Intel Manageability Engine Firmware Recovery Agent

Intel Manageability Engine Firmware Recovery Agent

I am not sure if this is the correct forum to ask this question or not so if it isn't please direct me to the right place. I have a new Toshiba Laptop with Windows 7. The laptop has an intel processor with an i7 core. Yesterday, I received notice that software with the name in this title was attempting to install itself. I did not allow it as I was not sure what this software does and if this is a legitimate Intel software package. I cannot find this software on the Intel website. My questions are: 1. Is this a real Intel Software package?2. What does it do?3. Do I need to allow this software to install?Thanks,Dan Bowman

19 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

Hello Dan,
Sorry for the delayed reply. There has been a recent change in the backend for these forums and my reply from last week seems to have been lost.

The Firmware Recovery Agent allows Intel to perform critical firmware updates like security fixes. Typically firmware upgrades are posted by OEMs on their download support sites. It is up to you if you want to install the software to allow that functionality.

Same scenario for me. New I7 system being installed.

Could I have a little more info about your agent please?

As long as I check Intel or the PC manuf (Lenovo) for updates periodically will I get the updates I need to keep the machine running as best as possible?

I'm concerned about loading special agents for every piece of hw and software I encounter, which seems to be the industry trend. Eventually one's machine is spending 50% of its cpu and network bandwidth telling the world that I just bought a dozen donuts on ebay.

Thanks
Randy

Hi - You must have bought a vPro capable system. Systems such as vPro come with a Management Engine (ME). The ME requires firmware and drivers. The agent sounds like something your OEM is pushing out in order to easily provide you with updates to the ME Firmware. Note that the ME Firmware is not somthing that gets updated all the time but if you are running software that uses one of the technologies that needs the ME, it couldn't hurt to have it up to date.

Follow me on Twitter: @GaelHof
Facebook: https://www.facebook.com/GaelHof

Quote:

Randy R. wrote:

Same scenario for me. New I7 system being installed.

Could I have a little more info about your agent please?

As long as I check Intel or the PC manuf (Lenovo) for updates periodically will I get the updates I need to keep the machine running as best as possible?

I'm concerned about loading special agents for every piece of hw and software I encounter, which seems to be the industry trend. Eventually one's machine is spending 50% of its cpu and network bandwidth telling the world that I just bought a dozen donuts on ebay.

Thanks
Randy

Well put Randy! I wouldn't have been so restrained. Where is the documenation and information for this ill-conceived and poorly executed piece of bloatware? Why can't it use an authenticating firewall? Was it written by a pimply youth who'd never come across one?

WestNab

sorry I was so mad I said 'firewall' instead of 'web proxy' - "I'm as mad has hell and I'm not going to take it anymore!" 

Since there are a lot of questions about this on many forums, I decided to dig more deeply and write a blog in order to answer the questions.  I think there are so many questions because we are required to get user consent in order to update the firmware so consumers who have no idea that their system even requires firmware or has a managment engine get this prompt to get their permissiont to update.    

Follow me on Twitter: @GaelHof
Facebook: https://www.facebook.com/GaelHof

I think the real issue is that people are fed up with everybody and their dog installing bits of s/w as a service and often cluttering up the notification area to boot. My new Samsung had many examples of this (Samsung are particualrly bad with their bloatware) and for people who have the same opinion ME FW recovery agent is just another example.

We would lke a choice of how to have this s/w installed. As you said many people don't know what it is and do not enable it. So those that do enable it presumably either don't care or they do at least partially understand what it is for. Those that don't care is not a problem. Many of those that do care and do understand would like to be able to choose how and when the updates happen and to have a choice of being able to not have yet another 3rd party service running and still be able to get the updates. Personally I would prefer a manual process. I am sure some other people would like things as they currently are.

I think security is important so I want updates. I think security is important so I want control over those updates.  I think security is important so I want updates to happen when I say so. I think security is important so I want to know what those updates are before they update. I think security is important so I don't want dozens of unneccessary services running in the background of my OS connecting to the internet all the time (Adobe, Google, Intel, and so on).

A CHOICE PLEASE.

If Microsoft can do it with Windows updates I'm damn sure Intel can do it for firmware updates. It just that Intel, like so many others, simply take an easy and inconsiderate route to do this and many users like me are fed up with this and want full control of our computers back again.

This is a real issue felt by many people and we are sick of it.

At the very least Intel should include adequate and compete explanations of AMT, ME, etc with the installed software so I don't have to spend time researching what looks like yet another peice of bloatware. I understand this is not bloatware now but I didn't before I did my research. What a waste of my time. Thank you Intel.

