Intel® Business Client Software Development
Support for Intel® vPro™ software development and technologies associated with Intel vPro platforms.
1381 Discussions

SINIT AC Modules

john7944
Beginner
‎02-09-2012 11:46 AM
1,172 Views
I've been trying to find the correct SINIT AC module to pair with a HP 8100 Elite Desktop (Q57 chipset).
I found that the olderi5_i7_DUAL_SINIT_18.BIN module works with the machine but the newer v51 modules do not (i7_QUAD-SINIT_51.BIN ori5_i7_DUAL-SINIT_51.BIN).

Has anyone else run into this issue?
0 Kudos

Link Copied

3 Replies
Gael_H_Intel
Moderator
‎02-09-2012 12:55 PM
1,172 Views
Well, the ...51.BIN has a security vulnerability fixed.. It doesn't look like HP has posted an update BIOS that goes along with the new BIN files - you may want to ask them about it.
Recommendations:
While Intel is not aware of active use of the vulnerability described in this advisory, Intel has made updated SINIT Authenticated Code Modules (ACMs) available athttp://software.intel.com/en-us/articles/intel-trusted-execution-technology/to mitigate this issue. If your BIOS includes an SINIT ACM, which is more common for Intel TXT server platforms, a BIOS update that includes the updated SINIT ACM should be installed; please contact your platform OEM. Intel is also providing microcode updates, which will revoke vulnerable SINIT ACMs by causing GETSEC[SENTER] to fail. The BIOS update that contains the new microcode patch should be installed on all affected systems. Note that prior to installing the microcode update, an updated SINIT ACM must be installed to launch your Intel TXT enabled software. Contact your solutions provider or IntelTXT software vendor if your IntelTXT environment fails to launch and to determine how to update your software with the new SINIT ACM. Intel highly recommends that these updates be applied to mitigate this issue.


If SINIT and Microcode updates for your TXT-capable platform are not immediately available Intel recommends you take the following actions to protect your platform:If IntelTXT is disabled you are not affected by this issue.

If you are not actively running IntelTXT disable it in the BIOS.Consult your owners manual for instructions on how to disable Intel TXT in BIOS.Once you have confirmed that Intel TXT is disabled on your system, you should:
oMaintain control of your computing environment. Administrative access, like Ring 0 in a typical operating system, is required to implement this attack.
oApply all patches and security updates for your operating system and applications.
oEnsure that security utilities such as firewalls, antivirus, etcetera are kept current with updates.
0 Kudos
Copy link
Gael_H_Intel
Moderator
‎02-14-2012 08:30 AM
1,172 Views
Hey John7944 - did you have any further questions reqarding these bin files? If not, I'll close this issue.
0 Kudos
Copy link
john7944
Beginner
‎02-27-2012 11:10 AM
1,172 Views
No other questions about SINIT. Thank you for the help.
0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.