Updating Intel ME Firmware on 15 r2/17 r3 or possibly other BGAs as well

@Vasudev here's something strange, i got my replacement motherboard today, it had 1.3.12 bios version on it.. sad my good motherboard had to go due to the keyboard socket issue, so i just fresh installed windows 10 FCU + stock drivers.. and i downloaded 1.4.4 bios, this time i just turned off antivirus on windows and ran the .exe file from windows itself.. guess what i saw the intel ME firmware flashing. percentage showed up.. and now im on official 11.8..

 

You should work at Dell esp. Alienware. You could have made millions. I have never seen anyone with so much Mobo replacements. Do you actually use AW in military or what?
Are you Tony Stark's grandson? I have a small doubt you're one.
One more thing, like I said LocalFW update for ME must be enabled state for BIOS(ME part) to work. When Dell decided to put the value in Disabled State and can't enable them afterwards. Yours was in enabled state.
For me Dell Gset did flash ME partially but exited itself due to LocalME/FW Update being disabled.

 

im just a captain, lol, work on alienware, i wish i had that qualification.. but i wont work there for money.. i already have money, but i want a perfect product.. sadly it wont happen for long time, this board is throttling super hard.. i might change this one as well next month.. lets see.. Yes LOCAL FW update should be enabled, but it was enabled all the way from BIOS 1.2.2 i guess... when they had their first ME update.. new nvidia drivers runs smooth when installed via INF method.. but the moment i install geforce experience there is huge frametime issues on both AC originis and COD WW2.. Latest Intel GPU drivers create artifcats on youtube vidoes.. pixel blocks.. so i reverted back to dell ones..

 

Don't install GFE.
If you're watching 4k videos on YT then those pixels artifacts are present until dGPU is activated.
I feel MEFW update was locked on 1.3.9 or 1.3.10 stating AW has been optimised 100%.

 

yeah GFE becoming more bloated and heavy on maxwell and older gen cards.. planning to try OBS..i really wish to see os like windows 7.. clean and neat.. and everything was in one place, control panel with proper drivers / proper UI.. this windows 10 is mixed bag of turd.. i liked it at first.. now in the name of fluent design they spoiled everything.. half baked titlte bars.. not similiar at all.. trasparency is worst.. UI designer on MS really need some workout.. One Core was so promising at start.. now its like a virus.. grabbing whatever it can and surviving.. end of windows phone was disaster.. i had 3 WP.. lumia 520, lumia 730 and lumia 930.. MS is going braindead here..

 

Still use lumia 730 and I find it damn hard to get Android with similar design and screen size.

 

exactly what im using now.. lumia 730.. really sexy phone.. and awesome display.. Clear Black display and good camera.. lacks apps though.. and MS ditched latest OS for these phones... 14393 the last W10M build.. and they stopped indirtect flite path for upgrading.. so yeah basically have to wait for official release or GG

 

I'm on creators update on my phone.

 

They got to be kidding!
You mean we are practically forever vulnerable since Dell decided one day "oh this deep-inside-the-system-and-very-complex management engine firmware is for sure 100% completed and for ever save and bugfree - let's bake it in"?

 

Its just a hunch. 95% of AW are locked and 5% are unlocked.
Newer AW have MEFW enabled.

 

Oh nice, I guess I got to live with it. Well it just is a elcheapo 3000 $ laptop, so no reason to whine from my side, I should just get a new one and throw the old one away.

 

You can try my method if you are willing.
@VICKYGAMEBOY updated ME with latest BIOS 1.4.4 which had MEFW update enabled. If you use MEInfo as I described you might be able to know if the ME part can be flashed or not.

 

Unfortunately I already tried your method and it failed since local update is set to disabled. :-(

 

Even mine was disabled. Try BIOS recovery to reset BIOS to defaults and see if you can flash it directly.

 

I think you need to downgrade bios to 1.3.12 first so that local update will. be enabled but downgrading has a risk of bricking mobo i guess. Once you have downgraded then you can follow Vasudevs guide.
EDIT: try googling unable to upgrade intel ME firmware and you will see the problems lies from the recent bios update which set localFWupdate to disabled.

 

@VICKYGAMEBOY upgraded ME on 1.4.4 and official BIOS updated ME part for him in previous posts.