Further, if I am not mistaken ME FW Recovery agent is part of Intel AMT. This is where I get confused. I do not want or need the Intel ME enabled. My computer is managed solely by me and is privately owned. There is no need for me to enable it. I don't like the idea of it being enabled because of it's potential capabilities. Including an option to remotely brick my laptop. Having that enabled just makes me uneasy (I know it's daft but it does!).

So do I need the ME FW Recovery Agent running if I do not have Intel ME enabled in my BIOS? Do I need these firmware updates if I do not have Inte ME enabled?

The best article I have found to explain Intel AMT and ME so far has been on Tom's Hardware. Its a lengthy article.

An Introduction To Intel vPro And Active Management

or jump straight to the section about Intel ME

But I still don't understand if I need to have this ME FW service running if I don't have Intel ME enabled in my BIOS???

Or in other words if Intel ME is not enabled do I need the firmware updates? Will it affect the security of my computer if I do not get the updates when Intel ME is disabled?

That's a pretty inclusive article - I didn't get to read it all, but I did find one error:

  • In AMT 7.0, Intel makes it possible to use a 3G cellular signal to send that remote kill command, greatly improving your chances of deactivating a stolen computer before it gives up any sensitive information. Administrators can use similar technology to reactivate the computer once it is recovered.

The author is confusing Anti-theft Technology with Active Management Technology. I beleive it was AT version 3 (which coincided with AMT 7, probably) that introduced the ability to send the poison pill via 3G network.  AMT really has nothing to do with this, and in fact, you don't have to have AMT enabled to use Anti-Theft.

On one of your other questions, if you do not have Intel AMT enabled, you do not need to do the firmware updates - you are patching something that you are not running so it doesn't matter.  Do you need the ME at all if you aren't using AMT or Anti-theft?  The answer is that it depends.  There are starting to be more and more techonologies or features that use the ME (Intel IPT, for example) and even Apple has started implementing their systems with the ME.  If you are not using one of the many services or technologies that need it then you don't have to have it enabled.  

As far as the agent goes, that's an OEM play - not sure why they implemented it the way they did, but thank you for your thoughts. I do know that it pops up and asks if we want to update our fw because user consent is required.  Unfortunately, most users have no idea what it is all about and it causes a lot of concern and confusion.  I thought I heard that it was being implemented differently for the latest Intel processors (4th gen.)

Follow me on Twitter: @GaelHof
Facebook: https://www.facebook.com/GaelHof

Hi there,

after reading all your answers / comments, I want to participate with you, because my "problem" is the same as yours, but still a bit different:

I own an Intel Desktop Board DX79TO, where the "Intel Management Engine" ("ME" for short) is installed in version 7.1.60.1193 (i think, 90% sure). After I saw a lot of people upgrading their ME on other boards like the "ASUS Rampage IV Extreme" ("RIVE" for short), I wanted to do this as well, since ME8 has a lot of benefits compared to ME7, which runs quite lousy and brings my system to HALT / BSOD a lot of times.

ASUS gave the tool FWUPDLCL including MSINFO and FPT to their customers. I did not find any download on Intels site, so I searched further, and found a lot of sites which offer the BIN-files and stuff nessessary to upgrade, but I still can't, because of the following:

1.) There are locks in place which prevent "normal users" or attackers from flashing the stuff (ME, GBE, etc.). I am sysadmin, programmer (Intel Software Partner - ex. Premier Elite Member / now Standard Member again) and system builder (Intel Technology Provider), but everywhere I ask, I get the answer: NO SUPPORT!  ...

2.) FWUPDLCL gives me an error with "insufficient memory" from within Windows and from DOS (didn't try EFI in shell, because somehow option is gone!). I tried to flash ME 7.1.70.xxxx and some 8-based versions, but upgrading from 7 to 8 is IMPOSSIBLE for now. I COULD rebuild the BIOS, but tools .... see end of "1.)"

3.) FPT says locks in place and can't therefore flash the Option ROMs

After opening a thread here, I did not find the answer, I got pointed to "Premier Support". I think the one who gave me this info wanted to get me away somehow, because these "strictly under NDA" tools are available including PDFs and stuff with "Intel Confidential" sign on each page freely from any big OEM (ASUS, HP, LENOVO, and so on ... ).

Any help here would be appreciated.

