Intel (Converged Security) Management Engine: Drivers, Firmware and Tools (2-15)



You doing it right, try it under dos

Hello, where i can download system tools packages with documentation?

@napalm_atx :
The download links to the Intel ME System Tools and some general advices can be found within the start post of this thread.
If you want to know the specific command suffix for a specific function, you can enter " -?" behind the related *.exe file.



Thanks, but i also want full ME ktis from intel, with gbe regions and MEBx modules for bios, but i cant find it

You doing it right, try it under dos


I did, both with Fwupdlcl.exe and Fwupdlcl64.exe, bootstick was made with rufus 3.9. Both times it said something like "this software does not run in dos-mode".

First of all, this is an amazing thread, lots of useful info and contributors here. That said, I have an issue. Via the info on this thread I decided to upgrade the ME region of my Asrock Z370 Extreme4 4.20 bios to the latest one (11.8.77.3664 (CON H DA)), via FWUpdate. Since then, however, I have been having fairly consistent poweroff issues on shutdown reboot and suspend, so Iā€™m pretty sure itā€™s caused by that. Now I want to downgrade it back to the 11.8.65.3606 ME version the bios comes with, and I have been studying the thread about FIT but canā€™t seem to figure out what steps to follow exactly. I didnā€™t foresee needing to downgrade so I donā€™t have an Initialized or Configured 11.8.65.3606 dump of the ME region from before I decided to FWUpdate. I have dumped an Initialized version of the 11.8.77.3664 ME running now, I have created a Configured 11.8.77.3664 ME bin using the instructions from the other thread, but how do I create a Configured 11.8.65.3606 ME bin for flashing with fptw64 -me -f whatever.bin? Iā€™m presuming I canā€™t just overwrite the Clean ME Region.bin of an older ME firmware version for the original 11.8.77.3664 dumped.bin after creating the fit xml configuration and then building the configured 11.8.65.3606 bin? Or is that in fact the procedure?

Intel CSME 12.0 Slim PCH-H B,A Firmware v12.0.64.1551



Intel CSME 12.0 Slim PCH-LP C Firmware v12.0.64.1551



Intel CSME 11.22 Slim PCH-H B,A Firmware v11.22.77.1664



Intel CSME 11.12 Slim PCH-H A Firmware v11.12.77.1664



Intel CSME 11.8 Slim PCH-LP C Firmware v11.8.77.3664



Intel PMC CNP PCH-LP C Firmware v300.1.20.1027



Intel CSME System Tools v14 r2 - (2020-04-19)

ME Analyzer v1.120.0 r192

Huge thanks to @Fernando and @ryan_db for providing useful data/info from their ICL systems to add proper CSME 13-14 support in MEA.

If anyone else has an ICL CSME 13 or CML CSME 14 system, please post a full "MEInfo -verbose" log and a firmware dump via "FPT -me -d csme.bin", if possible.


Sorry, that is not allowed per Intel demands.

@ blaatschaap:

What does MEInfo -verbose show? Do you have read/write access to the Engine region of the SPI/BIOS chip?

I was able to dump the whole spi without errors, as described in that other thread, so I think I have a system with that stuff unlocked.

MEInfo -verbose output:


Intel(R) MEInfo Version: 11.8.77.3665
Copyright(C) 2005 - 2019, Intel Corporation. All rights reserved.




Windows OS Version : 10.0

FW Status Register1: 0x90000245
FW Status Register2: 0x06F60506
FW Status Register3: 0x00000020
FW Status Register4: 0x00084004
FW Status Register5: 0x00000000
FW Status Register6: 0x40000000

CurrentState: Normal
ManufacturingMode: Disabled
FlashPartition: Valid
OperationalState: CM0 with UMA
InitComplete: Complete
BUPLoadState: Success
ErrorCode: No Error
ModeOfOperation: Normal
SPI Flash Log: Present
FPF HW Source value: Not Applicable
ME FPF Fusing Patch Status: ME FPF Fusing patch NOT applicable
Phase: ROM/Preboot
ICC: Valid OEM data, ICC programmed
ME File System Corrupted: No
PhaseStatus: AFTER_SRAM_INIT
FPF and ME Config Status: Match
FW Capabilities value is 0x31101140
Feature enablement is 0x11101140
Platform type is 0x72440322
No Intel Wireless device was found
Intel(R) ME code versions:

