Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
Announcements
The Intel sign-in experience has changed to support enhanced security controls. If you sign in, click here for more information.
2702 Discussions

Not able to unprovision AMT via bios or using ACUConfigure.exe

KJaya2
Beginner
‎05-17-2017 06:35 AM
2,817 Views

Hi,

As recently identified vulnerability issue with AMT vPro machines, I was trying to unprovision AMT using the "ACUConfigure.exe unconfigure", but fails because LMS service is not there in those machines, and tried doing unprovisioning it via BIOS but on all those machines default password 'admin' is not working, and in one machine I am getting "MEBx Login Error - Error applying new password", when it prompts for changing the password.

Here's the situation

- Machines which is AMT provisioned (Provision State=2), does not have LMS service, so when I run "ACUConfigure.exe unconfigure", it fails because of missing LMS service.

- On machines having LMS service, AMT provision state is not 2.

- Most of the machines having AMT provision state 2 are "DT research BU590", since "ACUConfigure.exe unconfigure" is not working, as LMS service is missing, tried unprovisioning it via BIOS, but default password is not working.

- One machine - Thinkpad 460 with provision state 2, getting error while trying to change the password.

Please let me know, how to unprovision AMT and remove / uninstall LMS.

Also please confirm, if Provision state is 0, then it is unprovisioned.

Thanks

Kabilan

0 Kudos

Link Copied

6 Replies
MichaelA_Intel
Moderator
‎05-19-2017 01:53 PM
1,084 Views

Kabi

Hi Kabilan,

Please try using the Unprovisioning tool located here:

https://downloadcenter.intel.com/download/26781/Intel-SA-00075-Unprovisioning-Tool https://downloadcenter.intel.com/download/26781/Intel-SA-00075-Unprovisioning-Tool

Let us know if this works for you.

 

Regards,

Michael

Copy link
MLamb7
Beginner
‎05-30-2017 10:28 AM
1,084 Views
In response to MichaelA_Intel

I have the same issue as Kabilan. I tried running the Unprovisioning Tool. I first ran the Discovery Tool on a machine and the Risk\Exposure status was 'Vulnerable\Exposed'. I then ran the Unprovisioning Tool and received a successfully unprovisioned message. I rebooted the computer and re-ran the Discovery Tool expecting to see that the computer was 'Not Vulnerable\Not Exposed' but it was still showing 'Vulnerable\Exposed'. I've included the log messages from these tools, any ideas?

Initial Discovery Tool Results:

<</span>System>

<</span>Application_Name>INTEL-SA-00075 Discovery Tool</</span>Application_Name>

<</span>Application_Version>1.0.1.39</</span>Application_Version>

<</span>Computer_Name>WCALABASL1</</span>Computer_Name>

<</span>Scan_Date>5/26/2017 10:24:41 AM</</span>Scan_Date>

- <</span>Hardware_Inventory>

<</span>Computer_Manufacturer>Hewlett-Packard</</span>Computer_Manufacturer>

<</span>Computer_Model>HP rp5800</</span>Computer_Model>

<</span>Processor>Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz</</span>Processor>

</</span>Hardware_Inventory>

- <</span>ME_Firmware_Information>

<</span>ME_Version>7.1.52.1176</</span>ME_Version>

<</span>ME_SKU>Intel(R) Standard Manageability</</span>ME_SKU>

<</span>ME_Provisioning_State>Provisioned</</span>ME_Provisioning_State>

<</span>ME_Driver_Installed>True</</span>ME_Driver_Installed>

<</span>ME_EHBC_Enabled>False</</span>ME_EHBC_Enabled>

<</span>LMS_State>Running</</span>LMS_State>

<</span>MicroLMS_State<span class...
In response to MichaelA_Intel
0 Kudos
Copy link
MichaelA_Intel
Moderator
‎06-07-2017 04:54 PM
1,084 Views
In response to MLamb7

MichaelLambert

I can see where you would be concerned with the results of running the discovery tool. I've checked your system to see if it is vPro enabled and it is not. Without vPro, there is no AMT and hence, you are not exposed to this vulnerability:

http://ark.intel.com/products/53426/Intel-Core-i3-2120-Processor-3M-Cache-3_30-GHz Intel® Core™ i3-2120 Processor (3M Cache, 3.30 GHz) Product Specifications

 

Regards,

Michael

In response to MLamb7
Preview file
12 KB
0 Kudos
Copy link
KJaya2
Beginner
‎06-08-2017 06:11 AM
1,084 Views
In response to MichaelA_Intel

Thanks for the reply, Unprovisioning tool works, but it needs user interaction, do you have an enterprise wide solution.

And how to prevent AMT provisioning?, does AMT provisioning state switch from 0 to 2 automatically or under any specific circumstance?,

If a machine having LMS service but AMT is unprovisioned, is it vulnerable?

Thanks

Kabilan

In response to MichaelA_Intel
0 Kudos
Copy link
MichaelA_Intel
Moderator
‎06-21-2017 06:13 PM
1,084 Views
In response to KJaya2

Kabi

Hi Kabilan,

 

I know this response is very late. I seem to have missed this one and I apologize.

https://downloadcenter.intel.com/download/26755 Download INTEL-SA-00075 Detection and Mitigation Tool

The latest version has a silent installation option. You can see the syntax on page 3 of the .pdf included in the download.

And how to prevent AMT provisioning?, does AMT provisioning state switch from 0 to 2 automatically or under any specific circumstance?,

AMT provisioning does not switch state automatically.

If a machine having LMS service but AMT is unprovisioned, is it vulnerable?

The vulnerability on the system will not be fixed until the firmware has been updated.

Regards,

Michael

In response to KJaya2
0 Kudos
Copy link
MichaelA_Intel
Moderator
‎06-07-2017 04:56 PM
1,084 Views

Kabi

Hi Kabi,

Apologies, my response was incomplete...to answer your question about provision state = 0. This is "not provisioned"

Regards,

Michael

0 Kudos
Copy link
Reply

For more complete information about compiler optimizations, see our Optimization Notice.