I forgot: AFAIK, Intel upgraded the ME interface with x79 chipsets. So Intel ME is not simply a "remote interface" anymore, it controls and manages ALL your system, so I have a big interest in upgrading this thing. :-)

Sincerely

 

IDDQD

Guybrush: How much wood could a woodchuck chuck if a woodchuck could chuck wood?
Carpenter: A woodchuck would chuck no amount of wood since a woodchuck can’t chuck wood.
Guybrush: But if a woodchuck could chuck and would chuck some amount of wood, what amount of wood would a woodchuck chuck?
Carpenter: Even if a woodchuck could chuck wood and even if a woodchuck would chuck wood, should a woodchuck chuck wood?
Guybrush: A woodchuck should chuck if a woodchuck could chuck wood, as long as a woodchuck would chuck wood.
Carpenter: Oh shut up.

Hi - If your system is running the 7.x version of the FW, you cannot upgrade to 8.  You would need to purchace a new system.  You can look for the latest version of 7 to use but 8 is not an option so that's why your system won't let you do it.

I am curious about your statement that ME7 causes your system to crash?  I have never experienced this with the ME. If you have more information on this, I would be interested in looking at it.  It could be something that your OEM has done in the BIOS, for example.

I am sorry - I don't know anything about this (do you have any more information or a link you could point me to?):  I forgot: AFAIK, Intel upgraded the ME interface with x79 chipsets. So Intel ME is not simply a "remote interface" anymore, it controls and manages ALL your system, so I have a big interest in upgrading this thing. :-)

Follow me on Twitter: @GaelHof
Facebook: https://www.facebook.com/GaelHof

One more question to IDDQD:

When you tried to upgrade an AMT 7 system with AMT 8 FW, did you install the MEI driver and LMS software for version 8?  I'm thinking that if you did this you might very well run into issues since version 7 and 8 are not compatible.  Could you verify that you have the correct drivers/services running for AMT 7?  (Your OEM site should have the correct versions for your system.)

If you do suspect the FW is causing some issues, you could clear the CMOS and see if that doesn't fix things.  Some times the FW does get into a weird state that goes away once cleared.  On a desktop, you remove all power (including network) and pull the battery for around 40 seconds.  On a laptop you may have to see what your OEM says to do.  Sometimes you can do this by disabling AMT in the bios.  It depends on how the OEM implemented it.

Follow me on Twitter: @GaelHof
Facebook: https://www.facebook.com/GaelHof

@ Gael Hofemeier:

Thank you for your reply, I try to answer all questions the best I can:

I am running Windows 7 x64 with latest updates. Hardware is an i7-3820 and mostly common stuff. After installing ME software version 7.1.x, which is offered for my board as the latest version available, I received a lot of so called BSODs within Windows. There were errors related to Watchdog, errorcode 0x00000122 and other WHEA- or hardware-related errors. After searching for what WHEA / this error is, I found this here:

Quote:

The WHEA_INTERNAL_ERROR bug check has a value of 0x00000122. This bug check indicates that an internal error in the Windows Hardware Error Architecture (WHEA) has occurred. Errors can result from a bug in the implementation of a platform-specific hardware error driver (PSHED) plug-in supplied by a vendor, the firmware implementation of error records, or the firmware implementation of error injection.

Source: http://msdn.microsoft.com/en-us/library/windows/hardware/ff557313%28v=vs...

A lot of sites recommend to disable overclocking, but my PC is running at stock speed already.

I "solved" this problem by installing Intel ME 8.1.x software package on my 7.1.x firmware. This software is not meant to be installed on my system, but it runs more stable than any 7.x version I tried. I saw the task "Interrupts" consumes a few percent of my CPU, because of this games I play won't run smooth and video "stutters" sometimes. This "stuttering" increases, when RSTe (Rapid Storage Technology enterprise) thinks it could deactivate the HDDs because of inactivity, please don't ask me why ... But it seems you can't update the RSTe-ROM on the board?

This link here gave me the idea to start learning about updating Intel ME: Windows 8 Pro + X79 + Intel MEI 8.1.0.1252

There are a lot more, so it should not be complicated to find them if you need to. They all say after the update they got much better performance in anything. In addition, AFAIK, Intel ME 7 is not meant to be compatible with Windows 8, no? So that would be another need for Intel ME 8.

After reading a lot, really a lot of documents about the x79-chipset, Intel ME, iAMT and so on, I found a document from Intel which says you could bypass the DESCRIPTOR locks: http://www.intel.com/content/www/us/en/chipsets/performance-chipsets/x79...

On page 72 you find the "function_strap" HDA_SDO, description is "Flash Descriptor Security Override / Intel ME Debug Mode":

Quote:

Rising edge of PCH_PWROK [...]If sampled high, the Flash Descriptor Security will be overridden. [...]

