koldfront

Updating Intel ME on a Lenovo Carbon X1 3rd gen #commandline #computers #hardware #security

No doubt to Andrew S. Tanenbaum's great joy recent news have revealed that many Intel processors run a version of Minix on some kind of extra "security" core.

Unfortunately it seems to be full of holes.

After downloading and running a tool from Intel to check whether my system was vulnerable, Intel-SA-00086 Detection Tool , and getting the unfortunate message:

  Based on the analysis performed by this tool: This system is vulnerable.
  Explanation:
  The detected version of the Intel(R) Management Engine firmware
    is considered vulnerable for INTEL-SA-00086.
    Contact your system manufacturer for support and remediation of this system.

I started looking for how to update the faulty code in my processor.

I found a description on how somebody updated their Lenovo X1 Carbon 5th gen, Solved: Re: X1 Carbon 5th gen on Linux: How to update Intel Management Engine 11.8 Firmware??, which was basically a couple of amendments to another guide: Updating Intel Management Engine firmware on a Lenovo without a Windows Install, which was written for a Gen 4.

Here is what I did to upgrade my Lenovo X1 Carbon 3rd gen running Debian unstable:

Running the detection tool now says:

  INTEL-SA-00086 Detection Tool
  Copyright(C) 2017, Intel Corporation, All rights reserved
   
  Application Version: 1.0.0.146
  Scan date: 2017-12-09 16:59:33 GMT
   
  *** Host Computer Information ***
  Name: tullinup
  Manufacturer: LENOVO
  Model: 20BSCTO1WW
  Processor Name: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
  OS Version: debian buster/sid  (4.14.0-1-amd64)
   
  *** Intel(R) ME Information ***
  Engine: Intel(R) Management Engine
  Version: 10.0.56.3002
  SVN: 0
   
  *** Risk Assessment ***
  Based on the analysis performed by this tool: This system is not vulnerable. It has already been patched.
   
  For more information refer to the INTEL-SA-00086 Detection Tool Guide or the
    Intel Security Advisory Intel-SA-00086 at the following link:
    https://www.intel.com/sa-00086-support

Yay.

Add comment?

Title:

Name:

Email (won't be displayed online):

Text:

0.0104 s
webcustodian@koldfront.dk