Please report all spam threads, posts and suspicious members. We receive spam notifications and will take immediate action!
Page 3 of 8 FirstFirst 12345 ... LastLast
Results 21 to 30 of 80
Like Tree38Likes

Thread: About Intel Management Engine firmware

  1. #21
    parsec's Avatar
    parsec is online now Senior Member
    Join Date
    Jun 2012
    Location
    Third stone from the sun
    Posts
    3,911

    Default Re: About Intel Management Engine firmware

    Quote Originally Posted by virtualfred View Post
    Thanks for your support

    You ask me a lot of work
    But don't you know LS29/Sonix is actually working on an impressive tool to do it easily ? Fernando creates and keep update a thread about this UEFI BIOS Updater (of course Stasio added a link for this tool in his thread below "AMI (UEFI) BIOS Tools").
    I tried it and think this tool can be the better and easiest way to replace ROM in BIOS. For the moment it's not perfect with microcodes because it delete all µcode present and replace with Haswell 317 or Ivy 729/919.
    UBU could be the future for BIOS mod... when it will update ME FW... I will be on vacation
    I just tried UBU, and it works with ASRock UEFI/BIOS firmware, but the resulting file needs a small fix before Instant Flash will accept it. The first 4K/4096 bytes of the modified file must be removed before the file can be used. Just differences in the firmware that each board manufacture uses.

    virtualfred, in the USA we would say you would be out of a job... but vacation is better!!
    virtualfred likes this.

  2. #22
    parsec's Avatar
    parsec is online now Senior Member
    Join Date
    Jun 2012
    Location
    Third stone from the sun
    Posts
    3,911

    Default Re: About Intel Management Engine firmware

    Quote Originally Posted by virtualfred View Post
    MEinfo works with EFI/GPT under Windows 64, i'm using it... but ME FW can be locked by Asrock, as FITC can't load it (must be extracted before to see ME FW 9.0.2.1345).
    Interesting, because the Intel System Tools guide that is part of the software package contains this:

    "The Windows* 64 bit tools will not function when the OS is configured to use EFI / GPT boot capabilities", page 17.

    But if you say it can work, I believe you, but it must be locked as you said.

  3. #23
    RootWyrm is offline Junior Member
    Join Date
    Jul 2013
    Location
    Northeast Ohio
    Posts
    28

    Default Re: About Intel Management Engine firmware

    So here's some fun...

    So you want to understand PCH Straps (PC Hub Soft Straps)
    This not terribly easy to locate PDF is your starting point. What it tells you is this: "More details on how to set them correctly please refer to FW Bringup Guide or PCH SPI programming guide Appendix A -, for more detail."
    So is your starting point - at least for X79. This will make your brain hurt tremendously. (Of particularly interest to most of you, pp 474; want to set ABAR +C8h bit = 10 (2-wide) 11, bit 5 = 1 so you have time to get into IRST/RSTe. You're welcome!) For those of us dealing with the hell that is the X79S-UP5's den of dangerous incompetence, we need this guide. It will make your head hurt even more than the X79 Express guide, trust me.

    High-End Desktop vs. Workstation on C600, what's it mean?
    I'll save you all the time and headaches of reading: NEVER SET A BOARD TO HEDT IF YOU INCLUDE SAS. See 5.18, first damn note. To wit: "Note: SAS is not available on HEDT." If you set IME to HEDT on a WS SKU, you break things. Great job reading, Gigabyte.
    Otherwise, HEDT and WS/SVR describe two different SKUs. Ready for the fun? X79 = HEDT, and all C600's are WS/SVR. Meaning Gigabyte tried to copy-pasta from X79 on the X79S-UP5 with some of those BIOS builds. MORONS!!

    Let's Talk About Strap 16
    PCH Strap 16 is only found on the C600s and handles the disk controllers. Not controller - controllers, plural. The Intel C606/C608 uses a pair of SCU-4's to provide 8 ports of SATA/SAS behind a common PCIe BAR plus the PCH SATA Host Controller at D31:F2 and F5. Emphasis here goes on "common PCIe BAR" for SAS - this means the two SCUs essentially appear as a single unit. But you do have to watch yourself in FITC, because if you break the PCIe BAR, you can lose one or both SCUs. The BAR is controlled Elsewhere(TM) and I very strongly advise against poking it, even cautiously.

