[b][/b]
[i][/i]
[u][/u]
[s][/s]
[code][/code]
[quote][/quote]
[spoiler][/spoiler]
[url][/url]
[img][/img]
[video][/video]
Smileys
smile
smile2
spook
alien
zunge
rose
shy
clown
devil
death
flash
sick
heart
idee
frage
blush
smokin
mad
sad
wink
frown
crazy
grin
hmm
laugh
mund
oh
rolling_eyes
lil
oh2
shocked
cool
[mail][/mail]
[pre][/pre]
Farben
[rot][/rot]
[blau][/blau]
[gruen][/gruen]
[orange][/orange]
[lila][/lila]
[weiss][/weiss]
[schwarz][/schwarz]
RayeR
Posts: 9 | Last online: 09.20.2017
Wohnort
Czech Republic
Date registered
11.15.2015
Sex
male
    • RayeR has written a new post "Intel Management Engine: Drivers, Firmware & System Tools" 05.02.2017

      Zitat von plutomaniac im Beitrag #2814
      That article was annoyingly vague and also had some mistakes...


      Interesting, I just readed both articles. I agree that the article by SemiAccurate is semi-accurate or misleading a bit :)
      Intel clearly states, that the systems affected by the bug are corporate ME FW (5MB) with full AMT. So desktop MB users shoul be safe. Also because AFAIK AMT can work with intel NIC only and most of common dosktop MBs use Realtek/Marvell/Broadcom, etc. so I hope it cannot be hacked remotely via AMT even there's some TCP/IP stack inside consumer systems. More often the full AMT can bee seen on notebooks...
      I also think that intel should release ME FW updates for everybody like they do microcodes updates for (not only) linux community to be able to fix older system. No much OEMs would release BIOS updates for 8 years old MBs, hehe. It's common ~2-3 years support... BTW a paranoid though rises about the new "fixed" ME FW that can contain another bug or intentional better hidden backdoor that would spread more easily because of panic around this old bug :)

    • I just tried to make 2 full SPI flash dumps with a power cycle between and found there are differences in ME region and BIOS region too. I have 4MB flash and ME starts at 0x1000.
      ME diff ranges:
      000047AD - 000047E3
      00010086 - 000100A3
      00013DC0 - 00013E16
      BIOS ranges:
      003ECD90 - 003ECE9F
      003ED2C5 - 003EDCC2
      It seems to me like ME is logging something. Most of the changes are from 0xFF (empty regions) to something. BTW if it would write to flash very often it may damage some sectors after a longer period as SPI flash has no any wear leveling like a SSD. Would be interesting to try what happens on write protected system.

    • Hi, thanks for info about ME removal. I read a lot about it, also on me_cleaner github discussion. It seems that removing ME on newer platform is futile and can have several impact on the system. Even after they remove most of ME partitions and keep it from 30min shutdown it cannot be 100% trusted because it still starts a code from ROM and nobody can see what ROM code do neither cannot disable it. It may be possible there's a backdoor in ROM code to load some specific rootkit, who knows...

      BTW one specific question that came in my mind - can a modern BIOS that includes ME work or even boot with HW-protected flahsrom? I mean WP# pin on the SPI flash tied to GND. I read that ME use some flash area to store some data structures so this is why dumps of ME regions with the same ME version and configuration can differ. But I don't know when and how often. Also I know that BIOS stores some PnP/ESCD config data and user profiles to flash but it should happen only on some system change. In ancient ages there was WP jumper on some MBs would it work now? For somebody it may be important to be sure that some mallware cannot silently instal a persistent code into flash...

    • RayeR has written a new post "Intel Management Engine: Drivers, Firmware & System Tools" 02.22.2017

      Zitat von plutomaniac im Beitrag #2630
      Intel MEI Driver v11.6.0.1047 MEI-Only Installer
      Intel MEI Driver v11.6.0.1042 (Windows XP & Windows 7) INF for manual installation

      Thanks to Fdrsoft/SD for the newer drivers!

      @ RayeR:

      I agree that the proper way to do such an upgrade is to manually transfer settings and not take pre-built stuff. Does MEInfo show any error? I think you should ignore the Group ID error as long as MEInfo is ok, the rest of MEManuf tests are ok and the system works with IvyBridge cpus. It's funny, Gigabyte did add IVB support at the BIOS but apparently forgot to update the ME. I suggest you ask them to fix that. If you tell them that they added IVB support but left ME to v7, they should give you some beta with proper firmware.


