IMPORTANT SECURITY UPDATES!

I cleared the TPM in the BIOS (for real this time), but after powering down, the Intel tool is still telling me I'm vulnerable. Am I screwed?

 

Yeah that's why the SOP tells us to clear them before:

"After the TPM firmware update, the TPM Chip will generate new secure keys. Nevertheless, even after the firmware update, old “weak” keys are still stored within the TPM chip and will continue to be used by related software products. The only exception is if the TPM. was cleared before the firmware update..."


Either way, clear them again but this time in Windows and BIOS. Should only take some more convincing to get rid of them for good afterwards...

 

OK, sorry Prema. Total newb here. Just to be clear, I'll clear TPM (OS + BIOS) again, but no need to run the update part, correct?

Edit: Hmm, after clearing the TPM a couple times via OS and BIOS, Intel tool still says "vulnerable."

 

Disable the TPM in BIOS, save and exit, make a full shutdown from Windows, clear TPM in BIOS, save and exit, make a full shutdown from Windows, re-a
enable TPM in BIOS.

 

At the risk of sounding even dumber, is it possible to clear the TPM in BIOS while it's disabled? I can disable the TPM just fine in BIOS, but then the option to clear the TPM is no longer available unless I re-enable the TPM.

The exact steps I performed were:

- disable TPM in BIOS, save and exit to OS
- full shutdown from OS
- re-enable TPM in BIOS (the only way to get clear TPM button to appear)
- immediately choose "clear TPM" option in BIOS
- full shutdown from OS

Unfortunately, Intel tool is still saying the same thing as before (vulnerable).

 

Stupid question, but you are using tpm.msc command to check vulnerability and not the Tool for the ME Firmware!?

Please upload a picture of what message you are seeing.

 

Oops, I was actually running the Intel tool. Here's a photo of the Intel tool and my TMP.msc readout. Am I okay? Apologies in advance if this was a non-issue the whole time.

 

Ha ha ha, no problem. Run the update from the ME11 section on premamod.team to patch that vulnerability as well.

 

Oh boy, my bad Prema. Thanks so much for all your help, and again with the apologies!

Edit: Success!

 

hi!, i thank you, i can to update TPM successfully on clevo W130SV. Nevertheless, I did not have the same success with Intel ME, Install the driver correctly but something happens, what am I doing wrong?
I appreciate your help in advance

 

Your system uses the older 9 series ME, which is not even affected by that vulnerability.
Intel only moved from ARC to x86 architecture with ME11.
Not sure why Intels Tool tells you otherwise...

You can still update it using the ME9 updater from premamod.team site.

 

oh ok. I also tried it with the ME9 tool, But it does not work, only showed the same message from the previous capture. but if you say that he is not vulnerable I remain calm
again, thanks for your help!.

 

It still shows version 9.0.22.1467?

 

yes..

 

Can you please post the message from the error.log file that was created in the ME9 tool folder?

 

"Error 8771: Invalid File" only that..

 

OK, just checked your BIOS and it's using another ME type.

I'll PM you the proper file in a bit...

 

thanks for the archive. the update was completed correctly...but the intel tool keep warning that he is vulnerable. the ME version is now: 9.0.31.1487

 

Did you read the second part of the PM?

 

A small warning about updating the Intel ME:

Disable any power saving mode(s) and before you start, ensure the Intel ME driver is installed.

And with the TPM: See these steps? Follow them one by one. Best to print it down if you can't recall all the steps.

 

Finally! is no longer vulnerable! thank you very much, you're the best!

 

I did the update, and the intel tool says I'm fine, but windows gave me the error with the 1803 update this week. Should I go into my device settings and clear my TPM or leave it and dismiss?

windows
http://prntscr.com/jjud5x

intel
http://prntscr.com/jjudc9

link from MS what to do
https://support.microsoft.com/en-us...curity-processor-tpm-firmware#firmwareupdates

 

The Intel Tool is only checking the ME.
You need to update the TPM as well.
Check the second section of the OP.

 

oh, thanks haha

 

I ran this MEtool.exe program and well I get 1-2 BSOD every day since I ran it. Last BSOD I got before then was last year. So that's not good. Any way to go back to how it was Before? I thought the BSOD were from having too big undervolt, but the crashes didn't stop when I changed it back to -150mV which has always been stable.

I have a P775DM3-G. I'm not 100% certain it was this that caused it, could just be a coincidence.

 

Nope, but Windows 1803 and the latest NVIDIA driver do that stuff atm...
roll back to a pre 397.xx driver and you should be fine.

Edit:

https://forums.geforce.com/default/...y-driver-feedback-thread-released-5-9-18-/27/

 

Yea, do so please you don't want a 4.2K paper weight. My laptop is KIA.

 

@Prema Looks like MEI FW 11.8.3470 is up at station-drivers.

 

Already uploaded that a while ago...

 

Wait, so there's an NVIDIA driver out there bricking GPUs?

The hell?

 

Thanks. What's the changelog?

They bricked Pascal GPUs and not older ones when I installed buggy driver on my maxwell GPU with zero issue so far.

 

The thing is I've never had 397.xx installed. I haven't updated since 388.59. I'm not sure what is causing these crashes just got a BSOD again. Usually happens in windows when just browsing the internet. Had prime 95 on for a few hours, been playing ETS2 that I bought for 5€ for like 20 hours since I bought it a few Days ago, not a single crash while playing.

