Intel (Converged Security) Management Engine: Drivers, Firmware and Tools (2-15)

@Fernando

I see that the 2120.100.0.1085 is quoted but the 2124.100.0.1096 driver is actually within the recent SD release. I am not including that because it is an early release for Alder Lake and as a rule, I try to stick to the drivers, firmware & tools which are relevant to already released platforms, not upcoming. Thank you for attaching it though as someone might want to install/test it sooner for some reason.

Hi there,
I hope, someone can help me.
I have a Gigabyte H370 motherboard with an Intel ME version 12.
ManufacturingMode is enabled / active and FPFs are not committed and not set / UEP in use.
I want to update the Intel ME.
My question:
If I update the Intel ME with FwUpdLcl64, will the OEM public key (and the hash) be deleted?
Do I have to disable / close the ManufacturingMode beforehand (with fptw64 -closemnf) in order to save the OEM public key (hash) in the hardware (FPF)?
Thanks very much.

Test.txt (6.94 KB)

Nothing will get deleted. You don’t need to do anything else. Just use FWUpdate tool as explained in the first post.

CSME 15.0 Consumer H A (B) v15.0.30.1902

CSME 15.0 Corporate H A (B) v15.0.30.1902

I have two questions about the Intel ME update.
Intel Boot Guard Verified Boot and Measured Boot are enabled on my computer. The system only starts with a signed firmware. Are the CSME and PMC firmware that can be downloaded under Sections B1-B2 digitally signed and are they from Intel? Otherwise my system won’t start anymore.

Another question: If I combine the CSME firmware with the PMC firmware with FIT and press the Build Image button, an error message appears: Warning: OEM Signing is Disabled.
What does this error message mean? Is the firmware working?
Many thanks for your help.

Yes, they are. I have Verified Boot and Measured Boot on my system and the firmwares from here have always worked.

It’s a normal message that doesn’t mean anything. The firmware is fine and will work.

This is SPS firmware, so none of the tools/firmwares on this thread are applicable. As plutomaniac said in post #5562, "That’s Server Platform Services (SPS) firmware, not Management Engine (ME). It works and gets updated in different ways. We also lack tools for such platforms. So no, you cannot use anything from this thread. You’ll have to leave it as it is."

I am looking for some suggestions as to what could be failing in my rig. (z390-i powered by corsair SF750)
Not sure if this is the right place to post, but it seems to be connected somehow to the INTEL ME, so there I go.

I am experiencing weird POST problems.
If the computer is turned off for an hour or two, it will not turn on when pressing the buttong for the first two minutes. Afterwards, it turns on but doesn’s POST. It keeps turning on and off, when it eventually POSTs in SAFE MODE and throws out Intel ME FW errors (which shows up as version 0.0.0.0 once I go into UEFI BIOS).

After a minute, it turns on normally, goes into UEFI OS no problem and runs as nothing ever happens without a hitch. As long as I keep the system on, it boots/reboots normally. Even if I unplug the cable and drain the power through pressing the button, it immediately boots as if nothing bad ever happened afterwards. I’ve ran the rig yesterday, gamed on it no problem (RTX 3080) for 8 hours straight.

Could it be that some condensator on the mobo is botched and it needs to ‘load it up itself with juice’ before working correctly? I updated Intel ME firmware, but it didn’t help. Once it starts booting correctly, the INTEL ME version shows up correctly in BIOS.

If the ME 0.0.0.0 never happened again, we can that its fixed and leave us a suspicious HW failure from the motherboard, my opinion only.

Apologies if this has been asked in the previous 373 pages but what do you need to do for ME 11. I can see there are instructions for FWUpdate tool at CSME 12 and for 13+ but I cannot see what you need for 11. I have looked through 12 in case they are similar but though better to ask.

The board I have is the ROG MAXIMUS VIII EXTREME
Z170 chipset
i7 6700 CPU

MEInfoWin64.exe information

BIOS Version 3801
MEBx Version 0.0.0.0000
GbE Version 0.7
Vendor ID 8086
PCH Version 31
FW Version 11.8.50.3399 H
Security Version (SVN) 3
LMS Version 2120.0.21.0
MEI Driver Version 2108.100.0.1053

Intel(R) Platform Trust Technology - PRESENT/DISABLED


ME Analyzer v1.241.0 r258
From dumped FW

Family │ CSE ME ║
╟─────────────────────────────┼──────────────╢
║ Version │ 11.8.50.3399 ║
╟─────────────────────────────┼──────────────╢
║ Release │ Production ║
╟─────────────────────────────┼──────────────╢
║ Type │ Update ║
╟─────────────────────────────┼──────────────╢
║ SKU │ Consumer H ║
╟─────────────────────────────┼──────────────╢
║ Chipset Stepping │ D, A

From Bios Update file

Family │ CSE ME ║
╟─────────────────────────────┼─────────────────╢
║ Version │ 11.8.50.3399 ║
╟─────────────────────────────┼─────────────────╢
║ Release │ Production ║
╟─────────────────────────────┼─────────────────╢
║ Type │ Extracted ║
╟─────────────────────────────┼─────────────────╢
║ SKU │ Consumer H ║
╟─────────────────────────────┼─────────────────╢
║ Chipset │ KBP/BSF/GCF-H A ║
║ │ SPT-H D


Thanks

Chris

Wot u see is special notes/cautions for ME12/13+… the guide is for all.
U need the FW: CSME 11.8 Consumer H D,A v11.8.86.3909 and the ME tools: CSME System Tools v11 r41 - (2021-06-26)

Here a word of warning to all who are thinking of "upgrading" the CSME from a Lenovo from 14.0.45 H CONS (official)
Your system will not honor "power after failure" settings in BIOS.

-Corrected after test–>
also 14.0.48 shows same erratic behaviour, not only 14.1.53, even having same PMC version.
I am not sure what causes this, but 14.0.45 official does not have that "power after failure" bug.

@plutomaniac I found a newer old ME firmware IBX 6.0.30.1203 in some old bios https://www.mediafire.com/file/e340fz6fn…B10240.zip/file

It is not the newest, as I successfully flashed the firmware 6.2.50.1062

I’m not sure I understand. Newer than what? ME 6 1.5MB 6.0.30.1203 is already in the database/repository and very old.

@plutomaniac the one you linked in your OP is 6.0.30.1199, while the one in this bios file is 6.0.30.1203

It is not that important, as there is a newer version 6.2.50.1062 and you already linked it in the OP

No, you are confusing different SKUs with one another:

ME 6 1.5MB
ME 6 5MB DT
ME 6 5MB MB
ME 6 IGN IBX
ME 6 IGN CCK

You are comparing 1.5MB (last v6.2.50.1062) to IGN IBX (last v6.0.30.1199), which are completely different.

@plutomaniac I already flashed successfully the version 6.2.50.1062 using the command -allowsv

AFAIK -allowsv will only flash ME firmware from the same type, any how I run the tests and the version 6.2.50.1062 is working over the version 6.0.30.1203 just fine, and no errors were reported.

Still, the IBX version 6.0.30.1203 has a higher version number and I just checked it even has a newer date

Sure, but it doesn’t matter because you cannot compare apples (ME 6 1.5MB) to oranges (ME 6 IGN IBX). The last firmware version released for the Ignition Ibex Peak (IGN IBX) SKU is 6.0.30.1199. If you had a system with that SKU (i.e. P55), you wouldn’t be able to go higher than 6.0.30.1199. It is not strange that the Ignition SKU was left at v6.0.30.1199 firmware because apparently it never required an update after that (but 1.5MB and 5MB did, thus > 6.0.30). I cannot explain it in a better way.

@plutomaniac OK, I got it, you were right, I had SKU 1.5 and it is not the same as IBX. I got confused with chip support IBX sorry.

Intel CSME 14.0 Consumer PCH-H A Firmware v14.0.46.1431
Intel PMC CMP PCH-H A Firmware v140.2.01.1011
Intel PCHC CMP PCH-H/LP Firmware v14.0.0.1002

Hi, where can download these films?
Just find CSME 14.1 and 14.5.
Thanks