      Hi, I asked GB support for BIOS/ME update but I didn't expected much from that helpdesk monkeys. So the reply I got was nothing surprise (I don't remember when I got some useful reply from a HW manufacturers, I usualy have to solve it myself):

      F5 bios is the latest bios on this board and there are no additional bios update available.
      The F5 bios can support the 3770K otherwise you will not be able to get any sort of video signal output.


      LOL, the board is missing DVI/VGA out so sure I don't get any video signal out there :)
      BTW I did not observe any difference in system behavior after my ME update so I keep my updated version and don't care anymore...

    • RayeR has written a new post "Intel Management Engine: Drivers, Firmware & System Tools" 01.21.2017

      Instead of waiting a long minute, just pull out the power cord (or use switch on backside of PSU) and then press front case power button. You may observe that LEDs will blink for a short moment - this means that capacitors in PSU are discharged now. Then pull the power cord back (or flip PSU swith) and turn on PC again.

    • RayeR has written a new post "ME Analyzer: Intel Engine Firmware Analysis Tool" 01.20.2017

      Is the total ME size stored inside the blob or you have to calculate it according parsig the ME partition table or so? Yeah, interesting that FIT is cutting the paddings. I see more ME FW blobs that differ slightly in size, seems there's no standard. But it it seems to be safe to cut off unnecessary padding as when inserted to flashROM empty pages are blanked and no used anyway... Thanks for explanation.

    • RayeR has written a new post "Intel Management Engine: Drivers, Firmware & System Tools" 01.17.2017

      MEInfo doesn't show me any error. I can try ask GB support but I doubt they will bother with 6 years old MB. BTW it's interesting that there also exist GA-P67-DS3-B3 ver 2.0 that got UEFI beta BIOS but mine ver 1.0 didn't. I don't care about it I think that legacy BIOS is better for backward compatability and maybe has less overhead.
      Also I found that there is attempt to erradicate ME FW for security reasons: http://hardenedlinux.org/firmware/2016/1..._ivybridge.html
      AFAIK ME remote network acces should be only possible with intel NIC not Realtek but who knows what else can this proprietary blob do...
      I guess that such disabling ME also disables turbo and O'C features at all, maybe EIST too.

    • RayeR has written a new post "ME Analyzer: Intel Engine Firmware Analysis Tool" 01.17.2017

      Hi, it seems that ME Analyzer v1.8.0 & DB r75 wrongly detects size of ME FW blob in my case.

      File: P67DS_F5.BIN
      Family: ME
      Version: 7.1.20.1119
      Release: Production
      Type: Region, Extracted
      FD: Unlocked
      SKU: 1.5MB
      Date: 08/08/2011
      Size: 0x17D000
      Platform: CPT
      Latest: No

      But FIT 7.1.60.1191 unpacked ME Region.bin file only 839680B and when I checked with hexaeditor I can see only FFh blank behind 839680+4k descriptor offset. FIT doesn't show ME size anywhere. I'm not sure if it's right as other 7.x ME FW blob, e.g. 7.1.80.1214 has 1335296B. Maybe GB used some stripped version? You can check yourself, BIOS image is
      here

    • RayeR has written a new post "Intel Management Engine: Drivers, Firmware & System Tools" 01.11.2017

      Hi, thanks for the informative and rich ME tools thread.
      I tried to update ME on my Gigabyte GA-P67-DS3-B3 MB with the latest official BIOS F5 including ME FW 7.1.20.1119. First I tried preconfigured ME_8.1.51.1471_Z68-P67 from Tweaktown thread. I injected ME blob directly into my BIOS image. It starts at 0x1000 and there was plenty of free space until 0x1ff000 where some ACPI tables follows. So no problem to fit bigger ME8 inside, still some 400kB lefts in the region. I flashed the modded BIOS, make a power cycle and it booted normally. I checked with MEInfo 8.1.56.1541 and MEmanuf 8.1.56.1541 and seems to be OK except one error:
      Error 9405: Intel(R) ME internal communication error (EPID GID)
      - any idea if it is several and what i means? My O'C settings works the same as with previous ME7 and I didn't observed any instability in OS yet.
      Later I picked up a bit newer ME FW 8.1.56.1541 from packages here on 1st page and I manually configured it in FIT utility exactly according to settings of my original ME FW 7.1.20.1119. I built the image and injected new ME FW blob to my BIOS image. MEManuf 8.1.56.1541 reports all tests passed but there is still the
      Error 9405: Intel(R) ME internal communication error (EPID GID) message.
      I didn't find any option related to EPID or GID in FIT ME configuration tree or in saved XML config. This error didn't occur with original ME FW 7.1.20.1119 but MEManuf 7 didn't report anything about EPID GID at all so it's probably new ME8 feature that older MEManuf doesn't check. I think it may not be a problem if it's not used anywhere in the system...
      Full MEManuf test log:

