.00 in bios. Asus just came out with a fix for the Intel ME problem. I used their flash tool on bios 2 and all went well. ME FW updated to version 11.11.50.1436. Installed new MEI drivers as well.

Problem is bios 1 does not work with the flash. There is no copy one bios to the other anymore. Mobo boots just fine on bios 1 even with the ME problem. Boot is a little slow I suspect because it spends a few seconds looking for something that is not there, but then goes right into windows. I suspect there is no software fix for this. Typical flash commands result in error.

I have a CH341A programmer with Soic clip. My plan was to boot up on bios 2, load software to erase and flash good bios to bios 1. Obviously the board will be fully powered under this plan. Is there any issue trying to fix bios 1 with this method?

I would much prefer if there was a software fix but I am not aware of one. Just wanted some input if my plan with programmer is good to try. I see that it works sometimes and not others with an ā€œin placeā€ erase and write bios method. But there is no way I am getting into soldering anything on this board.

I posted in the programmer thread but was advised to post here first before trying itā€¦

Thanksā€¦

3805

You should first try the clip with the system turned off or maybe in standby mode. To reflash the SPI chip, it is best to download the stock BIOS/SPI from ASUS and flash it with the programmer after removing the AMI Capsule with UEFITool. Then re-try FWUpdate. Otherwise, if you want a pre-updated BIOS/SPI with CSME 11.11 for programmer use, you can download the stock ASUS BIOS/SPI, remove AMI Capsule with UEFITool and follow the CleanUp Guide by using the latest CSME 11.11 firmware for your system. Using the other SPI chipā€™s dump should be the last resort. I did the 2nd method (ASUS BIOS/SPI w/o Cap + CleanUp Guide) on the latest ASUS BIOS/SPI of version 1102 which can be found temporarily here.

3806

Ok, my exact plan was to erase bios 1, write bios 1004 to the chip. Confirm that the write went as planned. Shut down system, boot up on bios 1. Use the Asus update tool to update ME FW like I did for bios 2.

I will try it with the mobo on standby power and run the programmer from my laptop.

Many thanks for the help.

3807

@plutomaniac Do you have changelogs for latest MEI FW 11.8.50.3448?
I have installed MEI 11.8.50.3425 FW and few days ago there was MEI 11.8.50.3426 from MSI and I am totally confused what to do, is there any unknown exploit that can hack MEI MEI 11.8.50.3425?
Back to Back releases of MEI FW had me thinking.
One more question: How to find if BIOS is compatible with latest FW? Any hints??

3808

Normally we donā€™t find changelogs but for 11.8.50.3448 we do:

  • Fixed an issue where a mismatch might exist between Intel CSME and FPF configuration
  • Fixed an issue where Intel MEInfo FWSTS might return irrelevant results

The (CS)ME firmware are updated regularly for various reasons, it doesnā€™t necessarily mean that some exploit was found. Anything after 11.8.50.3399 (INTEL-SA-00086) and 11.8.50.3425 (INTEL-SA-00086 + WPA2 KRACK) has been only incremental so far.

The BIOS should always be compatible with the same Major and Minor (CS)ME firmware releases. Any (CS)ME firmware major/minor upgrade support or BIOS-specific features are solely OEM dependent.

3809

So that means BIOS and MEI are different modules which arenā€™t inter-dependent on each other, right? Iā€™m using Dell PC.
And may I ask what those Change logs in simple terms means?
Did Intel fix the exploit where MEI can be hacked though USB?
I felt the system was snappier and initial bootup was faster after FW update from 11.0.1190 to 11.8.50.3425? Was it placebo or did Intel actually sped up their Preboot diagnostics?
A bit off-topic question: Why did Intel falsely state new microcode has been shipped to OEM when the original C2 uCode is same as 0xC2? I checked your uCode repo and it says C2 updated 29 days ago.

3810

No luck with getting programmer to work. It would not detect the chip using the clip. Just going let it be now. Not going to be soldering my board. Thanks for the help.

3811

@Fernando
Do you have an idea what are the Intel MEI v1805.0.1097 branch ? A new unified labelling ?
They are offered on stationdrivers (cuurently for 1.5 MB Consumer firmware)

3812

100PIER:
Such questions should better be answered by our Intel ME Guru plutomaniac.

3813

Intel CSME System Tools v11 r9

@ Vasudev:

All those questions stem from ignorance which you can mostly research by yourself (MEInfo, FPF, MC). If you have the latest firmware applied, you donā€™t have to worry about past vulnerabilities.

3814

Thanks @plutomaniac. Eventhough I have read it so many times, I am still too scared of a wild exploit due to my OCD.
So upgrading ME will not cause Windows OEM license embedded in the BIOS?
I had strange issues like TPM device showing Code 10 error and didnā€™t get any errors for W10 product key. I finally did a NVRAM reset and PC was good as new.
Can I link your CSME tools and FW to my friends and other forums w/o breaking your T&C?

3815

The Engine and BIOS firmware are separate but can communicate with each other for certain tasks. The NVRAM and OEM Key are BIOS related, not Engine. The Engine tools & firmware are not my own but Intelā€™s. Of course you can freely link to this thread, no problem whatsoever.

3816

@plutomaniac
Thank you for replying.

3817

@Fernando
@Plutomaniac
Whatever the speculations are on what is "Intel MEI v1805.0.1097" driver, this one can"t be installed on a X99 platform.