 

If you are not on 1803 (that's where most people with those idle crashes are), then I can only suggest to update the Intel chipset and ME driver.

 

Well I do have version 1803, but nvidia drivers 388.59. Maybe I'll just have to bear with it till the next windows update, I do remember it did install this windows version quite recently as well. Might have been sometime this past week.

Well, I had enough, I reverted to Windows version 1709, was still possible. Maybe it won't BSOD anymore now, hopefully. (EDIT nope it still BSODs, so it's something else)

Also I set undervolt to 0... And still it BSOD pretty much every single time just after I start up the PC now. Once I reboot after the crash it doesn't BSOD again untill I shut down the PC and start it up again. Damn PCs stupid frigging machine. There is no fixing this, other than reinstalling windows. If you google this you get tons of people with BSOD errors and it seems none of them get it fixed. Some support people just tell em to send em to DUMP files and once they get the dump files they still can't help them.

I still Think it must have happened roughly when I ran the MEtool, no I'm not saying it necessarily was it's fault. Perhaps installing the intel ME driver screwed something up. Well something Went wrong. I just didn't like the exclamation mark on the windows defender Icon, I just should have left the damn thing alone. Well I got rid of the exclamation mark at least. (wasn't really Worth it though, Zero BSODs since december last year and now I've had like 10+ in less than a week.

Maybe I should get a Mac... just kidding.

Maybe I'll try reinstalling the IME driver. (Ok that doesn't work either "can't locate installation source" (translated from another language) what the heck does that even mean. Something is probably messed up with the IME driver but it doesn't let me reinstall it, wonderful.

 

Thanks for this Prema, this is fantastic.

Quick question though... if I reinstall Windows, do I need to go through these steps again?

 

You can uninstall the package via the "Intel Management Engine Components" in windows under apps & features.

Here an alternative ME driver source: http://cdn.evga.com/driver/Z370/ME/ME_11.8.50.3470.zip

From the three security updates of the OP only the CPU Spectre code has to be re-applied after a fresh OS installation.
ME & TPM patches are persistent.

 

Fantastic, thanks a bunch @Prema

 

I probably shouldn't clutter this topic with this stuff but not sure where it would be appropriate to post it.

Uninstalling it via "apps & features" doesn't work. I get the Message (In Swedish): "Installationsprogrammet avslutades för tidigt på grund av följande fel. Installationskällan för den här produkten är inte tillgänglig. Kontrollera att källan finns och att du kan komma åt den."
Which roughly translates to something like: "The installation program stopped too early because of the following error. The installation source for this product is not available. Check that the source is exists and can be reached."

Basically,... I don't know. I can't fix this, other than reinstalling windows, if even that fixes it. But I don't like the idea of reinstalling everything. I don't really have the time for that, but seems I have no choice.

The symptoms of this BSOD is, if the PC has been completely powered off or in energysaving mode for a long time and you turn it on or "wake it up". It will crash within 5 minutes. Once it has created the dump files and rebooted it won't crash again till you turn it off/let it go to energysaving mode again. Something it does when starting windows or after being idle for a "long" time seems to cause it to BSOD.

 

Yeah, looks like for whatever reason your driver is messed up. If you don't want to go through manual de-installation, just install the version I linked you over it, it's the same revision...

 

Isn't BIOS update w/ spectre persistent unlike Windows or Linux uCode patches?

 

Sure they are, but the patch in the OP simply installs the latest MS approved microcode update to the OS and loads it on boot, ignoring the one in the BIOS.
If we would make a new BIOS every time Intel publishes a 'new fix' we would have to redo it for the 4th time now...
Again testing yet another 'Spectre fix' code in the internal PremaMod's for the past week now.

 

So new uCode for skylake? What is the version number if its not an NDA? Now its C2.

 

Sager said "Manufacture just release new version BIOS 1.05.12 for this model" I updated to new bios... It came with spectre protection already... Now after flashing my inspectre tool says protected for both...I ran bench marks and compared to last bios, I am better on temps and faster..

Im on win 10 pro 1803 17133.1 and my OC settings changed in bios to higher than I had them set lol So weird, I had it set to 44 but now they are set to 45 lol

Am I protected forever or will there be more updates for Spectre and Meltdown? The intel tool says Im protected as well.

 

Na, that's from end of February and only includes the second patch from January.
Watch out for Intel/MS releasing the new patch with the next OS patch update...

 

Thank you Prema!

I will just go back to my gaming lol and keep my out lol

 

My Only concern is that when I had updated with the WU microcode... It changed my bios so that I could not OC from it any longer and really ... what is the point then... I only got this lappy for its SPEED and diversity...

Then I had to uninstall is and reset my bios settings ... to get back to normal OC.

 

Hi, thanks for this tool.

I'm having some trouble using it. I've updated my ME driver and ran your tool, but I'm still getting that my machine is vulnerable. I noticed the ME version reported by the Intel tool doesn't match my actual driver version. What am I doing wrong??

Spoiler

 

ME driver revision doesn't equal the firmware, that's normal.

Not sure what you did, but it didn't flash the ME. First section of the OP is for the ME patch, second one for the TPM.

In case you ran the ME Tool and it didn't update, check the error.log file that was created for the reason.

 

It looks like I ran the TPM updater without running the ME updater. I saw your post before you edited it, and just ran the ME updater. Looks good now? Thanks so much!

Spoiler