ASRock Forums : Intel Management Engine vulnerability SA-00086

ASRock Forums : Intel Management Engine vulnerability SA-00086 https://forum.asrock.com/ Copyright (c) 2006-2013 Web Wiz Forums - All Rights Reserved. Sun, 10 May 2026 01:54:07 +0000 Fri, 22 Dec 2017 07:15:32 +0000 http://blogs.law.harvard.edu/tech/rss Web Wiz Forums 12.04 360 https://forum.asrock.com/RSS_post_feed.asp?TID=6667 <![CDATA[ASRock Forums]]> https://forum.asrock.com/forum_images/web_wiz_forums_black.png https://forum.asrock.com/ <![CDATA[Intel Management Engine vulnerability SA-00086 : I received confirmation from support...]]> https://forum.asrock.com/forum_posts.asp?TID=6667&PID=41602&title=intel-management-engine-vulnerability-sa00086#41602 Author: arturk
Subject: 6667
Posted: 22 Dec 2017 at 7:15am

I received confirmation from support that HDCP should work after IME patch. This convinced me that propably there is something wrong with my setup. I decided to clear CMOS data and after that everything started to work... partially :-)

Why partially? Well I discovered that when I have 1080ti plugged into slot and integrated graphic card is active (set as primary device) HDCP feature with Intel is not working anymore. I'm 100% sure that before applying IME patch HDCP was working OK, no matter which card I was using. Notice that only Intel's intergrated graphic card can provide required PAVP for playing BR UHD movies. Do the math and guess why I'm missing it :-)

PS.

Asrock EU support - thanks for help!

]]> Fri, 22 Dec 2017 07:15:32 +0000 https://forum.asrock.com/forum_posts.asp?TID=6667&PID=41602&title=intel-management-engine-vulnerability-sa00086#41602 <![CDATA[Intel Management Engine vulnerability SA-00086 : I updated my Z270M Pro4 with the...]]> https://forum.asrock.com/forum_posts.asp?TID=6667&PID=41593&title=intel-management-engine-vulnerability-sa00086#41593 Author: dlee
Subject: 6667
Posted: 22 Dec 2017 at 4:49am

I updated my Z270M Pro4 with the MEI firmware. After updating, the Intel vulnerability check tool says the board is no longer vulnerable, but also reports that the some sort of licensing services needs to be updated too. I don't use the board's HDMI output, but that is probably why HDCP isn't working after the MEI update. Some licensing firmware is now broken.

Edited by dlee - 22 Dec 2017 at 4:50am]]> Fri, 22 Dec 2017 04:49:23 +0000 https://forum.asrock.com/forum_posts.asp?TID=6667&PID=41593&title=intel-management-engine-vulnerability-sa00086#41593 <![CDATA[Intel Management Engine vulnerability SA-00086 : arturk wrote:I've made...]]> https://forum.asrock.com/forum_posts.asp?TID=6667&PID=41592&title=intel-management-engine-vulnerability-sa00086#41592 Author: flashback8
Subject: 6667
Posted: 22 Dec 2017 at 4:47am

arturk wrote:

I've made contact with Asrock support. Hope they will realize that with Z270 itx there is same problem as with Z370 before BIOS update...

The interesting thing is that I've been in touch with a guy who has a Z170 board. He doesn't have HDR on his setup but he has updated ME and the LSPCON chip firmware willy-nilly in the hopes of enabling HDR. Apparently, HDCP 2.2 has worked fine the entire time. Makes me think that ASRock added something starting with Z270 that can only be kept in place with a BIOS update. If so, that's really unfortunate if more problems come up down the road after Z370 support is dropped.
]]> Fri, 22 Dec 2017 04:47:21 +0000 https://forum.asrock.com/forum_posts.asp?TID=6667&PID=41592&title=intel-management-engine-vulnerability-sa00086#41592 <![CDATA[Intel Management Engine vulnerability SA-00086 : I've made contact with Asrock...]]> https://forum.asrock.com/forum_posts.asp?TID=6667&PID=41553&title=intel-management-engine-vulnerability-sa00086#41553 Author: arturk
Subject: 6667
Posted: 21 Dec 2017 at 7:05pm

