Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2827 Discussions

Problems updating the Management Engine firmware on DB75EN

VAcht1
Novice
8,900 Views

My Intel Desktop Board DB75EN is affected by the AMT vulnerability.

I found a firmware update here:

https://www.intel.com/content/www/us/en/support/boards-and-kits/000024181.html Intel® Active Management Technology Escalation of Privilege Advisory...

However, when I try to install it, I encounter two problems.

First: I'm running Linux -- and the firmware update utility runs on Windows only. So is there also a utility available to update the FW under Linux?

As a workaround, I created a Windows 10 Recovery Drive (on a USB stick) and copied the update to that USB stick. I then booted the PC using that USB stick and tried to run the firmware update from within that Windows Recovery (WinPE) environment. I then got the following output:

D:\EN-FW-Update\EN-FW-Update-64bit>FWUpdLcl64.exe -f ME8_5M_Production.bin -generic

Intel (R) Firmware Update Utility Version: 8.1.40.1456

Copyright (C) 2007 - 2013, Intel Corporation. All rights reserved.

Error 8743: Unknown or Unsupported Platform

Cannot locate hardware platform identification

This program cannot be run on the current platform.

Any idea why this does not work? And how to resolve it?

0 Kudos
11 Replies
MMark26
Novice
4,588 Views

I am also interested in a linux update utility. I know that FWUpdLcl has builds for DOS, win32 and win64, and initially went for the DOS executable, but found it impossible to boot DOS in EFI (Heavy reliance on BIOS), and with the other two I hit the same issue mentioned above.

0 Kudos
VAcht1
Novice
4,588 Views

Can no one help me?

Also, why does the advisory page state that a "System BIOS update [is] not planned" for this board?

https://www.intel.com/content/www/us/en/support/boards-and-kits/000024181.html Intel® Active Management Technology Escalation of Privilege Advisory...

Quite disappointing, I must say. Intel bakes in some management funtion into their chipsets that turns out to be a fully open backdoor. And then, Intel does not even provide a normal BIOS update for the board to fix it. Only some obscure update utility that requires Windows to be installed on the machine...

VAcht1
Novice
4,588 Views

I finally managed to fix it. See my solution in the original thread that can be found here:

To Intel: thanks a lot for your great support...

0 Kudos
MMark26
Novice
4,588 Views

Sadly this is not a fix for me, as it is not EFI compatible.

0 Kudos
MichaelA_Intel
Moderator
4,588 Views

Stamgastje

Hi, the reason why a system BIOS update is not planned for this board is because it has been discontinued:

http://www.intel.com/content/www/us/en/support/boards-and-kits/desktop-boards/intel-desktop-boards-with-intel-b75-express-chipset/intel-desktop-board-db75en.html Support for Intel® Desktop Board DB75EN

Regards,

Michael

0 Kudos
VAcht1
Novice
4,588 Views

> Hi, the reason why a system BIOS update is not planned for this board is because it has been discontinued:

I'm sorry but that is BS... have a look at the table below which I copied from this page:

https://www.intel.com/content/www/us/en/support/boards-and-kits/000024181.html Intel® Active Management Technology Escalation of Privilege Advisory...

ALL products in this list have been discontinued. Yet, the majority receives a BIOS update - except the DB75EN, DQ57TM and DQ57TML. For no apparent reason.

