Intel ME Firmware (SA-00086) security flaw

As per the conversation and 10 hours back dell published a article about the fix, sadly alienware older models release date is still TBD, and for new alienware 15R3, 17R4, 13R3, by Jan you guys will get 11.8 firmware..
i tried running the intel detection tool, and found that my system is vulnerable.. everyother company is taking quick action, but dell is giving a delayed date..

Update : New MEFW update will be out for Newer Alienware models by 11-December-2017, and for rest of alienware models by Jan 31st 2018..

http://www.dell.com/support/article...ntel-me-txe-advisory--intel-sa-00086-?lang=en

 

I want Intel ME to be removed. If there's an exploit in the wild after 2-3 years then we are good as dead.
Best course of action would be to fix the MEI w/o version bump.

 

without version bump they cant do anything, hotfix on firmware, im not sure though.. the problem with dell is they have more thn 100 models currently, they could have split into categories, like high end, mid range then the basic laptops, but they do according to the launch year, latest models, then priority to 1 year above old systems which sucks.. probably for new year we will have new BIOS.. until that, it is kinda scary..

 

Its terrible how slow the industry is with fixing this bug and indeed IME needs to be removed, closed source, unsafe and too dependent on hard patches.

 

specially when customers pay such nice amount for the BGA hardware, 1-2 years max life for an high end gaming laptop according to dell, rofl.. godamn logic.. removing IME would take decades.. intels decision is stubborn on that one.. stupidity level 9999

 

I'm feeling sad for Apple laptops where they have got 2 homing devices IMEI and Apple itself.

 

apple is moving out from intel soon, they have already shifted most to amd.. anyways the hybrid version of intel/amd vega will be soon on apple laptops.. i wish there was stable firmware/drivers for laptops.. the amount of time we fiddle to get settings right these days is too much, a day would come, where customer dont have to tune much out of box, everything should be created properly, from designing, to components, to softwares, then charge a fair amount... intel RST got updated, and intel HD graphics as well.. i mean on station drivers.. if u want u can download.. for me no changes in system stability, and im trying to find out about my motherboard components, like which VRM chips are important, and other small ICs which needs to be cooled, if someone can map those, i can try to create a custom heatsink from a chinese vendor lol

 

And where is Alienware 17R3 ?

 

they probably forgot that they even created a model in the name of 17 R3.. lol.. Dellienware

 

You guys can update the firmware manually without having to wait. I did it on my GT73VR.

https://www.win-raid.com/t596f39-Intel-Management-Engine-Drivers-Firmware-amp-System-Tools.html

They do suggest waiting for an official bios, but the manual instructions still work.

 

It's still an risk (it can brick systems on older BIOS).... See also the info from www.win-raid.com "However, there is always the risk that you will face compatibility issues between the older BIOS and newer CSME firmware, after which going back to your previous configuration is often very difficult. If for example your BIOS is up to date but the CSME firmware is still at v11.6, then it is advised to not update to v11.8 but only to latter v11.6 releases, unless you can recover your firmware in case of issues or can contact the OEM and ask for a new BIOS. On the other hand, if your current system already has updated BIOS with firmware v11.8, you can update to the latest versions as provided below." Mind you. Your Msibook ain't as old as the EOL Alienware's. And many run with older bios versions than the last one.

 

ive already did that long back, but it doesnt work well with dell BIOS.. gives you random issues, rather stay away and stick with stock firmware until dell publishes new ones along with BIOS code update, im not sure about other manufacturers.. ive tried till the latest one on my other systems before.. and there is no way of downgrading Firmware, unless you buy a SPI flasher and do it on your own risk.. that too complicated..

 

Microsoft hasn't addressed this either, and I'm wondering if the ME is so integrated into various pc systems that they might not be able to turn it off, or at a minimum prevent remote access. If MS doesn't address this issue very soon, I'm returning my Surface Pro.

 

17 r2 is a typo its 17 r3 since Haswell's and Broadwell aren't affected.

 

How to update firmware in gt73vr ? What the firmware is imcluded in bios and i can't update the me firmware?

 

@Vasudev New Intel HD graphics driver is out for Alienware 15 R2 / 17R3, its not new, i mean Version 22.20.16.4771, A12 WHQL dell approved

http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=VTHJM

i dont have context menu lag anymore.. better thn nothing.

 

i'm using latest intel drivers with no issues.

 

welcome to FCU, its full of bugs and lag fest.. specially on optimus systems.. fingers crossed for new year driver / firmware updates for our models.. last resort..

 

Installed Samsung nvme drivers 2.3 for improving write speed from 150 megs to 300 megs. But, it has a strange bug; A restart will lockup the SSD PM951 and I need to use Ctrl+Alt+Del to soft reset it. Default nvme driver don't have this issue.
@Papusan Do you have this issue on 950 pro with UBX controller?

 

didnt i post this on someones thread before ?? ive already told people to stay away from samsung nvme drivers.. from 2.1 they have weird bugs with windows 10, few restarts your SSD wont get detected at all.. the problem is its not compatible with PM series.. its only for EVO / PRO.. different firmware.. the first thing i tried when i got this ssd lol.. from day 1 i had this issue.. but it is super snappier.. specially when ur using on AHCI mode.. but for now naah. no boot device found bug is bugging too much.. i tried this back on bios 1.2.8 where it had the LED bug.. where samsung NVMe Driver dint have any issue.. but the big boot error.. stay with MS one.. better.. or if u can.. ask samsung support for updated firmware / driver for PM consumer series..

 

Earlier release of sam nvme drivers were high counts of unsafe shutdowns reported in hwinfo.
W10 feels much smoother on Samsung nvme driver than native driver and response time is pretty lowest than standard nvme driver. I'm searching Open Source Nvme driver for W10.
See this Pm951 and 950 pro ssd use UBX controller which is included in secnvm.inf file https://us.hardware.info/category/4...ISnFloVOIU6AjVr2RVrWRmZmqmZBWtZGhsam6kFFtbCwA

 

ok im gonna test it for you once again with latest samsung nvme driver.. never tested on FCU thoooo.. lets seee

 

That strange bug is present where your goes undetected after reboot. I'm checking inf files for some traces.

 

dont have to trace anything, its literally on the 4th page of samsung nvme driver installation guide..

 

I was able to tweak the default NVMe driver to give almost Samsung NVMe like benchmark reading on AS SSD. Its more snappy and zippy.
I present 2 methods to achieve this, follow whichever is easier for you.
Method 1: Regedit and Device manager.

• Open device manager and click on > symbol Storage Controller and double click Standard NVMe controller.
• Click on Details Tab and change the property to Hardware IDs.
• Open regedit and use this path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\PCI\VEN_144D&DEV_A802&SUBSYS_A801144D&REV_01 {On PM951 this is the HW id.}
  
• Follow this screenie here.
• 

Easy method: Use this utility MSI util2 https://github.com/CHEF-KOCH/MSI-utility/releases/tag/2.0
Change the limit as you see in the screenshot:

Reboot PC after you change the message limit using either of the above methods.
Hope this helps.
@Pete Light @iunlock @Mr. Fox @VICKYGAMEBOY @Papusan @Phoenix @hmscott

 

@VICKYGAMEBOY Did you see this and apply the tweak?

 

So an update @VICKYGAMEBOY enable MSI X in registry if its DWORD. Because after reboot, nvme drive would occassionally slowdown. So enable MSI/MSI-X

 

not yet, my system is with dell, for heatsink replacement, i keep changing parts, except motherboard, ill keep the current one, but once i get it back ill try.. mostly i install using RAID mode.. but this time ill use AHCI with samsung 2.3 driver and ur tweaks.. im shifting to new house, probably will take time to get Fiber there, so yeah lll be away from NBR for sometime i guess.. by that time hopefulyy we would have hands on new Alienware ME firmware / bios and the new w10 inisder build.. i also own amd gpu, excited for Radeon redux Adrelaine edition.. like they did last year with crimson driver..

 

What do you mean by changing parts? Do they simply oblige to give you replacement HSFs?
What I said above was for standard nvme controller from microsoft. Samsung Nvme drivers locks up during a reboot.

 

offcourse not, i have xtended warranty, but i do replace for what i paid, keep changing if not satisfied, from boards to other stuffs oh i thot that was a tweak for Samsung Driver.. nvm.. ill try today or tomorrow..im planninng to do a hackintosh setup.. its been almost 4 years.. on my 14x i use to use chamellion boot loader.. i forgot now how to even install.. do you have any recomendation ??

 

Never heard of it.
Tonymacx86 is your best hope at Hackintosh. I hate that, damn too much Skynet'ty.
Why not try Linux 16 like Lde or xfce.

 

@Vasudev @Papusan OEM sells without Intel ME now.. good to hear.. they should make it default.. instead of even giving that options..
https://wccftech.com/pc-makers-intel-me-disabled/

 

Maybe Alienware should remove ME permanently when it ships BIOS update for 15 r2/r3

 

check my OP update.. its just ME firmware update for new alienware models.. no BIOS update.. but may be there is one last bios for our system.. if im right..

 

It looks like Dell released the FW for cassini.

 

Yep, December 4th release.

 

@Vasudev Yes 11th Jan was the launch date for newer models, and for us its one more month.. too much waiting.. just need to get feedback from new users..

 

Since early cassini were having 6700HQ, I think ME FW for 15 r3/17 r4 should work on Echo models.

 

but isnt the chipset different ??

 

Hm170 and pascal gpus will get the same FW. I'm not sure though.
If they are using custom tuned MEI FW then I think 15 r2 will get a error message saying Incompatible System Detected.

 

lets wait and see.. also there might be a last bios for 15 r2 on jan or feb.. skylake models.. different fan curves for new w10 FCU.

 

fan curves are hard coded onto BIOS. Completely OS independent.

 

finally got few parts for my old m11x, waiting for few more parts. once arrives.. il revive the old kid.. sadly there is no new update on insider builds.. newer w10 builds are more optimized for U cpus.. indian customs are really stingy when product comes from HK or china.. mine is stuck with customs for almost 3 weeks.. no update from them.. tried contacting the sub foreign post office.. no update.. the other touchpad assembly i bought from US arrived in 2 weeks with no delay whatsover.. its like some issues with china shippings.. godamn this goverment..

 

Same thing for me too. Arctic pads were delivered to India within 3 days but stuck at customs for 3 weeks.

 

i got my artic new 0.5mm pads three days back.. and ICD 7.. gonna call dell and ask for bottom base and screen replacement, once i get, ill do the final repaste + pads.. btw did u test any vulkan games ??

 

Not enough data to download new games since iOS 11 had 3-4 concurrent updates over a gig and other devices had updates, video streaming etc emptied all available data.
Arctic is good. I like Makergel nano better.Some news for you, dell decided to use generic MEI rom from WIn-raid. I checked Prema's BIN file to check hashes and dell actually used the same stock FW. So, don't flash Prema's MEI tool since he personally asked other vendors like Dell, MSI etc laptops to refrain from updating because he didn't test it.
@Prema I am really sorry for checking the hashes.
My new laptop/PC will be Prema'fied. If I cannot afford LGA, I don't mind paying Prema to make custom BIOS for BGA or even Ryzen.
15 r3/17r4 ME FW runs on 15 r2 and no error popped up. I'm afraid to flash since my warranty expired.

 

i wish i could pay him through paytm. sadly it doesnt work.. btw ill send u some pm.. later.. just check and let me know how we should proceed.. and yeah makergel is one of the best cheal alternative to kryo or GC.. no worries about the bandwidth thingy.. we all went through that issue.. right now in bangalore outer skirts there is not even a mainstream FTTH.. only some random ones.. but its 100mbps.. will get in 2 weeks time.. will update u.. do u use 7z to check SHA ??

 

I think Prema prefers Paypal.I'm using FTTH. The ISP upgraded to 100Mb/s but it too expensive considering we also pay for cable TV too. If both came in a single package at 10% higher then definitely I'd go for it.
I use 7ip and hashtab.
The fact is, I don't even have enough bank balance to donate to Prema, when I get some I'll donate to Prema. Dunno know much years it will take.

 

Intel to Deploy Management Engine Lock to Prevent Disabling, Rollback

"Intel is seemingly poising to move towards a full hardware lock of the Management Engines' capabilities, thus ensuring it can't be disabled. And even if Intel does send out firmware fixes for its already deployed CPUs with ME integration, the fact remains that the memory pool where the firmware is written is, well, re-writable - given enough access, miscreants could simply re-flash the ME to an earlier, vulnerable version, and thus acquire God Mode access to a victim's computer. To tackle both issues, Intel is moving towards a hardware lock of their ME."

 

it shouldnt have existed in first place.. now this hard lock.. intel should move on with the intel ME system.. too bad.. they are stuck with old cpu designs just a clock bump due to fab nature.. amd on other hand is doing better with arch.. no offence.. i love both. but i give edge to amd..