Processors
Intel® Processors, Tools, and Utilities
16277 Discussions

Issues with Intel ME firmware update and INTEL-SA-00086 command-line tool

TCotu
Beginner
‎07-09-2018 07:44 AM
6,370 Views

We're packaging the Intel ME firmware for deployment to our laptops/desktops. We noticed that the firmware updates whether the system is vulnerable or not, and since we're including the firmware as part of our build process we wanted to avoided continuously rewriting firmware, so we included the INTEL-SA-00086 command-line tool as a pre-check. If the tool returns an error code saying the system is vulnerable then we run the firmware update and restart, if the system comes back as patched or non-vulnerable then we return success.

With some systems we've been getting errors when running the INTEL-SA-00086, one of which is "The signature of the file HeciWrapper64.dll cannot be validated." We tried installing the Intel ME Components driver and restarting which fixed the issue on some systems, but not all.

On one system we were even able to run the firmware update but the INTEL-SA-00086 tool still failed, and running the Intel ME Components driver didn't fix the issue. What was odd was that the command-line tool failed, and while the command-line session was still open we ran the GUI version which succeeded, and then the command-line version succeeded when run again.

Is there something the GUI version of the INTEL-SA-00086 does that would affect the command-line version of the tool or was this a coincidence?

How can we ensure the command-line tool works consistently?

0 Kudos

Link Copied

7 Replies
idata
Employee
‎07-09-2018 04:24 PM
4,611 Views

Hello tcotuleo,

 

 

I understand that you are currently experiencing problems with the Intel ® Management Engine firmware update and the SA-00086 command-line tool.

 

 

Regarding this, I will need some more information in order to find and see what the problem can be, first, let me know if the systems you have built are the same processor-wise or perhaps the configuration, are they the same or do they differ from each other?

 

 

Let me know so we can start an investigation about this problem.

 

 

 

Regards,

 

David V
0 Kudos
Copy link
TCotu
Beginner
‎07-10-2018 08:08 AM
4,611 Views
In response to idata

Thanks for responding.

We've seen the issue multiple times on three different models of machine. Each model has a standard hardware and software build. We're currently running HP Elitebook 820 and 850 laptops (both G1 and G2) in our environment, as well as HP Prodesk 600 G1 workstations.

This latest issue that I mentioned was on an 850 G1 laptop.

In response to idata
0 Kudos
Copy link
idata
Employee
‎07-10-2018 04:11 PM
4,611 Views
In response to TCotu

Hello tcotuleo,

 

 

Thank you for your response.

 

 

What I can recommend you to do in this case is to refer to the link below:

 

 

https://www.intel.com/content/www/us/en/support/articles/000025619/software.html https://www.intel.com/content/www/us/en/support/articles/000025619/software.html

 

 

This has a list of the different manufacturers who are addressing the problem. Normally if you have the latest BIOS version the patch for the Intel ® SA-00086 should be applied. They should also have a list of the different devices affected, we have provided all of the information necessary to the different manufacturers in order to address the issue.

 

 

I apologize for any inconvenience.

 

 

 

Regards,

 

David V
In response to TCotu
0 Kudos
Copy link
TCotu
Beginner
‎07-11-2018 08:41 AM
4,611 Views
In response to TCotu

We had actually reached out to HP for assistance, and they has us reach out to Intel regarding the INTEL-SA-00086 command-line tool since it's an Intel tool.

I'm really just trying to determine if the GUI version of the tool does anything to the system that would affect the operation of the command-line tool. The command-line started working for us after we ran the GUI tool.

Does the GUI tool do anything different from the command-line tool?

In response to TCotu
0 Kudos
Copy link
VARADHARAJAN
Valued Contributor I
‎07-11-2018 07:16 AM
4,611 Views

I have tested on my laptop with same tool , its worked perfectly , I am sure tool tells true

here is the video

Preview file
3276 KB
0 Kudos
Copy link
TCotu
Beginner
‎07-11-2018 08:44 AM
4,611 Views
In response to VARADHARAJAN

Thank you for trying it out.

The GUI tool works on most systems for us as well, but we have a few where it fails. On the last system the command-line tool failed but the GUI tool succeeded, which seemed to fix the command-line tool.

We're just trying to find out if the GUI tool would do something that would fix the command-line tool or if it was a coincidence.

In response to VARADHARAJAN
0 Kudos
Copy link
n_scott_pearson
Super User
‎07-11-2018 09:01 AM
4,611 Views
In response to TCotu

Hhmmm, sounds like GUI tool is installing driver or library that is needed by either version...

...S

In response to TCotu
0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.