I've made contact with Asrock support. Hope they will realize that with Z270 itx there is same problem as with Z370 before BIOS update... ]]> Thu, 21 Dec 2017 19:05:12 +0000 https://forum.asrock.com/forum_posts.asp?TID=6667&PID=41553&title=intel-management-engine-vulnerability-sa00086#41553 <![CDATA[Intel Management Engine vulnerability SA-00086 : arturk wrote:Unfortunately...]]> https://forum.asrock.com/forum_posts.asp?TID=6667&PID=41544&title=intel-management-engine-vulnerability-sa00086#41544 Author: flashback8
Subject: 6667
Posted: 21 Dec 2017 at 3:50pm

arturk wrote:

Unfortunately I can confirm that on Z270 Gaming-ITX/ac after ME update HDCP 2.2 is not working anymore. Before update everything was OK... For me this is very problematic since Netflix in 4K and BR UHD support is very important part of my setup.

I've tried newest Intel Graphic drivers (15.60.01.4877), different versions of ME software - no luck...

Does anybody found fix for HDCP support? Motherboards with Z370 receiverd Bios update fixing this issue, but for Z270 there is nothing...

Oh no! I'd recommend calling ASRock tech support. Don't rely on this forum. Call ASRock directly. While the tech support guy never actually got back to me as he promised (not necessary since the BIOS update fixed everything), he did say he knew what to do to fix it, and would send me a link to the appropriate software.

Also, just FYI, the update I applied for my Z370 board was a specific BIOS posted under the board's support page. It looks like there isn't one for the Z270 yet. Definitely point this out to ASRock when you call.

Edited by flashback8 - 21 Dec 2017 at 3:57pm]]> Thu, 21 Dec 2017 15:50:28 +0000 https://forum.asrock.com/forum_posts.asp?TID=6667&PID=41544&title=intel-management-engine-vulnerability-sa00086#41544 <![CDATA[Intel Management Engine vulnerability SA-00086 : Unfortunately I can confirm that...]]> https://forum.asrock.com/forum_posts.asp?TID=6667&PID=41394&title=intel-management-engine-vulnerability-sa00086#41394 Author: arturk
Subject: 6667
Posted: 19 Dec 2017 at 6:30pm

I've tried newest Intel Graphic drivers (15.60.01.4877), different versions of ME software - no luck...

Does anybody found fix for HDCP support? Motherboards with Z370 receiverd Bios update fixing this issue, but for Z270 there is nothing...

]]> Tue, 19 Dec 2017 18:30:10 +0000 https://forum.asrock.com/forum_posts.asp?TID=6667&PID=41394&title=intel-management-engine-vulnerability-sa00086#41394 <![CDATA[Intel Management Engine vulnerability SA-00086 : rico wrote: flashback8 wrote:Hello....]]> https://forum.asrock.com/forum_posts.asp?TID=6667&PID=40492&title=intel-management-engine-vulnerability-sa00086#40492 Author: flashback8
Subject: 6667
Posted: 06 Dec 2017 at 5:28am

rico wrote:

flashback8 wrote:

Hello. As a fair warning to all out there, if your board is a Gaming-ITX/ac board (Z170, Z270, or Z370), you should consider not flashing the ME firmware that was mentioned by ASRock tech support. Long story short, if you care about anything that uses HDCP 2.2 (just Ultra HD Blu-Rays and possibly 4K Netflix for now), there's something generic about the firmware that breaks HDCP 2.2. ASRock just posted v1.40 of my board's BIOS (Z370), which updates the ME firmware and possibly reflashes the LSPCON (MegaChips MDCP2800) firmware. Finally, HDCP 2.2 functionality was restored on my system.

