IMPORTANT SECURITY UPDATES!

That file contains only MEI FW

 

For those who don't want to install the fully Bloated package - MEI Drivers & Software v11.7.0.1065. From Win-Raid.com

• Intel MEI Driver v11.7.0.1057 (Windows 8 & Windows 10) INF for manual installation
• Intel MEI Driver v11.7.0.1057 (Windows XP & Windows 7) INF for manual installation

 

I just finished updating my 1710 (PA71HS) with the latest Intel microcode they released on Jan 8. (Went from ver 5E to 80 for 7700HQ) and installed 16299.192. SpeculationControl shows that HW level protection is now enabled.


You can do this now using VMWare's Microcode updater driver. Or you can use UBU to modify a BIOS file with the correct extracted bin and flash that. (much more work)

 

Doesn't that remove Secure boot functionality? Because EFI Signing certificate is missed when you add custom menus and stuffs.

 

I know that the files in the OP are for another vuln, but i thought that this thread was already hijacked for discussion about meltdown/spectre... so i asked about a "new" bios with updated microcode from prema

 

CPU Vulnerabilities, Meltdown and Spectre, Kernel Page Table Isolation Patches, and more
http://forum.notebookreview.com/thr...-page-table-isolation-patches-and-more.812424

 

All PremaMods published this year (revisions showing 01/01/2018+) already have the new code. If you have an urgent need for it, I would suggest to just update the code in Windows manually or wait for MS to force it on you via one of their next updates.

http://forum.notebookreview.com/threads/how-to-update-microcode-from-windows.787152/

Again, this has nothing to do with the patch discussed in the OP!

 

I'll be updating the vmware ucode patcher in this thread. http://forum.notebookreview.com/thr...en-ht-on-laptops-pc-fix-is-here.806451/page-2

 

Hello everyone,

I have a P770ZM.

This is my situation.

Am I OK??

Thanks

 

Yours is invulnerable. Just update ME driver as per Papusan's post or use this direct link http://www.mediafire.com/file/6vgw43f777hf7ef/

 

Those affected by Spectre and Meltdown use this microcode update tool from vmware updater here [WARNING] Intel Skylake/Kaby Lake processors: Broken HT on Laptops & PC [Fix is here]
I checked only Intel because AMD uCodes are dated 2016 and I don't think the fix is still included.
Those on skylake 6700HQ will see a bumped uCode value from BA(HT bug fix) to C2.

 

Thanks!
Just update the driver!

 

Yes. Right click on that inf file and choose install.

 

Based on the OP. My test came back as vulnerable; model P65_67RSRP....Driver version 1.7.0.1057.

As an edd user should I be worried?

 

If it's vulnerable, simply run the patch.

 

Thanks a lot, Prema!

So once again the community here does the manufacturers/resellers' job...

 

So far so good on W65KJ1_KK1 system with your patch tool, BIOS 1.05.04 (feb 2017)

 

Here you can find the Bios version 1.05.08 (from my german reseller dubaro.de) - i did not flash it yet because i am moving into my new house next week and have no time to do updates at the moment ;-)

 

Just make sure to flash the patch from the OP again after any firmware update dated earlier than this year, as it'll be overwritten by regular Clevo update packages.

 

Even if I run the batch file inside the BIOS folder (not ALL folder) ?

 

Then it's not a stock Clevo update and you are fine. Clevo's own files flash everything.
Other packages are only offered to re-seller.

 

Well I don't know the official source of this BIOS package... so I don't want to risk anything now. My PC is working fine
If anyone used the package feel free to give us a feedback!

 

Since the update the computer shutdowns when it's coming back from a long sleep (on lid opening). Don't know why... I saw an event saying "kernel power manager has initiated a shutdown transition" even if all my settings are set to "sleep". This is happening since the Intel ME update. Any idea ? Could it be related to ?

A guy here has the same issue on a Windows 7 laptop :
https://superuser.com/questions/107...after-powercfg-exe-hibernate-off-on-my-laptop

I will check the events this afternoon to see if there is more info

 

That's usually something when the battery level was too low at one point during the sleep state.

 

My laptop was plugged in ;-)

 

Then IDK, this is usually the OS's job and not something the ME takes care off...maybe just toggle the settings with a full shut-down in-between.

 

Now that you're saying I had a similar issue a few days ago while playing a movie in Kodi.
Kodi crashed then suddenly Windows was shutting down. It was before the Intel ME update.
Settings are all set on : Sleep, in the control panel. Strange behavior then. It does not happen all the time of course. I've reset every parameter in the control panel and then set it back to the desired value. I'll see if it helps.

 

Hi,

I have a P650HP-G and even though I have the latest BIOS installed and also installed the latest Intel Management Engine driver, it still says it's vulnerable and detected IME to be version 11.8.50.3425

Can anyone help?

Thanks

 

So Clevo's official update failed to patch it...
Can you post a screenshot of that message?

 

Your Security Version is on zero while it should be on 3.
Try to uninstall and re-install the latest ME driver.

 

I might've missed one thing though. Should I install the Tool from your website Prema? Or just the IME driver is enough?

 

You can't use the Tool from the website because you have already updated by using Clevo's update. Power cycle the system (incl. un- and re-plugging power while it is off) and re-install the driver.

 

Right, some weird stuff going on.

So, I uninstalled IME, reinstalled, ran the scanner and it showed the correct IME version, and that it was patched and NOT vulnerable. Decided to reboot and see if anything changed and the exact same thing shows up in the screenshot I attached even though in Device Manager IME is still there with the correct latest version.

 

Thank you very much, @Prema ! What would the Clevo Community be without people like you that provide with free updates and mods that manufactuers either take ages to release or don't release at all? It's greatly appreciated!

 

Don't worry it's patched. The reason you are seeing this inconsistency is that when using a manual driver installation method instead of the complete installer that the Intel Dynamic App service won't get installed.

 

Downloaded the ME_11_TOOL.zip and IZArc is asking for a password when I try to unzip the file.

I have not a clue what the PW might be. I did try "admin", but that did not work.

 

Thanx Prema. I think im OK!

 

Password in OP.

 

Thanks steberg I found the PW.

When updating my Clevo N130BU I get this in the error log:
"Error 8704: Firmware update operation not initiated due to a SKU mismatch"

 

That's odd, I think you need to ask Prema. AFAIK, Prema has included all variants of MEI FW for easy patch.

 

I downloaded this and ran the included batch file, all is good.
http://www.station-drivers.com/inde...tory&Itemid=352&func=fileinfo&id=3219&lang=en

 

Careful man, better remove the link, as running that will brick almost all the other Clevo's, as they don't use the L&P version of the Management Engine.

 

Instead of doing this, is it possible to disable the ME completely by setting the HAP bit?

 

I wouldn't stop the ME from loading (doing that is not actually disabling it) on a Windows based system.

 

Why not?

 

Many Clevo's wouldn't even boot no more and the others would throw a ton of errors during runtime from sys-calls going into nowhere.
Among other things you also loose the capability to overclock the BCLK...

It's something you would do on a development system working in classified environment etc, but not on a gaming or benching system as it would harm the performance.

 

Hrm weird,

Some manufacturers like System76 (Clevo reseller) are already doing this along with neutering ME with me_cleaner. I've not heard of major issues.

Although they are not really focused on overclocking.

 

All S76 systems are designed for Linux and already use special firmware for that.

 

They're designed for Linux but what prevents them from running Windows? Some users on Windows have already tried this such as https://www.win-raid.com/t2443f39-Guide-Disable-amp-Remove-Intel-Ibex-Peak-ME-Ignition-firmware.html