Note: The weak internal pull-down is disabled after PLTRST# de-asserts.
Note: Asserting the HDA_SDO high on the rising edge of PCH_PWROK will also halt Intel ME after chipset bring up and disable runtime Intel ME features. This is a debug mode and must not be asserted after manufacturing/debug.

If I understand that right, I could bypass the descriptor locks by wiring a, say 1kOHM resistor from pin1 to pin5 of my soundchip and then boot the system to update the firmware.

Otherwise I would need the Flash Toolkit (iftc.exe) to build my own BIOS with a) Intel ME8 already integrated or b) the locks disabled.

Since there are two versions of Intel ME (1,5MB and 5MB) I don't want to take the risk in editing the BIOS myself without help (and tools!).

EDIT: 1.5MB would be right for me.

...

Intel says about ME, it controls "Thermal Management" and those things, so I would say the "Management Engine" manages the hardware within the computer. I lack a link for that, sorry.

EDIT: Here's the link to the post: http://rog.asus.com/forum/showthread.php?24678-Windows-8-Pro-X79-Intel-M...

Regarding the question about my OEM ... I have none. :-)

I bought the board in a store and builded my computer myself. The store does not want to take it back, because it's about one year old now. Even after telling them NVIDIA changed their software, so Geforce 6xx and 7xx series won't run on the Intel X79 boards, since they do not support PCIe 3.0 even if it's stated everywhere inside my box ... no exchange / refund / etc. They just removed the Intel X79 boards from their webshop. So I do what I am good at: I teach myself knowledge of BIOS, ROMs and stuff and try to change it myself.

Learning by doing ... anybody wants to help? :-)

 

Sincerely

IDDQD

 

Guybrush: How much wood could a woodchuck chuck if a woodchuck could chuck wood?
Carpenter: A woodchuck would chuck no amount of wood since a woodchuck can’t chuck wood.
Guybrush: But if a woodchuck could chuck and would chuck some amount of wood, what amount of wood would a woodchuck chuck?
Carpenter: Even if a woodchuck could chuck wood and even if a woodchuck would chuck wood, should a woodchuck chuck wood?
Guybrush: A woodchuck should chuck if a woodchuck could chuck wood, as long as a woodchuck would chuck wood.
Carpenter: Oh shut up.

Still no answer since 21st of November? Sad ....

OK, my learning by doing so far, in hope anybody sees it and could help me with that:

I found the iftc.exe and related files. I downloaded it and ran it, but it shows me "Unknown C600series SKU Type selected" if I select the C600 series and then the X79 chipset. "PATSBURG" ones seem to work right, but I do not know which one to choose. In theory, since I just want to update ME firmware, this COULD (?) be anything from PATSBURG A to D or T, right?

__________________________________________________________________________

Number of flash components: zero

Master access: CPU/BIOS // ME region // GBE region: all set to 0xFF (Debug/Manuf)

VSCC Table: (two entries): AT26DF321 (I don't know if this fits into my system! It is the standard entry for PATSBURG D! Should I remove this??!!) // W25Q64BV (THIS one exists with all the IDs already filled in right! This was a standard entry and wasn't modified by me since all values match my system!)

ME Region: ME Input file: selected 1524 kB file ME version 8.1.51.1471 which is already proofed working with current ASUS and GIGABYTE X79 boards.

CPU / PCH MTP Permit File: none selected (I do not have any)! Do I need one?

BIOS Region Input File: none selected (I just want to flash ME, right?)

_________________________________________________________________________________________

Would this setup work for my DX79TO?

Sincerely

 

IDDQD

 

Guybrush: How much wood could a woodchuck chuck if a woodchuck could chuck wood?
Carpenter: A woodchuck would chuck no amount of wood since a woodchuck can’t chuck wood.
Guybrush: But if a woodchuck could chuck and would chuck some amount of wood, what amount of wood would a woodchuck chuck?
Carpenter: Even if a woodchuck could chuck wood and even if a woodchuck would chuck wood, should a woodchuck chuck wood?
Guybrush: A woodchuck should chuck if a woodchuck could chuck wood, as long as a woodchuck would chuck wood.
Carpenter: Oh shut up.

Just a quick comment - I need to digest everything above.  FIrst you said you have a  i7-3820 which is 3rd Gen Intel Core which would be ME 8 so I'm not surprised that the ME/AMT 7 package did not work...