Maybe your issue only applies to 300 series but not 100 & 200? ASRock have changed the wording of the ME patch download page to be no longer applicable to 300 series motherboards: https://www.asrock.com/microsite/2017IntelFirmware/

Interesting. That definitely wasn't present yesterday. (I happened to look.) I suppose the only way to find out would be if somebody with a functioning 4K setup and a Z170 or Z270 Gaming-ITX/ac board took one for the team and upgraded. I think I might know somebody who can check. Come to think of it, I think he was upgrading his ME firmware willy nilly (11.6 -> 11.7) and HDCP 2.2 never broke. Strange, but who knows, maybe the Z370s do have something specific in the background.
]]> Wed, 06 Dec 2017 05:28:16 +0000 https://forum.asrock.com/forum_posts.asp?TID=6667&PID=40492&title=intel-management-engine-vulnerability-sa00086#40492 <![CDATA[Intel Management Engine vulnerability SA-00086 : flashback8 wrote:Hello. As...]]> https://forum.asrock.com/forum_posts.asp?TID=6667&PID=40487&title=intel-management-engine-vulnerability-sa00086#40487 Author: rico
Subject: 6667
Posted: 06 Dec 2017 at 5:05am

Affected ASRock Products:

Intel 100, 200, 300
ME1 ME2

If your model Intel 100/200/300 series but not in the following list, please download ME1 package

Now:

Intel 300 series
ASRock provides the BIOS for customers to update the ME firmware.
Please refer to the download link for ASRock 300 series motherboards:
http://www.asrock.com/support/index.asp?Model=Z370

Intel 100 and 200 series
ASRock provides the firmware package for customers to update the ME firmware.
There are 2 kinds of ME packages.
If your model is Intel 100/200 series but not in the following list, please download package ME1.
ME1

]]> Wed, 06 Dec 2017 05:05:05 +0000 https://forum.asrock.com/forum_posts.asp?TID=6667&PID=40487&title=intel-management-engine-vulnerability-sa00086#40487 <![CDATA[Intel Management Engine vulnerability SA-00086 : Hello. As a fair warning to all...]]> https://forum.asrock.com/forum_posts.asp?TID=6667&PID=40473&title=intel-management-engine-vulnerability-sa00086#40473 Author: flashback8
Subject: 6667
Posted: 06 Dec 2017 at 1:58am

Hello. As a fair warning to all out there, if your board is a Gaming-ITX/ac board (Z170, Z270, or Z370), you should consider not flashing the ME firmware that was mentioned by ASRock tech support. Long story short, if you care about anything that uses HDCP 2.2 (just Ultra HD Blu-Rays and possibly 4K Netflix for now), there's something generic about the firmware that breaks HDCP 2.2. ASRock just posted v1.40 of my board's BIOS (Z370), which updates the ME firmware and possibly reflashes the LSPCON (MegaChips MDCP2800) firmware. Finally, HDCP 2.2 functionality was restored on my system. This post points to some potential info if you're curious about what might be happening deep in the motherboard.

Good luck!

rico wrote:

Looks like today's your lucky day, flashback8.

Indeed it is! :) That said, please note that SGX was never the problem (AFAIK). It was something far deeper. The Cyberlink advisor never complained about SGX. I'm assuming that ASRock made some sort of change in the BIOS that made SGX detection and such a bit smarter. It could be that the "Auto" SGX enabling now works instead of having to keep it turned on all the time ("Enabled"). I'll play with it and see what comes up.

Edited by flashback8 - 06 Dec 2017 at 2:01am]]> Wed, 06 Dec 2017 01:58:10 +0000 https://forum.asrock.com/forum_posts.asp?TID=6667&PID=40473&title=intel-management-engine-vulnerability-sa00086#40473 <![CDATA[Intel Management Engine vulnerability SA-00086 : flashback8 wrote:Thanks for...]]> https://forum.asrock.com/forum_posts.asp?TID=6667&PID=40462&title=intel-management-engine-vulnerability-sa00086#40462 Author: rico
Subject: 6667
Posted: 05 Dec 2017 at 7:10pm

flashback8 wrote:

Thanks for the suggestion. Didn't help.

Looks like today's your lucky day, flashback8.

https://www.asrock.com/MB/Intel/Fatal1ty%20Z370%20Gaming-ITXac/index.asp#BIOS

1.Update Intel ME 11.8.50.3425.
2.Update Microcode
3.Enhance CPU performance.
4.Enable Intel SGX

]]> Tue, 05 Dec 2017 19:10:17 +0000 https://forum.asrock.com/forum_posts.asp?TID=6667&PID=40462&title=intel-management-engine-vulnerability-sa00086#40462