      1
      2
      3
      4
      5
      6
      7
      8
      9
      10
      11
      12
      13
      14
      15
      16
      17
      18
      19
      20
      21
      22
      23
      24
      25
      26
      27
      28
      29
      30
      31
      32
      33
      34
      35
      36
      37
      38
      39
      40
      41
      42
      43
      44
      45
      46
      47
      48
      49
      50
      51
      52
      53
      54
      55
      56
      57
      58
      59
      60
      61
      62
      63
      64
      65
      66
      67
      68
      69
      70
      71
      72
      73
      74
      75
      76
      77
      78
      79
       

      Intel(R) MEManuf Version: 8.1.56.1541
      Copyright(C) 2005 - 2014, Intel Corporation. All rights reserved.
       
      FW Status Register1: 0x1E000255
      FW Status Register2: 0x66000106
       
      CurrentState: Normal
      ManufacturingMode: Enabled
      FlashPartition: Valid
      OperationalState: M0 with UMA
      InitComplete: Complete
      BUPLoadState: Success
      ErrorCode: No Error
      ModeOfOperation: Normal
      ICC: Valid OEM data, ICC programmed
       
      Get FWU info command...done
       
      Get FWU version command...done
       
      Get FWU feature state command...done
       
      Get ME FWU platform type command...done
       
      Get ME FWU feature capability command...done
      Feature enablement is 0x100C40
      gFeatureAvailability value is 0x1
       
      Request Intel(R) ME test result command...done
      System is running on consumer/1.5M image, start Intel(R) ME Runtime Test
       
      ME initialization state valid
      ME operation mode valid
      Current operation state valid
      ME error state valid
      Verifying FW Status Register1...done
      OEM ICC data valid and programmed correctly
       
      Request Intel(R) ME test result command...done
      vsccommn.bin was created on 04:35:50 08/08/2012 GMT
      SPI Flash ID #1 ME VSCC value is 0x2005
      SPI Flash ID #1 (ID: 0xC22016) ME VSCC value checked
      SPI Flash ID #1 BIOS VSCC value is 0x2005
      SPI Flash ID #1 (ID: 0xC22016) BIOS VSCC value checked
      FPBA value is 0x0
      No Intel vPro Wireless device was found
       
      Request Intel(R) ME Runtime BIST test command...done
       
      Get Intel(R) ME test data command...done
      Total of 12 Intel(R) ME test result retrieved
       
      MicroKernel - Internal Hardware Tests: Internal Hardware Tests - Passed
       
      Policy Kernel - Power Package: Package 1 supported - Passed
      Policy Kernel - Power Package: Default package supported - Passed
       
      MicroKernel - Blob Manager: Set - Passed
      MicroKernel - Blob Manager: Get - Passed
      MicroKernel - Blob Manager: Remove - Passed
       
      Policy Kernel - ME Configuration: Wlan Power Well - Passed
      Policy Kernel - ME Configuration: PROC_MISSING - Passed
      Policy Kernel - ME Configuration: M3 Power Rails Available - Passed
      Policy Kernel - ME Recovery: ME Recovery mode check - Passed
      Policy Kernel - Embedded Controller: Power source type - Passed
      Policy Kernel - SMBus: Read byte - Passed
       
      Clear Intel(R) ME test data command...done
       
      Error 9405: Intel(R) ME internal communication error (EPID GID)
       
      EPID Group ID: 0
       
      EPID GID Check passed
       
      MEManuf Test Passed
       
       

Recipient
RayeR
Subject:


text:
{[userbook_noactive]}


Xobor Forum Software von Xobor