Follow me on Twitter: @GaelHof
Facebook: https://www.facebook.com/GaelHof

""FIrst you said you have a  i7-3820 which is 3rd Gen Intel Core which would be ME 8 so I'm not surprised that the ME/AMT 7 package did not work... ""

Hi again and thank you for your reply. You seem to be the first person I meet here who knows a lot of AMT / ME and seems to be interested in learning new stuff (like I do, btw.!). So please take your time. If I could help with anything to clarify this stuff, please let me know. I doubt I could help with something, since you are "Black Belt" (Congratulations for that!!), but still ... let me know, ok? :-)

What you said about ME 7 and 8:

- Rumors say, X79 is just a modified Z68 chipset with additional "add-ons". So X79 technically isn't a 7 series chipset, it's a 6 series one. That could explain, why ME7 is used instead of ME8 on the DX79TO.

- ME 8 seems to be installed on ALL other (non-Intel) x79-mainboards. Only Intel seems to install ME7 on their X79 series. .... I really would like to hear why Intel does this ("stability"? "performance"? "reliability"?), don't you, too? No offense here, I !!REALLY!! would like to hear the reason!

Here are my try-outs so far:

- Reading DESC area to file -> HEX edit DESC.BIN to change locks to FF -> Tried to flash back -> FAILURE! No write access to flash area (read-only it seems)

- Tried to find those HEX strings in .BIO-files -> No luck, since compressed with (LZMA?) unknown algorithm.

- Tried FPT.EXE along with parameters "-ALLOWSV" / "-GENERIC" and other stuff like FWUPDLCL.EXE, but one problem rises there: v7 and v8 of these tools can't read the right firmware version number. v8 f the tool can't read the version in BIOS, since it's v7, v7 can read the BIOS verion number, but can't read the v8-file's version.

- Found some REALLY bad happening with the BIN files: the REAL flash part of those files, sometimes has another offset. So for example some content starts at offset 200, the stuff before is simply some "filling garbage". I saw some parts in the fitc.exe where you could define a module size, regardless of the length of the file. If I extract my ME7 from BIOS, I get a module, which is 1304kb in size. Other modules I found are ALL about 1524kb in size. About 200kb bigger ...

- I cannot build a "new" BIOS-update-file with fitc.exe, since the X79-chipset is NOT supported, only Patsburg A+B+C+D+T are .... X79 throws error "Unknown SKU" ....

 

The very only solution I see is, Intel builds a new BIOS file with ME8 already included. I would like to be BETA-tester for that. :-)

Or do you think there are other solutions? I am still unsure about this "HDA-SDO"-wiring I mentioned in my post before. Those pins are hard to shorten, since they are REALLY small. I am technician, no electrician, so I admit I have a bit of fear doing the wiring ... :-)

 

I am excited to hear from you. Again, thank you very very much for spending your valuable time to help me. *bow*

Sincerely

IDDQD

 

Guybrush: How much wood could a woodchuck chuck if a woodchuck could chuck wood?
Carpenter: A woodchuck would chuck no amount of wood since a woodchuck can’t chuck wood.
Guybrush: But if a woodchuck could chuck and would chuck some amount of wood, what amount of wood would a woodchuck chuck?
Carpenter: Even if a woodchuck could chuck wood and even if a woodchuck would chuck wood, should a woodchuck chuck wood?
Guybrush: A woodchuck should chuck if a woodchuck could chuck wood, as long as a woodchuck would chuck wood.
Carpenter: Oh shut up.

Hi IDDQD - your questions /what you are trying to do is beyond my level of knowledge.  I'm trying to find a resource that you can go to and get answers.

Follow me on Twitter: @GaelHof
Facebook: https://www.facebook.com/GaelHof

IDDQD:  I cannot seem to send you a private message via email.  Could you please enable that in your profile?

Follow me on Twitter: @GaelHof
Facebook: https://www.facebook.com/GaelHof

MSI has released a special BIOS update for their 6 series motherboards to update ME7 to ME8!

Link to the "Update-PDF-file": - in attachment -

I would really like if Intel would jump on this train and deliver ME8 (and preferably a new RST(e)-OpROM) with their next BIOS updates

Attachments: 

AttachmentSize
Downloadapplication/pdf Bios_update_SOPAll.pdf974.24 KB
Guybrush: How much wood could a woodchuck chuck if a woodchuck could chuck wood?
Carpenter: A woodchuck would chuck no amount of wood since a woodchuck can’t chuck wood.
Guybrush: But if a woodchuck could chuck and would chuck some amount of wood, what amount of wood would a woodchuck chuck?
Carpenter: Even if a woodchuck could chuck wood and even if a woodchuck would chuck wood, should a woodchuck chuck wood?
Guybrush: A woodchuck should chuck if a woodchuck could chuck wood, as long as a woodchuck would chuck wood.
Carpenter: Oh shut up.

Leave a Comment

Please sign in to add a comment. Not a member? Join today