    Now for the important big red warning.
    Changing Strap 16 settings on configured systems WILL CAUSE DATA LOSS.
    ^^^ SEE ABOVE SEE ABOVE FOR THE LOVE OF THE GODS SEE ABOVE BEFORE YOU EVEN LOOK AT THIS STRAP!!! ^^^
    Seriously, I will shout it in your face with a megaphone if necessary. Thankfully, you can't cause physical damage via FITC + Strap 16, but seriously. You will lose data. Period. If you change RAID Capability, you may invalidate all existing arrays. Or drop your disks. If you enable SMPT it may freak out your disks. If you're going to play here, use disks you don't care about losing data on.

    So here's what a default configuration for Strap 16 looks like on a bootstrap (complete) BIOS as opposed to a BIOS update (which can omit any of these values to preserve existing.)
    Code:
    RAID Capability	        00	RAID Capability Modes			
    STPI Disable	        FALSE	SATA Tunnelling Protocol			
    SMTP Disable	        FALSE	SAS Management Protocol Target			
    SMPPI Disable	        FALSE	SAS Management Protocol Initiator			
    SSPI Disable	        FALSE	Serial SCSI Protocol Initiator Disable			
    CDMA Enable/Disable	FALSE	Context DMA Access Control, YOU NO TOUCHY.			
    NVSRAM Disable	        FALSE	Disable/Enable NVSRAM storage of configuration			
    ROL SMBus Disable	FALSE	ROL?? SMBus Connection Control (May be Rotate Bits Left?)			
    SSB-D PCIe UpLink 	FALSE	Disable/Enable switch, but undocumented! Sigh.
    SAS #1 Disable	        FALSE	SAS Gen1 Control. Counterintuitive, yay!
    Confused yet? Good. Not listed or pictured are the LSI straps which is best described as the tenth layer of hell. (They're not really configurable from FIT, but they do clutter it to all hell.)

    Now let's look at what Gigabyte gets wrong and why it's a huge pain to fix.

    GA-X79S-UP5-WIFI - F4 BIOS (Release)
    Code:
    RAID Capability	10	A/K/A PBGT to PBGD, wat? >:|
    STPI Disable	TRUE	Breaks SATA Tunnelling Capability! Good job!
    SMPT Disable	TRUE	Disables SAS Link Management. DERP!
    SMPPI Disable	TRUE	Yay, now you can't use enclosures either.
    CDMA Enable	TRUE	Um, wat? Y u do this?
    NVSRAM Disable	TRUE	2MB free and you can't use a raw region?
    Obviously all files examined come from C606 boards. One is from a Supermicro X9DB3-TPF. Which can run RAID sets on SATA and SAS in parallel - but also happens to have a 128Mbit (16MB!!) BIOS. Yes, twice the size of the X79S-UP5. Suck on that, DualBIOS? But as you can see, Gigabyte broke a lot of things in very bad ways. And these are not easy things to fix, because 1) see big red warning 2) enabling a disconnected pin may cause physical damage. Which isn't to say STPI is safe to turn on (it should be!) but there is always a potential for physical damage.
    RootWyrm is absolutely not responsible if your motherboard catches fire, explodes, steals your girlfriend/boyfriend or drinks all your beer and eats all your bacon!

    The other problem is that the documentation for Strap 16 is basically nonexistent. And seems contradictory, to boot. Case in point, the X9DB3-TPF has the same RAID capability/limitations as the X79S-UP5 - but uses 00 (PBGT). Given the description, I'm guessing 11 routes PBGT to the SCU-4s as PBGA + PBGB, but I have no idea. A board with working SAS RAID5 uses value 01 which is NOT a valid setting - so don't do that.