Impacted product

System BIOS Update AvailabilityFirmware Update Utility AvailabilityLast updatedIntel® Desktop Board DB65ALExpected by June 19, 2017https://downloadcenter.intel.com/download/26830/ Download Firmware Update Utility nowMay 30, 2017Intel® Desktop Board DB75ENSystem BIOS update not plannedhttps://downloadcenter.intel.com/download/26829/ Download Firmware Update Utility nowMay 26, 2017Intel® Desktop Board DB85FLExpected by June 5, 2017https://downloadcenter.intel.com/download/26834/ Download Firmware Update Utility nowMay 30, 2017Intel® Desktop Board DQ57TMSystem BIOS update not plannedhttps://downloadcenter.intel.com/download/26828/ Download Firmware Update Utility nowMay 26, 2017Intel® Desktop Board DQ57TMLSystem BIOS update not plannedhttps://downloadcenter.intel.com/download/26828/ Download Firmware Update Utility nowMay 26, 2017Intel® Desktop Board DQ67EPExpected by June 19, 2017https://downloadcenter.intel.com/download/26830/ Download Firmware Update Utility nowMay 26, 2017Intel® Desktop Board DQ67OWExpected by June 19, 2017https://downloadcenter.intel.com/download/26830/ Download Firmware Update Utility nowMay 26, 2017Intel® Desktop Board DQ67SWExpected by June 19, 2017https://downloadcenter.intel.com/download/26830/ Download Firmware Update Utility nowMay 26, 2017Intel® Desktop Board DQ77CPExpected by June 5, 2017https://downloadcenter.intel.com/download/26829/ Download Firmware Update Utility nowMay 26, 2017Intel® Desktop Board DQ77KBExpected by June 12, 2017https://downloadcenter.intel.com/download/26829/ Download Firmware Update Utility nowMay 26, 2017Intel® Desktop Board DQ77MKExpected by June 5, 2017https://downloadcenter.intel.com/download/26829/ Download Firmware Update Utility nowMay 26, 2017Intel® Desktop Board DQ87PGExpected by June 5, 2017https://downloadcenter.intel.com/download/26834/ Download Firmware Update Utility nowMay 30, 2017
0 Kudos
MichaelA_Intel
Moderator
4,588 Views

Stamgastje kn1ght

The firmware update utility for this board is currently available for Windows OS...I've read through your fix which looks good. Another method would be to build a WinPE disk and install the MEI driver, then run the FWUpdate tool.

Regards,

Michael

0 Kudos
MMark26
Novice
4,588 Views

I tried exactly that (WinPE) but yet again had issues booting via EFI. I finally bit the bullet, split another gpt partition of around 32gb of my drive and put Windows 10 on it. The update itself was then executed successfully and i wiped the win 10 partition (s) right after. I just find it to be bad support when Intel is involved in the Linux kernel, mesa drivers, and releases firmware blobs for Linux, but then has difficulty porting a simple update utility (which is also available for DOS).

MichaelA_Intel
Moderator
4,588 Views

kn1ght

I'm grateful for your contribution to the community for anyone needing assistance in the future with Linux. I also get your frustration surrounding linux support. The feedback has been shared with the developers.

Regards,

Michael

0 Kudos
VAcht1
Novice
4,588 Views

> I'm grateful for your contribution to the community for anyone needing assistance in the future with Linux. I also get your frustration surrounding linux support. The feedback has been shared with the developers.

It's especially frustrating since the ME is an OS agnostic function. And the security vulnerability is therefore present regardless which OS you run. As such, I expect a patch that can be installed regardless which OS you run.

By far the easiest solution would have been if simply a BIOS update (.BIO file) would have been made available for this board -- like for all others (see my previous reply). This could then be installed during boot (F7 BIOS Flash Update option).

0 Kudos
VAcht1
Novice
4,588 Views

> The firmware update utility for this board is currently available for Windows OS...I've read through your fix which looks good. Another method would be to build a WinPE disk and install the MEI driver, then run the FWUpdate tool.

It would be very helpful if the requirement that the MEI drivers must be installed, is mentioned somewhere.

This is not mentioned on the download page:

https://downloadcenter.intel.com/download/26829/Intel-Management-Engine-Firmware-8-x-Update-for-Intel-Desktop-Board-DB75EN-DQ77KB-DQ77CP-and-DQ77MK?product=59043 Download Intel® Management Engine Firmware 8.x Update for Intel® Desktop Board DB75EN, DQ77KB, DQ77CP, and DQ77MK

Nor in the https://downloadmirror.intel.com/26829/eng/Intel-ME-FW-Update-EN-Readme.pdf Read Me (pdf) that can be downloaded from that page (and is included in the firmware update package/zip).

0 Kudos
Reply