 

I tried reflashing bios 1.4.4 feb version and no luck. From different post of people having problems when i searched in google says it is due to the recent bios which you need to downgrade bios.. well this was from asus though.. hehe.. https://rog.asus.com/forum/showthre...pdate-problem-Error-8719-no-help-from-support

 

I actually did successfully downgrade to 1.3.12, but have local update still disabled. Even a re-upgrade to 1.4.4 did not update MEFW.

So I guess the only thing left to try is to clear CMOS?

 

you can try if it is ok with you. I would suggest short the clrp pin and also physically remove the cmos battery. I have tried shorting the clrp pin but didnt work. Have not tried physically removing cmos battery.

 

@Vasudev hey do u know any software which can cleanup windows downloaded driver files and other crap temp files.. i just installed W10 FCU.. im installing all my creative cloud software around 32gigs.. and i want to make a Image of my system with softwares installed.. i used CCleaner.. but it doesnt cleanup all files.. and for cloning my whole os.. the inbuilt backup one is fine.. or should i download acronis.. you know what i mean.. so next time.. i can just restore all my settings along with all the softwares installed.. no reg mess no settings mess..

 

Use Dism++ and driver store explorer.
Use Macrium reflect. It simply images everything in 7mins with 38GB size.

 

Well as far as I understood @VICKYGAMEBOY was in the lucky situation that due to a motherboard change he skipped the bios version that changed mefw to we not changeable anymore.

As for the cmos thing, I think I will prefer to live with 1.3.12 bios version and old mefw for the time being. I took the laptop aparts once for a fan problem, and I do not want to do all the steps again for removing cmos battery unless i do not know it really will help.

I might contact dell and ask them if they will fix this, i still cannot beliefe they burned in the old mefw so hard that even they cannot change it anymore.

And if dell will not fix this, at least I know my next device will not be from dell. There are actually plenty of manufacturers out there who are interessted in selling >2000$ laptops.

 

No need to remove CMOS battery, use Dell recovery BIOS method to do that. Same effect like CMOS removal.

 

Well I performed the BIOS recovery method, which also successfully flashed 1.3.12.

But still when following your guide, I always end up here:

Code:

C:\Users\ramon\Desktop\alienware\ME_11_TOOL\ME_11_TOOL>FWUpdLcl64.exe -f Data.bin -forcereset

Intel (R) Firmware Update Utility Version: 11.8.50.3448
Copyright (C) 2007 - 2018, Intel Corporation.  All rights reserved.

Communication Mode: MEI

Error 8719: Firmware update cannot be initiated because Local Firmware update is disabled

C:\Users\ramon\Desktop\alienware\ME_11_TOOL\ME_11_TOOL>

MEinfo follows:

Code:

C:\Users\ramon\Desktop\alienware\Intel CSME System Tools v11 r9\MEInfo\WIN64>MEInfoWin64.exe

Intel(R) MEInfo Version: 11.8.50.3434
Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.



Intel(R) ME code versions:

BIOS Version                                 1.3.12
MEBx Version                                 0.0.0.0000
GbE Version                                  Unknown
Vendor ID                                    8086
PCH Version                                  31
FW Version                                   11.0.0.1194 H
Security Version (SVN)                       1
LMS Version                                  Not Available
MEI Driver Version                           11.7.0.1045
Wireless Hardware Version                    Not Available
Wireless Driver Version                      Not Available

FW Capabilities                              0x31111940

        Intel(R) Capability Licensing Service - PRESENT/ENABLED
        Protect Audio Video Path - PRESENT/ENABLED
        Intel(R) Dynamic Application Loader - PRESENT/ENABLED
        Intel(R) Platform Trust Technology - PRESENT/ENABLED

Re-key needed                                False
Platform is re-key capable                   True
TLS                                          Disabled
Last ME reset reason                         Power up
Local FWUpdate                               Disabled
BIOS Config Lock                             Enabled
GbE Config Lock                              Enabled
Host Read Access to ME                       Disabled
Host Write Access to ME                      Disabled
Host Read Access to EC                       Disabled
Host Write Access to EC                      Disabled
SPI Flash ID 1                               EF4018
SPI Flash ID 2                               Unknown
BIOS boot State                              Post Boot
OEM ID                                       00000000-0000-0000-0000-000000000000
Capability Licensing Service                 Enabled
OEM Tag                                      0x00000000
Slot 1 Board Manufacturer                    0x00000000
Slot 2 System Assembler                      0x00000000
Slot 3 Reserved                              0x00000000
M3 Autotest                                  Disabled
C-link Status                                Enabled
Independent Firmware Recovery                Disabled
EPID Group ID                                0xF93
LSPCON Ports                                 None
5K Ports                                     None
OEM Public Key Hash FPF                      ABEBC4307D5450DD7A66969A7F6A0EA9F470CEDEC6A1FB3011D8603D8459C9F8
OEM Public Key Hash ME                       ABEBC4307D5450DD7A66969A7F6A0EA9F470CEDEC6A1FB3011D8603D8459C9F8
ACM SVN FPF                                  0x2
KM SVN FPF                                   0x0
BSMM SVN FPF                                 0x0
GuC Encryption Key FPF                       0000000000000000000000000000000000000000000000000000000000000000
GuC Encryption Key ME                        0000000000000000000000000000000000000000000000000000000000000000

