Community
cancel
Showing results for 
Search instead for 
Did you mean: 
MÖber
Beginner
2,592 Views

Unable to upgrade Intel ME firmware

Hello,

I have a Skylake i7-6700k with an Asus MAXIMUS VIII HERO (z170 motherboard). I've been trying to upgrade my Intel management engine but I've run into a problem which seems to be related to management engine itself.

I've installed the intel management engine interface drivers with no issue (11.7.0.1040) as far as I can tell.

I've ran the SA00086 tool from Intel that can be downloaded from here: https://downloadcenter.intel.com/download/27150 Intel-SA-00086 Detection Tool

It reports my system as vulnerable:

Risk AssessmentBased on the analysis performed by this tool: This system is vulnerable.

Processor Name: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz

OS Version: Microsoft Windows 10 Pro

Intel(R) ME Information

Engine: Intel(R) Management Engine

Version: 11.0.0.1163

SVN: 1

I have downloaded the tool (http://dlcdnet.asus.com/pub/ASUS/mb/LGA1151/Z170-A/MEUpdateTool_UI_20171103_TP.zip http://dlcdnet.asus.com/pub/ASUS/mb/LGA1151/Z170-A/MEUpdateTool_UI_20171103_TP.zip ) from Asus for my motherboard for updating ME firmware (it uses FWUpdLcl64.exe from Intel), but when running it, it encounters an error:

Intel (R) Firmware Update Utility Version: 11.8.50.3399

Copyright (C) 2007 - 2017, Intel Corporation. All rights reserved.

Communication Mode: MEI

Error 8719: Firmware update cannot be initiated because Local Firmware update is disabled

It seems like my management engine is locked down somehow from being updated. There's no options in my UEFI/BIOS related to management engine.

Here's the output from MEInfoWin.exe:

Intel(R) MEInfo Version: 11.8.50.3416

Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.

Intel(R) ME code versions:

BIOS Version 3504

MEBx Version 0.0.0.0000

GbE Version 0.7

Vendor ID 8086

PCH Version 31

FW Version 11.0.0.1163 H

Security Version (SVN) 1

LMS Version Not Available

MEI Driver Version 11.7.0.1040

Wireless Hardware Version Not Available

Wireless Driver Version Not Available

FW Capabilities 0x11111D40

Intel(R) Capability Licensing Service - PRESENT/ENABLED

Protect Audio Video Path - PRESENT/ENABLED

Intel(R) Dynamic Application Loader - PRESENT/ENABLED

Re-key needed False

Platform is re-key capable True

TLS Disabled

Last ME reset reason Firmware reset

Local FWUpdate Disabled

BIOS Config Lock Enabled

GbE Config Lock Enabled

Host Read Access to ME Enabled

Host Write Access to ME Disabled

Host Read Access to EC Disabled

Host Write Access to EC Disabled

SPI Flash ID 1 EF4018

SPI Flash ID 2 Unknown

BIOS boot State Post Boot

OEM ID 00000000-0000-0000-0000-000000000000

Capability Licensing Service Enabled

OEM Tag 0x00000000

Slot 1 Board Manufacturer 0x00000000

Slot 2 System Assembler 0x00000000

Slot 3 Reserved 0x00000000

M3 Autotest Disabled

C-link Status Disabled

Independent Firmware Recovery Disabled

EPID Group ID 0xF87

LSPCON Ports None

5K Ports None

OEM Public Key Hash FPF 0000000000000000000000000000000000000000000000000000000000000000

OEM Public Key Hash ME 0000000000000000000000000000000000000000000000000000000000000000

ACM SVN FPF 0x0

KM SVN FPF 0x0

BSMM SVN FPF 0x0

GuC Encryption Key FPF 0000000000000000000000000000000000000000000000000000000000000000

GuC Encryption Key ME 0000000000000000000000000000000000000000000000000000000000000000

FPF ME

--- --

Force Boot Guard ACM Disabled Disabled

Protect BIOS Environment Disabled Disabled

CPU Debugging Enabled Enabled

BSP Initialization Enabled Enabled

Measured Boot Disabled Disabled

Verified Boot Disabled Disabled

Key Manifest ID 0x0 0x0

Enforcement Policy 0x0 0x0

I noticed that "Local FWUpdate" is set to Disabled. How can I enable this flag to upgrade my old firmware?

Would really appreciate some help on this matter. Thanks!

0 Kudos
4 Replies
n_scott_pearson
Super User Retired Employee
445 Views

You should be asking this question at the Asus site, not here. We know nothing about how Asus has set up and protected their firmware hub on this board.

...S

MAnis2
Beginner
445 Views

Hi,

I contacted Asus service center regarding my motherboard and this was the response I got (copied as is):

Thank you for your patience.

 

Our backend team has get back to us , they mention the update is the latest.

 

However, the problem is liable with Intel and they unable to provide whether the security issue was fixed. They advise you to contact Intel for further assist

Help?

n_scott_pearson
Super User Retired Employee
445 Views

Regardless of whether or not there is an issue that Intel needs to help Asus resolve, you *still* need to get your solution through Asus, so our discussion here is moot. Go back to Asus and keep bugging them; you are accomplishing nothing here.

...S

MAnis2
Beginner
445 Views

Thank you!