Table Type 101 ( 0x 65 ) found, size of 0 (0x 00 ) bytes
BIOS Version P4.20
Table Type 101 ( 0x 65 ) found, size of 0 (0x 00 ) bytes
Table Type 0 ( 0x 00 ) found, size of 69 (0x 45 ) bytes
Table Type 1 ( 0x 01 ) found, size of 166 (0x A6 ) bytes
Table Type 2 ( 0x 02 ) found, size of 129 (0x 81 ) bytes
Table Type 3 ( 0x 03 ) found, size of 138 (0x 8A ) bytes
Table Type 9 ( 0x 09 ) found, size of 24 (0x 18 ) bytes
Table Type 11 ( 0x 0B ) found, size of 29 (0x 1D ) bytes
Table Type 32 ( 0x 20 ) found, size of 22 (0x 16 ) bytes
Table Type 40 ( 0x 28 ) found, size of 22 (0x 16 ) bytes
Table Type 16 ( 0x 10 ) found, size of 25 (0x 19 ) bytes
Table Type 17 ( 0x 11 ) found, size of 109 (0x 6D ) bytes
Table Type 19 ( 0x 13 ) found, size of 33 (0x 21 ) bytes
Table Type 7 ( 0x 07 ) found, size of 37 (0x 25 ) bytes
Table Type 4 ( 0x 04 ) found, size of 190 (0x BE ) bytes
Table Type 20 ( 0x 14 ) found, size of 37 (0x 25 ) bytes
Table Type 130 ( 0x 82 ) found, size of 22 (0x 16 ) bytes
MEBx Version 0.0.0.0000
GbE Version 0.2
Vendor ID 8086
PCH Version 0
FW Version 11.8.77.3664 H
Security Version (SVN) 3
LMS Version 1946.14.0.1377
MEI Driver Version 1952.14.0.1470
Wireless Hardware Version Not Available
Wireless Driver Version Not Available

FW Capabilities 0x31101140

Intel(R) Capability Licensing Service - PRESENT/ENABLED
Protect Audio Video Path - PRESENT/ENABLED
Intel(R) Dynamic Application Loader - PRESENT/ENABLED
Service Advertisement & Discovery - NOT PRESENT
Intel(R) NFC Capabilities - NOT PRESENT
Intel(R) Platform Trust Technology - PRESENT/DISABLED

Re-key needed False
Platform is re-key capable True
TLS Disabled
Last ME reset reason Firmware reset
Local FWUpdate Enabled
BIOS Config Lock Enabled
GbE Config Lock Enabled
Get flash master region access statusā€¦done
Host Read Access to ME Enabled
Host Write Access to ME Disabled
Get EC region access statusā€¦done
Host Read Access to EC Disabled
Host Write Access to EC Disabled
Protected Range Register Base #0 0x0
Protected Range Register Limit #0 0x0
Protected Range Register Base #1 0x0
Protected Range Register Limit #1 0x0
Protected Range Register Base #2 0x0
Protected Range Register Limit #2 0x0
Protected Range Register Base #3 0x0
Protected Range Register Limit #3 0x0
Protected Range Register Base #4 0x0
Protected Range Register Limit #4 0x0
SPI Flash ID 1 EF4018
SPI Flash ID 2 Unknown
BIOS boot State Post Boot
OEM ID 00000000-0000-0000-0000-000000000000
Capability Licensing Service Enabled
OEM Tag 0x00000000
Slot 1 Board Manufacturer 0x00000000
Slot 2 System Assembler 0x00000000
Slot 3 Reserved 0x00000000
M3 Autotest Disabled
C-link Status Disabled
Independent Firmware Recovery Disabled
EPID Group ID 0x201E

Retrieving Variable "LSPCON Port Configuration"
LSPCON Ports None

Retrieving Variable "eDP Port Configuration"
5K Ports None
OEM Public Key Hash FPF 0000000000000000000000000000000000000000000000000000000000000000

Retrieving Variable "OEM Public Key Hash"
OEM Public Key Hash ME 0000000000000000000000000000000000000000000000000000000000000000
ACM SVN FPF 0x0
KM SVN FPF 0x0
BSMM SVN FPF 0x0
GuC Encryption Key FPF 0000000000000000000000000000000000000000000000000000000000000000

Retrieving Variable "GuC Encryption Key"
GuC Encryption Key ME 0000000000000000000000000000000000000000000000000000000000000000

FPF ME
ā€” ā€“
Force Boot Guard ACM Disabled
Retrieving Variable "Force Boot Guard ACM Enabled"
Disabled
Protect BIOS Environment Disabled
Retrieving Variable "Protect BIOS Environment Enabled"
Disabled
CPU Debugging Enabled
Retrieving Variable "CPU Debugging"
Enabled
BSP Initialization Enabled
Retrieving Variable "BSP Initialization"
Enabled
Measured Boot Disabled
Retrieving Variable "Measured Boot Enabled"
Disabled
Verified Boot Disabled
Retrieving Variable "Verified Boot Enabled"
Disabled
Key Manifest ID 0x0
Retrieving Variable "Key Manifest ID"
0x0
Enforcement Policy 0x0
Retrieving Variable "Error Enforcement Policy"
0x0
PTT Enabled
Retrieving Variable "Intel(R) PTT Supported"
Enabled
PTT Lockout Override Counter 0x0
EK Revoke State Revoked
PTT RTC Clear Detection FPF 0x0

Intel CSME 12.0 Consumer PCH-LP C Firmware v12.0.64.1551




From the MEInfo log, the CSME seems to be working just fine. You can also see that:

Host Read Access to ME Enabled
Host Write Access to ME Disabled

So you have read but not write access. Normally downgrading is not needed, the problem is usually elsewhere (bad BIOS/NVRAM, corrupted CSME File System etc). The official way to downgrade is via FWUpdate tool when the current and target firmware do not violate the SVN, VCN & PV security measures (read more at the OP). In this case, CSME 11.8.77 has higher VCN than 11.8.65 so you cannot downgrade via FWUpdate tool. The only way would be via FPT by manually transferring the settings via [Guide] Clean Dumped Intel Engine (CS)ME/(CS)TXE Regions with Data Initialization when you have write access to the Engine region of the SPI/BIOS chip. But there is no point in downgrading, as I said, because usually the problem is due to some firmware corruption which can be solved by reapplying the stock BIOS (in case itā€™s there) or by cleaning the CSME (but you need write access for that). I suggest you rule out a hardware/peripheral or BIOS issue first because dealing with the CSME when the FD is locked can be a big pain as you can tell from [Guide] Unlock Intel Flash Descriptor Read/Write Access Permissions for SPI Servicing.

You doing it right, try it under dos


I did, both with Fwupdlcl.exe and Fwupdlcl64.exe, bootstick was made with rufus 3.9. Both times it said something like "this software does not run in dos-mode".


Is noone able to help me?

@Tigerfox :
This is the way I do it, when I want to update the Intel ME Firmware:

  1. Download and uzip the latest Intel CSME System Tools version, which matches my system.
  2. Create a folder named ā€œWIN64ā€ within the root of drive C.
  3. Copy the content of the System Tools folder FWUpdate and the desired Intel ME Firmware (as *.bin file) into the folder C:\WIN64.
  4. Rename the Intel ME Firmware to ā€œME.binā€ ((to make it easier to write later an error free command text).
  5. Run the Command Prompt as Admin and navigate into the folder C:\WIN64.
  6. Enter the following command and press the ā€œEnterā€ key thereafter:

    1
    Ā 
    FWUpdLcl64.exe -F ME.bin
    Ā 
  7. Wait until the update has been completed.
  8. After the next reboot the updated Intel ME Firmware should be in use.
  9. Verify it by running the MEInfo tool (can be done the same way as written above).

Good luck!

It worked. It seems what made the difference was putting the WIN64-folder into the root of drive C instead of any other drive.

Intel CSME 14.0 Consumer PCH-LP D Firmware v14.0.33.1125

Capture1.PNG



Intel CSME 14.0 Corporate PCH-LP D Firmware v14.0.33.1125

Capture2.PNG



Intel CSME 14.0 Corporate PCH-H B Firmware v14.0.32.1123

Capture4.PNG



Intel PMC CMP PCH-LP A Firmware v140.1.01.1010

Capture3.PNG

Intel CSME 14.0 Corporate PCH-H B Firmware v14.0.33.1125

Capture.PNG



Intel CSME 12.0 Corporate PCH-LP C Firmware v12.0.64.1551

Capture2.PNG



Intel PMC CNP PCH-LP C Firmware v300.1.20.1030

Capture3.PNG

@plutomaniac

Intel CSME 14.5 Consumer PCH-H A Firmware v14.5.12.1111

inside sp102276 on hp ftp


Yes I am aware, thank you. MEA shouldnā€™t report it as "not in DB". Iā€™m waiting for official CMP-V release (April 30th) and we need FIT v14.5 as well.

Hi, guys! Iā€™ve been looking for information related to update ME for a Lenovo B590 and this brought me here. I love this thread! To start with, Iā€™ve recently modded my bios, meaning I disabled whitelisting, or better said, someone else did that for me, but I wasnā€™t totally satisfied with that. The ME version on it is 8.0.4.1441 and I want to change that. Iā€™ve also been playing with UEfi tool to bring the existing bios version H1ET39WW to the latest, H1ET85WW, havenā€™t succeeded yet, I found a thread helping me with that. So, Iā€™ll try using some updates first, taken from Lenovo website, I hope I will succeed upgrading ME version.

Intel CSME 13.0 Slim PCH-N B Firmware v13.0.33.1481




All you have to do is use FWUpdate, as explained in the first post.

Intel CSME 11.8 Consumer PCH-LP C Firmware v11.8.77.3664

Capture1.PNG



Intel CSME 11.8 Corporate PCH-LP C Firmware v11.8.77.3664

Capture2.PNG



Intel CSME 11.8 Slim PCH-H D,A Firmware v11.8.77.3664

Capture.PNG

@Fernando Would you recommend me to install the new driver version listed in section A1/A2 or just continue with the "pure" version of ME v11.8.77.3664, which is v1914.12.0.1256? Is it better to just use only driver or software/driver?