                                             FPF                      ME
                                             ---                      --
Force Boot Guard ACM                         Enabled                  Enabled
Protect BIOS Environment                     Enabled                  Enabled
CPU Debugging                                Enabled                  Enabled
BSP Initialization                           Enabled                  Enabled
Measured Boot                                Enabled                  Enabled
Verified Boot                                Enabled                  Enabled
Key Manifest ID                              0x1                      0x1
Enforcement Policy                           0x3                      0x3
PTT                                          Enabled                  Enabled
PTT Lockout Override Counter                 0x0
EK Revoke State                              Not Revoked
PTT RTC Clear Detection FPF                  0x0

I can not get of the MEFW version 11.0.0.1194.

Anything else I can try?

 

@Vasudev @VICKYGAMEBOY @Papusan would it be possible to roll back bios further down and the bios roll back would enable local firmware update of intel ME?

 

I'm blind and can't find a "Prema ME11 tool" at the link in the OP. Can someone please point me more specifically to it? Thanks.

 

I think the problem I'm having is that the Alienware 15R2/17R3 BIOS 1.4.4 won't install from Windows (I get some kind of ROM not loaded error) - I have to boot a Dell recovery USB stick and flash from there, but then it only updates the main BIOS and boot block, and not the NVRAM or ME.

MEInfoWin shows that Local FWUpdate is Enabled, so that's not the problem.

 

Even reinstalling the bios 1.4.4 feb version? No ME update? WOW.. Something is really wrong with dell's engineering team.. LOL

 

Copy AW BIOS EXE to root of ur USB disk and hit F12 key upon startup/AW Logo and click Dell Flash update and point to your EXE BIOS file using TAB key and Enter key to select. You can flash BIOS that way. Just try disabling hibernate or hybrid startup just in case.

 

I've re-flashed 1.4.4 at least half a dozen times. I even finally got it to work via Windows instead of a USB stick, and it still didn't help.

I found the Prema tool, but all it managed to do was set local firmware updates to disabled, locking me out of ME updates.

I got it sorted though, with the help of this win-raid thread: https://www.win-raid.com/t596f39-Intel-Management-Engine-Drivers-Firmware-amp-System-Tools.html

I had to take out my RAM and short the CLRP1 pins to reset the CMOS, which re-enabled local FW updates, then I used FWUpdLcl64.exe to flash the appropriate Intel ME image as recommended by the win-raid thread. After rebooting I am no longer vulnerable.

 

Yeah, I tried that a half dozen times and it's useless. It just applies main BIOS + boot block updates, and not NVRAM or ME.

 

Try these cmds on MEI installer.
SetupME.exe -tcs -nodrv
Don't restart just run FWupdcl with appropriate bin file.
SetupME.exe -tcs -nodrv

 

No, messing with SetupME is a waste of time. I was just in this situation. The problem is that CMOS is corrupted and turned off local FW updates, so you need to clear CMOS.

Here's what to do:
- Turn off laptop, open the back, take out RAM, short CLRP1 pins to clear CMOS.
- Boot into BIOS setup and make sure everything is correct (especially RAID versus AHCI mode). Save and exit.
- Got to win-raid thread and get the appropriate Intel ME firmware (it's probably Intel CSME 11.8 Consumer PCH-H Firmware v11.8.50.3448 for you too, but look it over and decide for yourself)
- Use FWupdcl to flash the update
- Reboot

 

Hmm. Its good you were able to fix it. Always check MD5/SHA1/2 hashes of driver files before updating.

 

Check them against what? I have no reference. It's all trust that win-raid/station-drivers have the right stuff.

Anyways, here is what MEInfo now shows for me:

Code:

Intel(R) MEInfo Version: 11.8.50.3434
Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.



Intel(R) ME code versions:
                
BIOS Version                                 1.4.4
MEBx Version                                 0.0.0.0000
GbE Version                                  Unknown
Vendor ID                                    8086
PCH Version                                  31
FW Version                                   11.8.50.3448 H
Security Version (SVN)                       3
LMS Version                                  11.7.0.1060
MEI Driver Version                           11.7.0.1057
Wireless Hardware Version                    Not Available
Wireless Driver Version                      Not Available
                                            
FW Capabilities                              0x31111140
                                            
   Intel(R) Capability Licensing Service - PRESENT/ENABLED
   Protect Audio Video Path - PRESENT/ENABLED
   Intel(R) Dynamic Application Loader - PRESENT/ENABLED
   Intel(R) Platform Trust Technology - PRESENT/ENABLED
                                            
Re-key needed                                False
Platform is re-key capable                   True
TLS                                          Disabled
Last ME reset reason                         Global system reset
Local FWUpdate                               Enabled
BIOS Config Lock                             Enabled
GbE Config Lock                              Enabled
Host Read Access to ME                       Disabled
Host Write Access to ME                      Disabled
Host Read Access to EC                       Disabled
Host Write Access to EC                      Disabled
SPI Flash ID 1                               EF4018
SPI Flash ID 2                               Unknown
BIOS boot State                              Post Boot
OEM ID                                       00000000-0000-0000-0000-000000000000
Capability Licensing Service                 Enabled
OEM Tag                                      0x00000000
Slot 1 Board Manufacturer                    0x00000000
Slot 2 System Assembler                      0x00000000
Slot 3 Reserved                              0x00000000
M3 Autotest                                  Disabled
C-link Status                                Disabled
Independent Firmware Recovery                Disabled
EPID Group ID                                0x1F8A
LSPCON Ports                                 None
5K Ports                                     None
OEM Public Key Hash FPF                      ABEBC4307D5450DD7A66969A7F6A0EA9F470CEDEC6A1FB3011D8603D8459C9F8
OEM Public Key Hash ME                       ABEBC4307D5450DD7A66969A7F6A0EA9F470CEDEC6A1FB3011D8603D8459C9F8
ACM SVN FPF                                  0x2
KM SVN FPF                                   0x0
BSMM SVN FPF                                 0x0
GuC Encryption Key FPF                       0000000000000000000000000000000000000000000000000000000000000000
GuC Encryption Key ME                        0000000000000000000000000000000000000000000000000000000000000000
                                            
                                             FPF                      ME
                                             ---                      --
Force Boot Guard ACM                         Enabled                  Enabled
Protect BIOS Environment                     Enabled                  Enabled
CPU Debugging                                Enabled                  Enabled
BSP Initialization                           Enabled                  Enabled
Measured Boot                                Enabled                  Enabled
Verified Boot                                Enabled                  Enabled
Key Manifest ID                              0x1                      0x1
Enforcement Policy                           0x3                      0x3
PTT                                          Enabled                  Enabled
PTT Lockout Override Counter                 0x0
EK Revoke State                              Revoked
PTT RTC Clear Detection FPF                  0x0

 

I got that error when I flashed modded BIOS after I was sick and tired of Dell. That means few users bricked their boards on 1.4.4.

 

Daz from MDL forums gave me patched BIOS with new microcode on top of 1.3.12 and he added NVRAM clear option /N in AMI flash exe. Maybe that fixed the problem. After that I was able to update MEI using the same steps listed in OP.

 

Yeah, I think the underlying problem here is that the stock Dell firmware is not properly configured to apply updates to the Intel ME region of the BIOS. Patching UEFI BIOS firmware images is beyond my skillset, so I had to figure out how to re-unlock local updates and manually flash an appropriate ME bin.

Whatever Intel ME bin is (or was meant to be) included in the Alienware 15R2/17R3 1.4.4 BIOS is probably older than what I ended up with anyway.

 

They might have missed ME argument in AMI BIOS flash procedure

 

I can confirm that clearing the CMOS by shortening the CLRP1 pins enables "Local Update" again. The ME firmware update took just a few seconds afterwards.

 

BTW, in case anyone was wondering: If you boot straight into your BIOS menu after shorting CLRP1, you'll know it worked by the fact that the RTC (system clock) got reset.

 

Also, someone asked me for more details on what I did, so here's my guide:

Steps 1-2 are only needed if MEInfo reports Local FWUpdate is Disabled.

1. Turn off laptop, open the back, take out RAM, short CLRP1 pins to clear CMOS.

For this step, you may want to find a YouTube video on how to replace the RAM in an Alienware.

Power the laptop down and unplug the AC adapter.

Turn the laptop over and take the 2 screws out of the largest panel in the middle, then pop the panel out. Remove the RAM chips one at a time by pulling the retaining clips outward just slightly, then sliding the RAM out of its slot.

Toward the right side of the RAM area you should see 2 tiny metal dots accompanied by the text "CLRP1". Use something metal to create an electrical connection between the two pins. I used a flat-head tip from a micro-screwdriver kit, but a wire would work too.

Put the RAM back in, and reinstall the cover, then plug the AC power back in if desired.

If you go straight into the BIOS setup (mash F2 repeatedly starting right after you poke the power button), you should notice that the time is 00:00:00.

2. Boot into BIOS setup and make sure everything is correct (especially RAID versus AHCI mode). Save and exit.

For this step you may want to take pictures of your BIOS settings with a cellphone or similar. At this point my only customization is changing the disk controller to AHCI mode because I don't care about RAID. Booting in the wrong mode may make your OS cranky.

3. Go to win-raid thread and get the appropriate Intel ME firmware (for Alienware 17 R3 it's probably Intel CSME 11.8 Consumer PCH-H Firmware v11.8.50.3448, but look it over and decide for yourself)

Here's the win-raid thread, which talks about all the pieces you need and provides links: https://www.win-raid.com/t596f39-Intel-Management-Engine-Drivers-Firmware-amp-System-Tools.html

What you need:
- MEI driver. You should be able to install the Consumer one from step A3. It looks like you already have MEInfo, so use that after to make sure that MEI Driver Version is at least 11.7. You may need to uninstall your current drivers from "Programs and Features" and/or perform a repair install to get it to stick. Don't worry about the command line junk from this forum, it's useless voodoo unless you're wanting to install a minimal number of pieces of the software (possible exception is the re-keying procedure covered on the win-raid forum thread).
- ME firmware. You'll have to figure out which one you need from list B1. I'm pretty sure that Alienware 17 R3 needs "Intel CSME 11.8 Consumer PCH-H Firmware" due to the fact that MEInfo reports an 11.0 version followed by an H. I have an Alienware 17 R3, and that version is working for me.
- Flashing tool. This is FWUpdLcl in the FWUpdate folder tree in the same toolset that includes MEInfo.

4. Use FWupdcl to flash the update

- Extract the ME firmware .bin to the same folder as the FWupdcl version you plan to use (under WIN or WIN64 probably).
- Open a Command Prompt (cmd.exe) as Administrator (Start->cmd.exe in search box->right-click the cmd.exe icon and do Run as admin->click Yes on UAC prompt)
- Change to the folder that FWupdcl is in (cd "\some\path\to\stuff")
- Run this command, replacing FWUpdLcl64.exe with the specific name of the FWupdcl flavor you're using, and Data.bin with the name of the ME bin you want to flash:
FWUpdLcl64.exe -f Data.bin

5. Reboot

This one is self-explanatory. Wait until the flash completes and then reboot. Run MEInfo again to verify the update is installed, then run the vulnerability checker to verify that you're no longer vulnerable.

 

THIS ONE WORKS!!! Thanks @HunterZ0
@Vasudev try updating OP if it is ok with you.
@elnotebooko follow this guide above. It worked for me.

 

Nothing to say except that it finally worked!
Millions of thanks!

 

This forum is awesome right? The people here are very helpful. ^_^

 

Already added @HunterZ0 method to OP as well.
I also added beta method in case someone doesn't want to open the laptop. I haven't tested it.

 

@HunterZ0 Was Computrace activated or deactivated on your PC?
Looks Absolute Lojack can prevent tempering as well.
How many people found success using HunterZ0's guide? I might put success rate in OP? The reason I'm asking this because I'm busy with work right now! So I can't read each and every page in detail.

 

Proposal:
You could make a post here saying "please like if hunters method worked for you".

Gesendet von meinem Redmi Note 4 mit Tapatalk

 

HunterZ0's method worked for me on the other 17R3 here as installing the bios didn't update the ME firmware but after doing the short CLRP1 pins to clear CMOS and redoing the bios it updated the ME firmware.

 

Make a Poll. You are the thread creator, brother.