    SATA vs SAS vs SCU vs IRST vs RSTe
    Updating these is a ... lot more complicated than you think at first blush. For X79 we have it down to a science because let's be honest, the chipset's about as interesting as watching paint dry.
    The flip side is that the C600 is a nightmare scenario of "you have to update ALL THESE MOVING PARTS." Here's ALL the OROM components that make up a C600 which you must update. These cannot be updated in FITC and are not updated as part of IME. A running IME Agent is able to identify the driver versions.

    Here's all the bits you need to see in MMTool which need to be updated (or confirmed up to date and compatible.)
    DRVR, ScuDriver, GUID 85FB8D3D-61A4-4518-9ACF-76FCAE169568 - SCU Specific, Current: 3.8.0.1106 (NOT the same RSTe!)
    DRVR, SataDriver, GUID 43A0A7B3-1E92-42EF-A46D-DDC03E52CB5C - RSTe (you know which one it is.)
    DRVR, SbPchSmi, GUID 116242C9-0C85-4AB9-BC34-454547B9F45D
    DRVR, AHCI, GUID 8F5A2E02-538C-4D59-B920-C4786ACBC552
    DRVR, AhciSmm, GUID BC3245BD-B982-4F55-9F79-056AD7E987C5
    DRVR, SBAHCI, GUID 7CCD5C07-8B3A-4BE7-9D12-56B47CBFBCCB
    DRVR, SBIDE, GUID ED32F7E0-5F9A-499D-BDBA-B1EB58D5B0EB

    The F4 "release" BIOS is, no surprise, antiquated. It's shipping with SCU 3.7. The current is obviously 3.8.0+. Here's where Gigabyte continues to heap insult to injury onto us in a fashion that is straight up criminal:
    SCU version 3.6.x ONWARD can be soft-switched (BIOS and OS) between SAS and SATA modes. When set to SATA mode on the SCU, RAID5 is enabled on SCU (which is not SAS!!) ports by default. Oh, and the SAS ports aren't actually SAS. That requires an Intel ROMB Upgrade Key, which the board doesn't even support. It doesn't have the header required - and Gigabyte knows it. Because the GA-6PXSV2 (which you can't buy) has the header and they sell the SAS key as 25FCZ-A03C62-A7R. It's right there in the README.
    Yep. So not only is the shadow issue the result of incompetently handling UEFI (in a full UEFI load, there is room for RSTe + SCU) but they're deliberately crippling the board in order to.. what? Not compete with boards they refuse to sell? And the Supermicro X9SRi-3F absolutely proves that the C606 SCU in SATA mode does RAID5 with no ROMB key.

    Enabling Hot (Non-BIOS Flash) IME F/W Updates!
    Yes, this is possible. You require software from Intel to do so. Here's the settings to enable it:

    ME Region\Configuration\ME\Host ME Region Flash Protection Override = true - this permits writing via BIOS and OS.
    ME Region\Configuration\ME\M3 Autotest Enabled = true - NEVER DO HOST FLASH WITHOUT M3 AUTO. If you have no ME H/W Recover jumper, yeah. Bad things.
    ME Region\Configuration\ME\Independent Firmware Recovery Enable = true - this is the switch that enables agent software update method!
    ME Region\Configuration\Features Supported\Workstation/HEDT = Workstation - only valid on Workstation SKUs! (Sorry X79 folks.)
    ME Region\Configuration\Features Supported\Manageability Application Permanently Disabled? = No - self-explanatory!
    ME Region\Configuration\Features Supported\Intel (R) ME Network Service Permanently Disabled? = No - self-explanatory again!
    ME Region\Configuration\Features Supported\Manageability Application Enable/Disable = Enabled - do I have to explain this one?
    ME Region\Configuration\Manageability Application\BIOS Reflash Capable = true - this also permits full BIOS flash via ME on some boards.
    ME Region\Configuration\Manageability Application\USBr EHCI - DO NOT CHANGE THESE VALUES EVER. Super bad things happen.
    ME Region\Configuration\Manageability Application\Idle Timeout - ME = <65535 (e.g. 3600)
    ME Region\Configuration\Setup and Configuration must be configured. Please see the Intel Active Management Technology documentation for how to deal with this part. The honest answer here is: I know it must be configured, but I don't know how to configure the certificate store and you need to either have an ODM ID, System Integrator ID, or Reserved ID depending on your deployment and preferred method.
    e.g. virtualfred could go nuts and decide to get himself an SIID from Intel Services, plug that into his modified BIOSes, and he could now deliver you a modified ME F/W semi-directly any time you want.
    It's not a real high end workstation till it's got four sockets, eight video cards, and takes two thirty amp circuits to run. Yes, I build those kind of systems too.

  4. #24
    Zardoc's Avatar
    Zardoc is offline Junior Member
    Join Date
    Dec 2012
    Location
    Quebec / Canada
    Posts
    34

    Thumbs up Re: About Intel Management Engine firmware

    Virtualfred, Comme les Québécois disent, '' Té malade'', mais on t’aime comme ça!

    Really ice job!!
    Last edited by Zardoc; 11-06-2013 at 05:19 PM.
    Click Here for the Specs of My Machines
    I Think I'm so smart, that I'm dumb enough to believe it!!

  5. #25
    profJim's Avatar
    profJim is online now Chief Munchkin + moderator
    Join Date
    Dec 2008
    Location
    Tacoma, WA. [USA]
    Posts
    7,068

    Default Re: About Intel Management Engine firmware

    Quote Originally Posted by Zardoc View Post
    Virtualfred, Comme les Québécois disent, '' Té malade'', mais on t’aime comme ça!

    Really ice job!!
    Google translate didn't do very well with your post.
    Maybe it's your accent.

  6. #26
    virtualfred's Avatar
    virtualfred is offline Super Moderator
    Join Date
    Mar 2013
    Location
    France
    Posts
    634

    Default Re: About Intel Management Engine firmware

    Quote Originally Posted by parsec View Post
    Interesting, because the Intel System Tools guide that is part of the software package contains this:
    "The Windows* 64 bit tools will not function when the OS is configured to use EFI / GPT boot capabilities", page 17.
    But if you say it can work, I believe you, but it must be locked as you said.
    I had not read it, but I confirm that it works (I will look at this 2.10 BIOS to see if something is locked...)

    @RootWyrm,
    I have to read your message again more slowly later, for now you lost me as soon the first lines...

    Quote Originally Posted by Zardoc View Post
    Virtualfred, Comme les Québécois disent, '' Té malade'', mais on t’aime comme ça!
    Really ice job!!
    Thanks... but what worries me is that this is not the first time someone told me !

    Quote Originally Posted by profJim View Post
    Google translate didn't do very well with your post.
    Maybe it's your accent.
    In French we say "t'es malade" (it could be having mad mind in english ?)... I thought Québéc accent rather sounds "tè malade"...
    It is really useful to complete and keep your PC Specs or Signature up to date in Settings /My Profile (motherboard, CPU, BIOS version modified or not ...) - Thank you all .
    Main rig : Z77X-UD5H BIOS F16 mod11 - Core i7 3770K @4.5GHz 1.30V - Noctua NH-D14 - GSkill TridentX 2x8GB @1200MHz CAS10 - Club3D HD5750 noiseless @800/1300 - Silverstone FT02S - Seasonic X-series 650W
    2x Intel 510 128GB RAID0 - 2x Samsung F3 500GB RAID0 + Samsung F3 1TB - Dell U2713H - Logitech Illuminated & G500 - Focal XS Book - Windows 8 Pro 64bits UEFI
    2nd rig : Z77X-UD3H BIOS F20e mod - Core i5 3470 @4.0GHz - Noctua NH-D14 -
    Crucial BT 2x4GB @933MHz CAS9 - Club3D HD7750 noiseless @stock - Lian-Li PC-A05FN - Seasonic M12II 520W
    Crucial M4 128GB - 2x WD10EALX RAID1 - Dell 2408WFP - Logitech Illuminated & G5
    - Bose Companion 20 - Windows 8 Pro 64bits Legacy
    HTPC : EG45M-UD2H BIOS F5a mod - Core2Quad Q8200 @2.8GHz undervolted to 1.10V - Noctua NH-C4 passive - OCZ 4x1GB @500MHz CAS5 - AMD HD6450 passive - Antek NSK2480 - Antec Earthwatts 380W
    Intel SSD 330 60GB - 2x WD WD30EZRX 3TB RAID0 - Logitech K820 - Windows 8 Pro 64bits + XBMC12
    Gigabyte Modified BIOS & About ME firmware

  7. #27
    Zardoc's Avatar
    Zardoc is offline Junior Member
    Join Date
    Dec 2012
    Location
    Quebec / Canada
    Posts
    34

    Cool Re: About Intel Management Engine firmware

    The real phrase is ''tu es malade'' (you're sick or you're mad) in French slang it's really ''té malade'' like the word tea in French because it takes great patience and devotion to type all that info and make sure it's right because some dude could be bricking his or her board. My daughter lives in Châtellerault. Next time I'll try a France phrase
    virtualfred likes this.
    Click Here for the Specs of My Machines
    I Think I'm so smart, that I'm dumb enough to believe it!!

  8. #28
    RootWyrm is offline Junior Member
    Join Date
    Jul 2013
    Location
    Northeast Ohio
    Posts
    28

    Default Re: About Intel Management Engine firmware

    Quote Originally Posted by virtualfred View Post
    I had not read it, but I confirm that it works (I will look at this 2.10 BIOS to see if something is locked...)

    @RootWyrm,
    I have to read your message again more slowly later, for now you lost me as soon the first lines...
    Ha ha ha, not to worry! I have actual low level development experience, so it's easy for me to go into stuff like register mapping. The problem is that FIT only provides partial access to the PCH Soft Straps essentially, so changing the RSTe/IRST OROM PopUp/TimeOut values is quite a bit more involved. The really fun part is that these elements are PCH register configuration post-MBIST pre-SATA Init and changing the defaults in the OROM, hooboy.
    Basically you'd need someone to disassemble the entire OROM and BIOS, find which one is holding the default values, find the register write, change the 00 to 11. Or more likely because M/B manufacturer BIOS quality has gone off a cliff universally, you'd have to insert a register write. In assembly. In real-mode. Yuck.

    The other problem is that Intel doesn't really document the PCH Soft Straps worth a damn. There may be more Intel Confidential documents that actually map register to FIT, but I've had no luck at all finding them. The important part is that the PCH Soft Straps are all controlled in IME/FIT and can't be adjusted safely with manual BIOS editing. In theory you could by doing modification of individual dumps, but it's a huge migraine. Plus IME may or may not overwrite depending.
    I also wanna write up something on how to use IME Recovery Mode, but I can't find the documentation on that either. The TL;DR version is that good boards (e.g. Supermicro) have a hardware jumper to set the IME F/W into Emergency Recovery Mode, which forces reload to recover from a corrupted or failed load. Key aspect being that jumper - which Gigabyte predictably omits to save probably half a cent. (But includes DAJP1 and refuses to tell us what it does - seriously!?) There's at least one other method to put the IME into recovery mode and it can be done from UEFI, but I've had no luck finding the documentation.
    It's not a real high end workstation till it's got four sockets, eight video cards, and takes two thirty amp circuits to run. Yes, I build those kind of systems too.

  9. #29
    virtualfred's Avatar
    virtualfred is offline Super Moderator
    Join Date
    Mar 2013
    Location
    France
    Posts
    634

    Default Re: About Intel Management Engine firmware

    Quote Originally Posted by RootWyrm View Post
    ...
    Enabling Hot (Non-BIOS Flash) IME F/W Updates!
    Yes, this is possible. You require software from Intel to do so. Here's the settings to enable it:

    ME Region\Configuration\ME\Host ME Region Flash Protection Override = true - this permits writing via BIOS and OS.
    ME Region\Configuration\ME\M3 Autotest Enabled = true - NEVER DO HOST FLASH WITHOUT M3 AUTO. If you have no ME H/W Recover jumper, yeah. Bad things.
    ME Region\Configuration\ME\Independent Firmware Recovery Enable = true - this is the switch that enables agent software update method!
    ME Region\Configuration\Features Supported\Workstation/HEDT = Workstation - only valid on Workstation SKUs! (Sorry X79 folks.)
    ME Region\Configuration\Features Supported\Manageability Application Permanently Disabled? = No - self-explanatory!
    ME Region\Configuration\Features Supported\Intel (R) ME Network Service Permanently Disabled? = No - self-explanatory again!
    ME Region\Configuration\Features Supported\Manageability Application Enable/Disable = Enabled - do I have to explain this one?
    ME Region\Configuration\Manageability Application\BIOS Reflash Capable = true - this also permits full BIOS flash via ME on some boards.
    ME Region\Configuration\Manageability Application\USBr EHCI - DO NOT CHANGE THESE VALUES EVER. Super bad things happen.
    ME Region\Configuration\Manageability Application\Idle Timeout - ME = <65535 (e.g. 3600)
    ME Region\Configuration\Setup and Configuration must be configured. Please see the Intel Active Management Technology documentation for how to deal with this part. The honest answer here is: I know it must be configured, but I don't know how to configure the certificate store and you need to either have an ODM ID, System Integrator ID, or Reserved ID depending on your deployment and preferred method.
    e.g. virtualfred could go nuts and decide to get himself an SIID from Intel Services, plug that into his modified BIOSes, and he could now deliver you a modified ME F/W semi-directly any time you want.
    Sorry but your post is too deep for me... but this last part could be interesting about Parsec issue :
    Quote Originally Posted by parsec View Post
    ... Alas, now I finally know why MEInfo always failed on my systems in the past... my OS(s) are configured to use EFI/GPT booting, and the Windows*64 bit tools won't work in that environment.
    Still trying to figure out how to use the EFI versions of the tools... not that I have found a version of the EFI shell that I can run from my ASRock boards
    I extracted and compared the ME FW of Asrock Z87 Extreme6 BIOS 2.10 with Gigabyte ME's settings... Here are a few differences :
    Code:
    ME Region\Configuration\ME\Independent Firmware Recovery Enable : true (Z87 Gigabyte : false)
    
    ME Region\Configuration\ME\Features Supported\Enable Intel Standard Manageability : Yes (Z87 Gigabyte : No)
    ME Region\Configuration\ME\Features Supported\Manageability Application Permanently Disabled? : Yes (Z87 Gigabyte : No)
    ME Region\Configuration\ME\Features Supported\PAVP Permanently Disable? : No (Z87 Gigabyte : No)
    ME Region\Configuration\ME\Features Supported\KVM Permanently Disable? : Yes (Z87 Gigabyte : No)
    ME Region\Configuration\ME\Features Supported\TLS Permanently Disable? : Yes (Z87 Gigabyte : No)
    ME Region\Configuration\ME\Features Supported\Intel Anti-Theft Tech Permanently Disable? : Yes (Z87 Gigabyte : No)
    ME Region\Configuration\ME\Features Supported\Intel ME Network service Permanently Disable? : No (Z87 Gigabyte : No)
    ME Region\Configuration\ME\Features Supported\Service Advertissement and Discovery Permanently Disable? : No (Z87 Gigabyte : No)
    ME Region\Configuration\ME\Features Supported\Manageability Application Enable/Disable : Disable (Z87 Gigabyte : Enable)
    These settings in bold could explain why Parsec can't use MEinfo ???
    Because I can use MEinfo on my Z77X-UD5H with GPT/UEFI (msinfo32 + meinfowin64) :

    Name:  msinfo32_meinfo.JPG
Views: 1502
Size:  66.6 KB
    ... so i checked my ME settings :
    Code:
    ME Region\Configuration\ME\Independent Firmware Recovery Enable : false
    
    ME Region\Configuration\ME\Features Supported\Enable Intel Standard Manageability : Yes
    ME Region\Configuration\ME\Features Supported\Manageability Application Permanently Disabled? : Yes
    ME Region\Configuration\ME\Features Supported\PAVP Permanently Disable? : No
    ME Region\Configuration\ME\Features Supported\KVM Permanently Disable? : Yes
    ME Region\Configuration\ME\Features Supported\TLS Permanently Disable? : Yes
    ME Region\Configuration\ME\Features Supported\Intel Anti-Theft Tech Permanently Disable? : No
    ME Region\Configuration\ME\Features Supported\Intel ME Network service Permanently Disable? : No
    ME Region\Configuration\ME\Features Supported\Service Advertissement and Discovery Permanently Disable? : Yes
    ME Region\Configuration\ME\Features Supported\Manageability Application Enable/Disable : Disable
    ... but the settings I thought responsible are also disabled on my Z77 !
    Quote Originally Posted by RootWyrm
    ... self-explanatory!... do I have to explain this one?
    So yes I really need explanation in plain language...
    Last edited by virtualfred; 11-08-2013 at 12:19 AM. Reason: typo
    It is really useful to complete and keep your PC Specs or Signature up to date in Settings /My Profile (motherboard, CPU, BIOS version modified or not ...) - Thank you all .
    Main rig : Z77X-UD5H BIOS F16 mod11 - Core i7 3770K @4.5GHz 1.30V - Noctua NH-D14 - GSkill TridentX 2x8GB @1200MHz CAS10 - Club3D HD5750 noiseless @800/1300 - Silverstone FT02S - Seasonic X-series 650W
    2x Intel 510 128GB RAID0 - 2x Samsung F3 500GB RAID0 + Samsung F3 1TB - Dell U2713H - Logitech Illuminated & G500 - Focal XS Book - Windows 8 Pro 64bits UEFI
    2nd rig : Z77X-UD3H BIOS F20e mod - Core i5 3470 @4.0GHz - Noctua NH-D14 -
    Crucial BT 2x4GB @933MHz CAS9 - Club3D HD7750 noiseless @stock - Lian-Li PC-A05FN - Seasonic M12II 520W
    Crucial M4 128GB - 2x WD10EALX RAID1 - Dell 2408WFP - Logitech Illuminated & G5
    - Bose Companion 20 - Windows 8 Pro 64bits Legacy
    HTPC : EG45M-UD2H BIOS F5a mod - Core2Quad Q8200 @2.8GHz undervolted to 1.10V - Noctua NH-C4 passive - OCZ 4x1GB @500MHz CAS5 - AMD HD6450 passive - Antek NSK2480 - Antec Earthwatts 380W
    Intel SSD 330 60GB - 2x WD WD30EZRX 3TB RAID0 - Logitech K820 - Windows 8 Pro 64bits + XBMC12
    Gigabyte Modified BIOS & About ME firmware

  10. #30
    RootWyrm is offline Junior Member
    Join Date
    Jul 2013
    Location
    Northeast Ohio
    Posts
    28

    Default Re: About Intel Management Engine firmware

    Quote Originally Posted by virtualfred View Post
    Sorry but your post is too deep for me... but this last part could be interesting about Parsec issue :

    I extracted and compared the ME FW of Asrock Z87 Extreme6 BIOS 2.10 with Gigabyte ME's settings... Here are a few differences :
    Code:
    ME Region\Configuration\ME\Independent Firmware Recovery Enable : true (Z87 Gigabyte : false)
    
    ME Region\Configuration\ME\Features Supported\Enable Intel Standard Manageability : Yes (Z87 Gigabyte : No)
    ME Region\Configuration\ME\Features Supported\Manageability Application Permanently Disabled? : Yes (Z87 Gigabyte : No)
    ME Region\Configuration\ME\Features Supported\PAVP Permanently Disable? : No (Z87 Gigabyte : No)
    ME Region\Configuration\ME\Features Supported\KVM Permanently Disable? : Yes (Z87 Gigabyte : No)
    ME Region\Configuration\ME\Features Supported\TLS Permanently Disable? : Yes (Z87 Gigabyte : No)
    ME Region\Configuration\ME\Features Supported\Intel Anti-Theft Tech Permanently Disable? : Yes (Z87 Gigabyte : No)
    ME Region\Configuration\ME\Features Supported\Intel ME Network service Permanently Disable? : No (Z87 Gigabyte : No)
    ME Region\Configuration\ME\Features Supported\Service Advertissement and Discovery Permanently Disable? : No (Z87 Gigabyte : No)
    ME Region\Configuration\ME\Features Supported\Manageability Application Enable/Disable : Disable (Z87 Gigabyte : Enable)
    These settings in bold could explain why Parsec can't use MEinfo ???
    HUGE difference is that you absolutely must not and cannot use IFRE enable UNLESS you have IFRE capability available. This mean partitioned dual I/O flash or separate NVRAM which stores a 'safe' ME image. Looks to me like there's a dual I/O wire flash attached through the Nuvoton (Winbond) at the bottom right. IFRE is a really, really dangerous element as it can self-brick the ME used incorrectly and I have no idea how to do it jumperless.
    Jumper method for IFRE is, well, enable and you have a jumper you set. (Wow, that was hard.) Said jumper is also the only way to enable write access to the recovery area if you need to bring it up for any reason - usually CPU microcode - and it is terrifyingly easy to brick. I've done it don't ask how many times on Supermicro X9SCM-F's in order to deal with a DMI Pool bug in Aptio UEFI core modules.

    Quote Originally Posted by virtualfred
    Because I can use MEinfo on my Z77X-UD5H with GPT/UEFI (msinfo32 + meinfowin64) :

    Name:  msinfo32_meinfo.JPG
Views: 1502
Size:  66.6 KB
    ... so i checked my ME settings :
    ME Region\Configuration\ME\Features Supported\Enable Intel Standard Manageability : Yes
    ME Region\Configuration\ME\Features Supported\Manageability Application Permanently Disabled? : Yes
    ME Region\Configuration\ME\Features Supported\PAVP Permanently Disable? : No
    ME Region\Configuration\ME\Features Supported\KVM Permanently Disable? : Yes
    ME Region\Configuration\ME\Features Supported\TLS Permanently Disable? : Yes
    ME Region\Configuration\ME\Features Supported\Intel Anti-Theft Tech Permanently Disable? : No
    ME Region\Configuration\ME\Features Supported\Intel ME Network service Permanently Disable? : No
    ME Region\Configuration\ME\Features Supported\Service Advertissement and Discovery Permanently Disable? : Yes
    ME Region\Configuration\ME\Features Supported\Manageability Application Enable/Disable : Disable[/CODE]
    ... but the settings I thought responsible are also disabled on my Z77 !

    So yes I really need explanation in plain language...
    MEInfo is not the Manageability Application. The Manageability Application is specifically referring to Intel AMT, which is the OS level actual-management part. MEInfo is just a diagnostic tool. If MAPD is set to Yes, then MA Enable is forced Disabled always. If you override that, it BRICKS THE SYSTEM. Not IME - the whole board. And I have NO idea why.
    MEInfo is also... buggy. I think that's a nice way to put it. Honestly, chances are that there is some stupid bug getting hit with MEInfo which is preventing it from reading. Especially on 64-bit. I would test with an MS-DOS USB boot instead.

    As far as those settings go, those are strictly for Intel AMT-method IME updating. Which means not having to exit OS or flash BIOS or any of that fun stuff. MEInfo pretty much ignores every last one of those settings - they just don't have any effect on it. MEInfo basically is only there to read back those settings once the system has booted the OS, and to confirm whether or not the IME drivers are working.
    The problem is that MEInfo is really stupid - and I mean REALLY REALLY stupid. It just does reads. It does them largely blind. Supermicro routinely changes ALL the version identifiers in IME (it's not a big deal) which makes FIT freak out, but MEInfo reads just fine including the altered versions.
    virtualfred likes this.
    It's not a real high end workstation till it's got four sockets, eight video cards, and takes two thirty amp circuits to run. Yes, I build those kind of systems too.

Page 3 of 8 FirstFirst 12345 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 57 users browsing this thread. (3 members and 54 guests)

  1. NaX,
  2. TheOne320,
  3. xfader

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •