IMPORTANT SECURITY UPDATES!

Thanks, I got it sorted. The tool wasn't helpful in the end.

 

Hi Prema
Please may I get your advice on this ....

Here is my result from the Intel tool, Then here is another result as well, I am on win 10 1803 updated bios just a few days ago via Sager .... Thank you in advance!

 

Your ME is not up to date but patched, your BIOS is not.
Just use the MS microcode patch from section 3 of the OP and you are good.

 

Yes I tried this already, however it says it does not apply to my version of win 10, i am on 1803. Any ideas? Thank you!

Edit: I tried the patch KB4090007

 

MS postponed the public release of 1803 due to a 'bug', once it hits the mainstream the updated code patch will do as well.

 

Ok super, I will await MS updates for 1803 and go about my business as usually Thank you again!


Question please: Will it then say version 0x84?

 

Whatever is the most current at the time of release. It'll say:

► Spectre (CVE-2017-5715) Patched ◄

 

Mon, Apr 23, 2018 at 9:34 AM
Hi Marinicola12,

We just got a new unrelease ME version, after testing without problem then will email to you.


David
Sager Computer Inc.
18005 Cortney CT.
City of Industry, CA 91748
Tech Support Email: [email protected]
Phone:800.741.2219
Phone:626.964.4849
Fax:626.964.2381

 

Latest ME link is in section I of the OP! Intel hasn't updated them further in a cool Minute as they are now focused on ME12...

 

Just curious, is there anything wrong with using ME12 driver on ME11 firmware?

 

Driver are backwards compatible as long as it is an official release and not a specific beta...

 

I am not understanding how to follow the sections/instructions .... Can you please explain more here? Thank you!

 

Not sure if I can make it any easier than described in the OP:

- Go to premamod.team

- Select 'Maintenance" > "Firmware Updates" > "Management Engine" > 11.x

- PW: premamod.com

- Double click MEtool.exe

- Confirm by clicking on 'yes'

 

I got it!! Thank you again!

 

Hi, I started to manually update my old TPM version, but I got stuck in 4.34.1010.2. There seems to be a dead end there, since the next updatable version seems to be 4.40.119.0. There is not a TPM12_4.34.1010.2_to_TPM12_4.40.119.0.BIN so could somebody help me here? Thanks in advance.

 

Your system is already patched. 4.40+ update is not for your chip model.

 

So I should be good & safe with this update then right?

 

Yes

 

Thanks Perma.

 

I got notified to update my TPM. should I do it?

EDIT: OK I may need some help here LOL

when i tried to go into the command prompt it said winload.efi failed.

nvm, I followed some instructions and I got it working.

 

My manufacturer is not prema. I'm using same as clevo P775DM-3g model. I7 7700K & GTX 1070 should i update IME 11 & TPM ?

 

hmmm....my TPM only updated to 5.62.3126.2.

I think that's the highest it can go, but at least windows 10 isn't chucking a tantrum over it.

 

It's for all Clevo's.

Nope, you have to use the updater from the OP to get to the latest version.

 

I had a look and there's no 5.62.3162.2 to 5.63.3144.2 bin file.

 

Right, though it's strange for a P870DM chip to use the .2 version...

 

the original version was 5.51.2098.2. Is it supposed to be a firmware ending .0?

 

They may have used different models for the same board...

 

that's possible but as long as windows 10 isn't making a fuss over it I'm happy

 

Check it up under Windows Defender > Device Security > Security Processor > Security Processor troubleshooting > Collect Logs and see what w10 is telling.

 

Hi, so I followed the instructions, and I'm all the way on the last step - and I'm having problems now.

When I go to change directory to my USB drive, which was set to E, it won't let me change it.

I type "cd e:" it then shows E:\ on the next line and them jumps back to x:\windows\system32>. Doesn't let me enter any commands on E.


I can't figure out how to launch the update command on the USB drive from here. I'm stuck on the X directory for some reason?

Any ideas?

Thanks.

Edit I do have the option to use USB device and it shows my flash drive, from the Choose an option menu, above the Troubleshoot option.

Should I just go into that and try to run the update?

Edit2: I just noticed that at the top of the Command Prompt Window it says, "Not enough memory resources are available to process this command."

????


UPDATE: solved. Windows decided to change my Drive Letter from E to F in between one of the reboots. And Only typing "F:" would change the drive letter, no "cd f:".

It updated. Works fine now. Thanks.

 

I updated from version 5.60.2677.0 to 5.63.3144.0 For my Clevo P870KM-G. I had the same message and just typed f: which was my usb directory.

 

You can follow what @Mari1225 said.
One more thing, cd is the command you use when switching between directories and not switching among differents partitions/volumes/disk.
If you want to goto another partition/disk simply type the volume letter followed by a colon. Example: G: and hit enter key.

 

Yea, I was more freaking out that my USB drive letter wasn't even showing up.

It was set to E: when I put all the update files in the root folder an I never removed it from the USB slot. I had A, B, E and so on available, but somewhere in between it switched to F and thus, temporary panic ensued.

But once I scanned through the available drives and found all the .bat files for the TPM update in F:, I knew I was good.

 

I have a P870TM1 system. Running tpm.msc, I see that the Manufacturer Version: 5.61.

However, Prema's update contains 2 BIN files starting with 5.61.xxxx ( TPM20_5.61.2785.0_to_TPM20_5.63.3144.0.BIN & TPM20_5.61.2789.0_to_TPM20_5.63.3144.0.BIN), how do I know which one to use?

 

You don't have to select any of them manually. The system will flash the one and only compatible file automatically (read the README) by just typing 'update' and confirming with enter. Nothing more to do.

 

x

 

Sorry, but that guy re-uploaded my very first upload (which I had removed within an hour) without removing the 1.2 to 2.0 updates. If you use it to update from 1.2 to 2.0 without also having a new BIOS to support it, the TPM will now no longer be able to communicate with the BIOS on those systems, so don't. Only update 1.2 to 1.2 and 2.0 to 2.0 unless you are provided the matching BIOS files as well.

@ ALL this has nothing to do with the files you can find in the OP!

 

x

 

This thread is only for end-user to update their TPM chips on Clevo systems.
If you want to convert a 2.0 to 1.2 you shouldn't have updated them...
Now you will need to request the TPM20_5.63.3144.0_to_TPM12_4.43.258.0.BIN downgrade file from your TPM chip supplier or Infineon...

 

x

 

directions too complicated, got dick caught in ceiling fan

 

So how is the broken part, were you able to fix it?
I reckon you're already updated to new version since EVOC sends you latest BIOS and patches.

 

yeah i was able to fix the ceiling fan

 

Ok never mind.

 

were you referring to a part on my computer? cause I've had zero problems so far

 

Yes I was specifically asking for MEFW.

 

Hi guys - I ran Prema's update tool successfully and my TPM management window says I'm at version 5.63.3144.0. Turned TPM back on in BIOS, and then did full shut down. The Intel tool is still telling me I'm vulnerable though, should I be concerned?

Edit: I have a Sager NP8157 / Clevo P650HS-G purchased 3/2017.

 

OP updated with CPU Spectre patches for Win 1803!

You have to clear the TPM in BIOS or the old vulnerably keys will remain in the TPM...

 

Crap, I thought I did, but it's possible I messed up the part where I clear it in the BIOS. Can I retry the process from the beginning, or is it too late now? Thanks in advance!

 

Clear it now to reset the chain (make sure none of your drives are still encrypted with the old keys or you will loose access).