Intel (Converged Security) Management Engine: Drivers, Firmware and Tools (2-15)

No it’s working just fine as far as I can tell. Overclocked to 4.6Ghz & not missing a beat. Here soon I want to sell the board & upgrade , So it would be nice if I could put what belongs on the thing before I post it on Ebay.

So even with the firmware I have on there now , If I get a new Bios chip , put it in , it will be the ME Firmware Version 9.0.31.1487 ? It can’t be that simple.

What I have running now.

So, if I understand properly, you want to revert to an older ME firmware as it was originally by ASUS. Why? Leave it updated, the buyer won’t mind. An updated system is a better system in this case.



Which tool do you use to show all that info?
Thanks.

Exploiting the S3 vulnerability could be a solution for using FPT on those locked systems. Run “fpt -d chip.bin”, if locked access sleep the PC, resume it and try again. It only works on those affected and can be determined only this way (without running dedicated solution from CHIPSEC or MITRE). But it is only recommended for those who know how to use FITC, otherwise it could cause more troubles for those who live by “let’s flash this damn thing with everything you got”. I have seen this method successfully used on MDL and Bios-Mods.


MEInfo. More info can be found at the first post of mine.


If I’m not mistaken this worked on older platforms only. There was also another one which you could remove the first RAM DIMM and ME wouldn’t get initialized/locked because it couldn’t allocate the 16MB of UMA memory it required for operations. That’s ME5 and lower. Could be wrong about which firmware these affected but indeed they could be performed. But I’m fairly certain they are older that Sandy Bridge for example. There is a flashrom forum thread with such information (searching google with keyword "HMRFPO" is an easy way to find it although I’m fairly certain you have seen it in the past as well).

What is the best ME driver to use with ME firmware v9.0.31.1487.Also,whats the best Intel’s RST AHCI Driver for Intel 8 Series Chipset. Any recommendations appreciated. This system is on Windows 8 x64 and currently on 13.2.4.1000 .

The latest v11 driver for ME. For RST, this is not the proper thread or person to ask. Fernando can help you at his RST threads.

Hi and first of all: THANKS for this thread and this wonderful forum!

In have a 8-series chipset (Lynx Point-LP) with 9.5 series firmware.
Since it is possible to install v11 drivers i wanted to ask what would happen if i change my ME firmware to v10 or v11 version? This is just question to understand how ME is working and what it does exactly.
Don’t the newer ME firmware hold the settings/information from older ME firmwares?
Is it possible to brick a system when you flash the wrong version?
When i run MEinfo it gives me information about my wireless hardware version and my NFC FW version. Are those firmwares inside there respective chips (like the nfc module) or do these firmwares reside inside the UEFI/BIOS and could be updated?
The meinfo tool also says that Anti-Theft is Present and Enabled but it is disabled in the BIOS. Why is that and is it possible to change?
What does the “Capability Licensing Service” do? Do i need it? How/Can i get rid of it?
Intel Dynamic Application Loader: Same questions as above…
What does TLS stand for? Is it the SSL standard or does it have another meaning and why it is disabled and how could i enable it?
CPU Debug Disabled is Disabled but in the BIOS/UEFI it is Enabled (so CPU debug is disabled). How can i change that and why does the MEinfo tool says that it is enabled?

— EDIT —
The Capability Licensing Service is for enabeling or disableing SKU features. What are those features?
Dynamic Application Loader (DAL) is used to implement Indentity Procetion Technology (IPT). Does implement something else?
As far as the information goes it is not possible to change ME firmware itself. One could only change the firmware version but nothing inside it because of the RSA signing. Is this correct?
Is it possible to patch MBEx into the BIOS/UEFI?
Flash Image Tool says under “Master Access Section” that every Read/Write Access is set to 0xFF which stands for Debug/Manufacturing. I thought this has to be 0x1B /0x1A for Production. Is this normal and do i gain anything from having this set to debug?

I cannot answer to 50 questions, 40 of which can be found while reading the Intel documentation and another 5 while google searching. There is no point in trying to change the state of something that you don’t even know what it does.

No, you cannot upgrade your firmware. You can only update to latter v9.5 firmware, nothing else. Driver is not equivalent to firmware.

MEBx can be updated via BIOS Region but we haven’t reserached this yet. So I cannot answer currently. Also, this is only used at AMT-capable SKUs which use 5MB firmware.

Intel recommends a locked flash descriptor for security purposes. If it’s unlocked though you can flash modded ME Regions or dump your firmware. For advanced users it’s useful. For the regular consumer, no.

Is it possible to update ME version directly in BIOS file?

It’s far more complicated like this. Just update ME through FWUpdate utility, update OROM and everything with UBU, then save your BIOS copy from inside BIOS utility. (eg. Q-Flash, EZ-Flash etc.)

@all

Is there anyone who uses a Skylake (socket 1151) motherboard?

Hi everyone,

I see lot of manufacturers (Asus, Asrock, OEM like Lenovo, …) who have hosted in their download section the ME 8.1.0.1248 for their Z77 customers. It seems the 8.1.xxxx ME provides a “better Windows 8 compatibility”.

So here is my question, does anyone know what the 8.1.xxxx ME brings to the motherboards to get them a better Windows 8 compatibility (compared to the ME 8.0.xxxx) ? Cause I can’t find any details about this. I’ve search all over the web and couldn’t find any release note about these 8.1.xxxx.

I myself have the ME 8.0.2.1410 on my Asus P8Z68 board and was wondering if I could get any benefit from the 8.1.xxxx for the day I’ll switch to Windows 10 (Win 7 actually).

Regards

^
Download "Intel ME System Tools v8.1 r5" from first page and all info are there.

Update 25/08/2015:

NEW! Intel ME 8 Consumer 1.5MB Firmware from v8.1.52.1496 (25/11/2013) → v8.1.65.1586 (18/06/2015)



Flashing and Verifying on my Z77 system:

Capture.PNG

Capture2.PNG

Capture3.PNG

Something is seriously not right at all! When I shuted down my PC and restarted it problem is still here! Please @plutomaniac upload older firmware for Z77 and can I downgrade to older firmware without issues?

--------------

MEManuf errors here - please HELP!

MSI Z77A-G43:





--------------

Dunno what the hell but do not upgrade firmware using Intel MEI Driver v11.0.0.1160! For god only know reason this was fucking up MEManuf tests!

For test I flashed once again new firmware using -allowsv command - still same errors in MEManuf, then I’ve uninstalled 11.0.0.1160 driver and change it to 10.0.30.1054 just for testing and WTF - all tests in MEManuf are fine!

Next I go back to 11.0.0.1160 driver once again, run MEManuf tests again and WTF x2 - all tests are fine!

Like I wrote earlier - do not upgrade to new firmware using 11.0.0.1160 drivers - uninstall them and first go back to older 10.0.30.1054 drivers then you can upgrade to new firmware - after that you can go back to 11.0.0.1160 drivers and run all tests! Problem solved!


--------------

Something is seriously not right at all! When I shuted down my PC and restarted it problem is still here! Please @plutomaniac upload older firmware for Z77 and can I downgrade to older firmware without issues?

Seriously?

I have received 6 pms the last three hours from you, and each one includes “pleases” inside. I do help out but I am not online all day. I have a life. Relax and wait.

The firmware is just fine, you don’t need to scare everyone with two underlined warning headers & system-specific problems.

To check if it’s a driver problem you do the same tests under DOS where the former is not required.

My Z77 is just fine after restart, shutdown etc and I didn’t expect anything else. I test these on my machines either way.

I don’t know what the problem is exactly. It could be a failing SPI chip, it could be a setting messed up by the OEM but only shown in MEManuf, it could be the ME Region is somewhere else corrupted outside ME CODE which is what FWUpdate deals with etc.

The only thing I can suggest is to reflash the whole ME Region if your flash descriptor is unlocked. To check if it’s unlocked use FPT -d SPI.bin command. If Error 26 appears it’s locked. If you end up with a full SPI dumped file then it’s unlocked. If it’s unlocked, get the ME Region from the latest BIOS from the OEM (size should be between 0x17D000 - 0x1FF000) and flash it using FPT -me command. Then use FWUpdate with the latest ME 8.1 firmware found at the main post.

EDIT: The latest MSI SPI does have the descriptor unlocked but it doesn’t mean the motherboard came with an unlocked descriptor out of the factory. You need to check it via FPT as I said.

Sorry but I don’t know how - my knowledge ends at simply firmware upgrade - is there any tutorial how to do that? I try and read something about it here on forum - maybe I learn something new…

Maybe I flash whole motherboard BIOS again?

FPT is the short name for Flash Programming Tool. A description of that as well as the other tools can be found at Section C of the first post.

These tools are found inside the System Tool Packages linked below the short descriptions (section C2). You have ME8.1 so you need the ME8 system tools package.

Inside you will find FPT. Run the tool with command -d SPI.bin. Does it report error 26 or not?

It’s unlocked: