Print Page | Close Window

Intel Management Engine Issue INTEL-SA-00086 Fix

Printed From: ASRock.com
Category: Technical Support
Forum Name: Intel Motherboards
Forum Description: Question about ASRock Intel Motherboards
URL: https://forum.asrock.com/forum_posts.asp?TID=6717
Printed Date: 21 Nov 2024 at 8:25pm
Software Version: Web Wiz Forums 12.04 - http://www.webwizforums.com


Topic: Intel Management Engine Issue INTEL-SA-00086 Fix
Posted By: parsec
Subject: Intel Management Engine Issue INTEL-SA-00086 Fix
Date Posted: 25 Nov 2017 at 2:18pm
Fix for the Intel Management Engine Firmware Vulnerability Security Issue INTEL-SA-00086

Links to Intel's statement and description of the issue:

https://security-center.intel.com/" rel="nofollow - https://security-center.intel.com/

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

The link to ASRock's page for information on the affected Intel 100 and 200 series chipset boards, downloading the appropriate version of the tools, and instructions for using the IME Firmware update tools can be found below. Please read the instructions carefully and download only the correct version for your board's chipset.

UPDATE: If you have an ASRock Intel 300 series chipset board (Z370), the IME firmware update will be provided in a UEF/BIOS update. A link to a page with links to the ASRock Z370 chipset board's UEFI/BIOS download pages is provided on the page below.

https://www.asrock.com/microsite/2017IntelFirmware/" rel="nofollow - https://www.asrock.com/microsite/2017IntelFirmware/

There are two versions of the IME Firmware update tools package, ME1 and ME2.

The ME1 version download package file is ME-consumer_11.8.50.3425.zip

The ME2 version download package file is ME-corporate_11.8.50.3425.zip

The ME-corporate version is only for use with the business-oriented chipsets. All the 'Z' series chipset boards use the ME1 version. The ASRock download page for the tools has a table with the chipsets that must use the ME2 version. All other affected chipsets use the ME1 version.

Within each version download are two tools, one to run in a Windows 64 bit OS installation, the other to run from a DOS bootable USB flash drive, for Windows 32 bit and other OS types.

You only need to run one of these tools, from one version.
There is no need to run both tools, or use both versions of the tools.

The IME firmware update process has two steps. First the IME firmware update tool is run, and then the PC MUST be restarted to complete the process.

When complete, the IME firmware version is: 11.8 Build 3425 Hotfix 50.

I ran the ME1 version, Windows64\UPDATEME64 tool on my ASRock Z270 Gaming K6 board. It completed fine, restarted the PC, done within a few minutes.








-------------
http://valid.x86.fr/48rujh" rel="nofollow">



Replies:
Posted By: beard55
Date Posted: 26 Nov 2017 at 12:42am
I followed the instructions to run ME1 (ran as administrator).  The cmd window went so fast I couldn't see the result, but after rebooting the Intel diagnostic still reported the vulnerability and the bios is still reported as P7.10.  The MB is a ASRock Fatal1ty Z170 Gaming-ITX ac.

So.... Still waiting for a new bios to resolve the issue.


Posted By: Atma
Date Posted: 26 Nov 2017 at 1:59am
The ME1 Package doesn't work on the ASRock X299 Taichi. I get an SKU mismatch error.

Error 8704: Firmware update operation not initiated due to a SKU mismatch


Posted By: parsec
Date Posted: 26 Nov 2017 at 10:44am
Originally posted by beard55 beard55 wrote:

I followed the instructions to run ME1 (ran as administrator).  The cmd window went so fast I couldn't see the result, but after rebooting the Intel diagnostic still reported the vulnerability and the bios is still reported as P7.10.  The MB is a ASRock Fatal1ty Z170 Gaming-ITX ac.

So.... Still waiting for a new bios to resolve the issue.


The CMD window disappeared because the program never ran, because you ran it in Admin mode.

It is reasonable to assume using Admin mode would be correct, but in this case it won't work.

I did not use Admin mode when I ran it on my ASRock Z170 board, and it ran fine. It takes a minute or so to complete, so just double click the file to run it.



-------------
http://valid.x86.fr/48rujh" rel="nofollow">


Posted By: parsec
Date Posted: 26 Nov 2017 at 11:14am
" rel="nofollow -
Originally posted by Atma Atma wrote:

The ME1 Package doesn't work on the ASRock X299 Taichi. I get an SKU mismatch error.

Error 8704: Firmware update operation not initiated due to a SKU mismatch


The SKU mismatch message is caused by your processor apparently not matching an affected processor. The SKU code of your processor was apparently not found.

What processor are you using?

The newest Intel High End Desktop (HEDT) processors, also called the X-Series, may not be included in this firmware update. I can't tell from Intel's information page if all of them are. Some definitely are.

Also while the list of affected chipsets includes the Intel 200 series, the X-series chipsets are many times excluded from the mainstream/performance chipsets. Usually Intel would specifically identify the X-series chipsets like the X299 as separate from the other 200 series chipsets. Intel's information is ambiguous about this.



-------------
http://valid.x86.fr/48rujh" rel="nofollow">


Posted By: OrpheusXx
Date Posted: 26 Nov 2017 at 6:15pm
Downloaded the ME1 update from Asrock, followed the instructions, but it returned an error:
" Error 8771: Invalid File. " in the error.txt.



Posted By: Kloba12345
Date Posted: 26 Nov 2017 at 8:22pm
It does not work on Z170 Gaming K4 with i7 7700K

Error 8746: Firmware update not initiated due to invalid image length

EDIT: Now it worked.


Posted By: Atma
Date Posted: 26 Nov 2017 at 9:24pm
Originally posted by parsec parsec wrote:

" rel="nofollow -
Originally posted by Atma Atma wrote:

The ME1 Package doesn't work on the ASRock X299 Taichi. I get an SKU mismatch error.

Error 8704: Firmware update operation not initiated due to a SKU mismatch

What processor are you using?
I'm using an Core i7-7820X. According to the Intel Tool I'm affected:




Posted By: hoisdom
Date Posted: 27 Nov 2017 at 1:33am
" rel="nofollow - When i run the me1 program, i get the error message:

"Error 8719: Firmware update cannot be initiated because Local Firmware update is disabled"

My motherboard is the z170 extreme4.

What should i do now? Please help me



Posted By: parsec
Date Posted: 27 Nov 2017 at 12:42pm
Originally posted by Atma Atma wrote:

Originally posted by parsec parsec wrote:

" rel="nofollow -
Originally posted by Atma Atma wrote:

The ME1 Package doesn't work on the ASRock X299 Taichi. I get an SKU mismatch error.

Error 8704: Firmware update operation not initiated due to a SKU mismatch

What processor are you using?
I'm using an Core i7-7820X. According to the Intel Tool I'm affected:




That's strange, the update program, FWUpdLcl64, is supplied by Intel, and is the same program used by other mother board manufactures. I don't know why you would get an SKU mismatch.

It seems you have the INF/Chipset files installed, since the Risk Assessment tool is able to identify your processor. Unless each program uses a different method of processor identification.

All I can do is report this to ASRock.


-------------
http://valid.x86.fr/48rujh" rel="nofollow">


Posted By: parsec
Date Posted: 27 Nov 2017 at 12:47pm
Originally posted by hoisdom hoisdom wrote:

" rel="nofollow - When i run the me1 program, i get the error message:

"Error 8719: Firmware update cannot be initiated because Local Firmware update is disabled"

My motherboard is the z170 extreme4.

What should i do now? Please help me



Did you try running the update program a few times? I've seen examples of this error being posted in other forums (Intel's for example) for other mother boards, and I've seen this update program fail on other Z170 boards. When we ran it again it worked. We also have examples of that happening in this thread.

Do you have the update program on your C: OS drive?


-------------
http://valid.x86.fr/48rujh" rel="nofollow">


Posted By: Atma
Date Posted: 27 Nov 2017 at 10:20pm
Originally posted by parsec parsec wrote:

All I can do is report this to ASRock.
That would be great, please do that as soon as possible :)


Posted By: alokep
Date Posted: 29 Nov 2017 at 5:51pm
I have a Z97 Anniversary with the latest ASRock firmware (ver 2.0 dated 7/20/2016)
http://www.asrock.com/mb/Intel/Z97%20Anniversary/index.us.asp" rel="nofollow - http://www.asrock.com/mb/Intel/Z97%20Anniversary/index.us.asp

Any idea why my system is not vulnerable?  I'm happy.. but puzzled.

Running the Intel detection tool says:

Based on the analysis performed by this tool: This system is not vulnerable."

INTEL-SA-00086 Detection Tool

Application Version: 1.0.0.135
Scan date: 11/29/2017 4:44:13 AM

Host Computer Information

Name: PC
Manufacturer: To Be Filled By O.E.M.
Model: To Be Filled By O.E.M.
Processor Name: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
OS Version: Microsoft Windows 10 Pro

Intel(R) ME Information

Engine: Intel(R) Management Engine
Version: 9.1.25.1005
SVN: 1



Posted By: hoisdom
Date Posted: 29 Nov 2017 at 6:20pm
" rel="nofollow - I tried running it about 4 or 5 times. Is that enough?

Ill chekc if i have the programm on my C drive when i get to pc!


Posted By: hoisdom
Date Posted: 29 Nov 2017 at 6:21pm
I think the volnerability only occurs in cores from the 5th to the 7th generation and some pentium cpus..


Posted By: hoisdom
Date Posted: 29 Nov 2017 at 8:21pm
Originally posted by parsec parsec wrote:

Originally posted by hoisdom hoisdom wrote:

http://forum.asrock.com/RTE_textarea.asp%3cmode=quote&ID=40006&CACHE=978" rel="nofollow - When i run the me1 program, i get the error message:

"Error 8719: Firmware update cannot be initiated because Local Firmware update is disabled"

My motherboard is the z170 extreme4.

What should i do now? Please help me



Did you try running the update program a few times? I've seen examples of this error being posted in other forums (Intel's for example) for other mother boards, and I've seen this update program fail on other Z170 boards. When we ran it again it worked. We also have examples of that happening in this thread.

Do you have the update program on your C: OS drive?





Okay, I am now at my PC. It's really strange. When i ran the program again a few minutes ago, I got a different error message than yesterday.

Now it's: "Error 8716: Invalid usage"

Versus yesterday: "Error 8719: Firmware update cannot be initiated because Local Firmware update is disabled"

The only thing I changed since yesterday was, switching my RAM Sticks to other slots, because apparently one of my RAM slots doesn't work.

I also checked, if I have the program on my C: OS Drive and I have it on my Desktop, which is on the same drive as my operating system.



EDIT:


I'm dumb, i ran the application instead of the batch-file. I'll retry it with the batch-file now.


Posted By: hoisdom
Date Posted: 29 Nov 2017 at 8:37pm
Originally posted by parsec parsec wrote:

Originally posted by hoisdom hoisdom wrote:

" rel="nofollow - When i run the me1 program, i get the error message:

"Error 8719: Firmware update cannot be initiated because Local Firmware update is disabled"

My motherboard is the z170 extreme4.

What should i do now? Please help me



Did you try running the update program a few times? I've seen examples of this error being posted in other forums (Intel's for example) for other mother boards, and I've seen this update program fail on other Z170 boards. When we ran it again it worked. We also have examples of that happening in this thread.

Do you have the update program on your C: OS drive?



Ok now to clear things up, because my previous post was a bit messed up:

I ran the program again today and checked if i have it on my C: OS drive. It is on my desktop, which is located on the same drive as my operating system.


I do still get the same error message as before. I ran the update program about 5 times, just to make sure.


Posted By: alokep
Date Posted: 30 Nov 2017 at 6:20pm
" rel="nofollow -
Originally posted by hoisdom hoisdom wrote:

I think the volnerability only occurs in cores from the 5th to the 7th generation and some pentium cpus..
The fixes are coming from motherboard manufacturers .. so it must depend on the chipset, and not just CPU.
My motherboard Z97 Anniversary w i7-4790K @4 GHz is showing as not vulnerable by the Intel tool.

Are others using Z97 Anniversary board all getting the same result?


Posted By: belfastraven
Date Posted: 01 Dec 2017 at 5:34am
I can confirm this problem with  the x299 taichi and i7820x.  The ime version already on these chips is newer that the version showing as the replacement, and according to intel , that  version  is not meant for the Skylake  x  chips..


Posted By: rico
Date Posted: 01 Dec 2017 at 6:21am
" rel="nofollow -
Originally posted by belfastraven belfastraven wrote:

I can confirm this problem with  the x299 taichi and i7820x.  The ime version already on these chips is newer that the version showing as the replacement, and according to intel , that  version  is not meant for the Skylake  x  chips..


Would you mind posting the output from Intel's SA-00086 detection tool like alokep did? Because what you're saying sounds a bit strange if the tool says your system is vulnerable. :/


Posted By: belfastraven
Date Posted: 02 Dec 2017 at 1:07am
My output is the same as his.  


Posted By: apoisonedgift
Date Posted: 04 Dec 2017 at 6:59pm
" rel="nofollow - I've just been getting the error:

Error 8771: Invalid File. 

Intel's tool says my system is vulnerable... not really sure what else to do now?

Edit: I have a B150M-Pro4


Posted By: Truman
Date Posted: 05 Dec 2017 at 12:33am
" rel="nofollow - I have an Asrock Taichi x299. I ran the detection tool from intel before applying the fix from Asrock, and it returned that my system is vulnerable. I ran the ME1 package from Asrock and restarted my machine. I then re-ran the detection tool from Intel. It returned that my system is still vulnerable.

Have I done something incorrectly?


Posted By: Truman
Date Posted: 05 Dec 2017 at 8:56am
On further inspection, I have the exact problem at Atma. I am running the x299 Taichi with an Intel Core I7-7800X. The error.log file shows, "Error 8704: Firmware update operation not initiated due to a SKU mismatch".


Posted By: parsec
Date Posted: 05 Dec 2017 at 11:18am
Originally posted by Truman Truman wrote:

" rel="nofollow - I have an Asrock Taichi x299. I ran the detection tool from intel before applying the fix from Asrock, and it returned that my system is vulnerable. I ran the ME1 package from Asrock and restarted my machine. I then re-ran the detection tool from Intel. It returned that my system is still vulnerable.

Have I done something incorrectly?


You are may not doing anything wrong. Some information I received, second hand, is that the X299 system is not yet included in the IME firmware update fix.

If you check the folder where the ME1 update program is, after you run the program you may find an error log file with an entry about why the update failed. It may be the same as other X299 users have seen, an SKU mismatch error. That means the SKU code of your processor is not included in the list of processors/systems that the IME update tool currently supports.

The "fix from ASRock" contains programs given to ASRock by Intel. ASRock or any other mother board manufacture does not create the programs that apply the IME fix. They also do not determine which processors/systems the fix applies to.

Only Intel can supply the IME firmware updates, either with the tool they gave to ASRock, or with an IME firmware update that is included in a UEFI/BIOS update. ASRock and the other mother board manufactures are just the middle man, the messenger of the fix. All they can do is give us what Intel gives to them. When will X299 be supported by the IME update program? I wish I could tell you.



-------------
http://valid.x86.fr/48rujh" rel="nofollow">


Posted By: Truman
Date Posted: 06 Dec 2017 at 10:31am
Thanks Parsec. I'll keep an eye out on the Asrock website for updates. Maybe they'll post something if/when Intel issues a more complete fix.


Posted By: parsec
Date Posted: 06 Dec 2017 at 10:56am
Originally posted by apoisonedgift apoisonedgift wrote:

" rel="nofollow - I've just been getting the error:

Error 8771: Invalid File. 

Intel's tool says my system is vulnerable... not really sure what else to do now?

Edit: I have a B150M-Pro4


If you received an error message, the IME firmware update did not happen.

Which update tool are you using? For a B150 chipset board, you should be using the ME2 firmware update package. The error message of Invalid File seems to indicate that is the case.

https://www.asrock.com/microsite/2017IntelFirmware/" rel="nofollow - https://www.asrock.com/microsite/2017IntelFirmware/


-------------
http://valid.x86.fr/48rujh" rel="nofollow">


Posted By: parsec
Date Posted: 06 Dec 2017 at 11:42am
" rel="nofollow -
Originally posted by Truman Truman wrote:

Thanks Parsec. I'll keep an eye out on the Asrock website for updates. Maybe they'll post something if/when Intel issues a more complete fix.


Thanks for your patience! ASRock can only provide what they are given by Intel, so all we can do is depend on Intel in this situation.

Important question for you, what Intel processor are you using? An Intel document that is available includes the 7th Gen X-Series Intel® CoreTM Processors in the list of those included in the IME firmware update tool. That may not make sense given your experience with the tool.

If you can let us know which Intel processor you are using, perhaps we can sort this out better for you and everyone.



-------------
http://valid.x86.fr/48rujh" rel="nofollow">


Posted By: apoisonedgift
Date Posted: 06 Dec 2017 at 3:15pm
Originally posted by parsec parsec wrote:

Originally posted by apoisonedgift apoisonedgift wrote:

" rel="nofollow - I've just been getting the error:

Error 8771: Invalid File. 

Intel's tool says my system is vulnerable... not really sure what else to do now?

Edit: I have a B150M-Pro4


If you received an error message, the IME firmware update did not happen.

Which update tool are you using? For a B150 chipset board, you should be using the ME2 firmware update package. The error message of Invalid File seems to indicate that is the case.

https://www.asrock.com/microsite/2017IntelFirmware/" rel="nofollow - https://www.asrock.com/microsite/2017IntelFirmware/

Ah yeah that was it, thank you! Previously the page didn't quite make much sense to me, so either they updates it or I was just having a dumb moment when I looked at it. I was under the impression ME2 was for corporate motherboards, and assumed that mine was a consumer board - thus it was not the case. Thanks for your help - all patched and sorted now according to the discovery tool :)


Posted By: Kladno
Date Posted: 07 Dec 2017 at 3:51am
Hi,

on the web for Asrock Extreme 7+/Z170/Skylake

http://www.asrock.com/mb/Intel/Z170%20Extreme7+/%3Fcat=Download&os=All" rel="nofollow - http://www.asrock.com/mb/Intel/Z170%20Extreme7+/?cat=Download&os=All

I found today a new file:

Intel Management Engine driver ver:11.7.0.1045 12/6/2017 142.85MB

This file contains many files and seems to be just for Kaby Lake,
not Skylake, and I can not find any readme or instructions.

Although the name claims 11.7 inside are files like ME_11.8_Consumer_C0_LP.bin.
Also in folder 'HDCP Wireless Rx' certificates for HDCP.

But unfortunately I'm not sure how to work with it.


Posted By: rico
Date Posted: 07 Dec 2017 at 6:58am
Intel(R) ME Firmware ICC Tools User Guide.pdf:

Quote
Intel® Management Engine Firmware Integrated Clock Controller (ICC) Tool
 
Tools User Guide
January 2017
Revision 0.5
 
Intel Confidential


lol. whoops. In fact, I'm not even sure that whole /Tools folder should even be in there :)

In any case, this download isn't just for Kaby Lake. It's also applicable to my Skylake system on Z170 Gaming K6+ but I've already been running these ME drivers for the last week: http://forum.asrock.com/forum_posts.asp%3FTID=6667&PID=40181&title=intel-management-engine-vulnerability-sa00086#40181" rel="nofollow - http://forum.asrock.com/forum_posts.asp%3FTID=6667&PID=40181&title=intel-management-engine-vulnerability-sa00086#40181

To install new device drivers (not firmware!) just run any of the setup apps in the Installers folder. They're all the same and you end up with driver v11.7.0.1045 running Intel Management Engine Interface under System devices (Device Manager).




Posted By: Kladno
Date Posted: 08 Dec 2017 at 5:17am
Yes, I know how to install it and today there is a 'new' version without any 'classified' files, only 3.56 MB.



Posted By: Truman
Date Posted: 09 Dec 2017 at 11:10am
I am using an Intel Core i7-7800X


Posted By: Natanji
Date Posted: 10 Dec 2017 at 9:17am
" rel="nofollow - Hi, I just discovered (by using Intel's testing tool) that my Asrock J3455M is also affected. But I can't see which of these is the correct version (ME1 or ME2) for me to download when I have an Apollolake board? Or are you still working on a patch for that one?

Quote INTEL-SA-00086 Detection Tool
Copyright(C) 2017, Intel Corporation, All rights reserved

Application Version: 1.0.0.146
Scan date: 2017-12-10 01:07:20 GMT

*** Host Computer Information ***
Name: <confidential>
Manufacturer: To Be Filled By O.E.M.
Model: To Be Filled By O.E.M.
Processor Name: Intel(R) Celeron(R) CPU J3455 @ 1.50GHz
OS Version:    (4.14.3-1-ARCH)

*** Intel(R) ME Information ***
Engine: Intel(R) Trusted Execution Engine
Version: 3.0.2.1108
SVN: 1

*** Risk Assessment ***
Based on the analysis performed by this tool: This system is vulnerable.
Explanation:
The detected version of the Intel(R) Trusted Execution Engine firmware
  is considered vulnerable for INTEL-SA-00086.
  Contact your system manufacturer for support and remediation of this system.


PS: Is it really not possible to log on to this board here with HTTPS? Feels kinda bad to send my password in the open...


Posted By: GTwannabe
Date Posted: 12 Dec 2017 at 3:17am
Tag for info on IME patch.


Posted By: Krautmaster
Date Posted: 14 Dec 2017 at 10:46pm
waiting for somthing flashable for my x299 i9 prof gaming + i9 7980 XE.


The provided one wants to do a downgrade from 

C:\Users\kraut\Downloads\ME-consumer_11.8.50.3425\ME-consumer_11.8.50.3425\Windows64>FWUpdLcl64.exe -fwver

Intel (R) Firmware Update Utility Version: 11.8.50.3425
Copyright (C) 2007 - 2017, Intel Corporation.  All rights reserved.

FW Version: 11.10.0.1287

------------

the Intel check tool stucks with all drivers and win fresh setup

C:\Users\kraut\Downloads\SA00086_Windows\SA00086_Windows\DiscoveryTool>Intel-SA-00086-console.exe

Unbehandelte Ausnahme: System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
   bei System.Security.Principal.NTAccount.Translate(Type targetType)
   bei System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification modification, AccessRule rule, Boolean& modified)
   bei System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(AccessRule rule)
   bei DiscoveryTool.FileExtractor.Extract(String directoryName, Boolean localization)
   bei DiscoveryTool.CLI.Program.Main(String[] args)


Posted By: BWolf
Date Posted: 17 Dec 2017 at 1:07pm
" rel="nofollow - Did anyone find a fix for Error 8719: Firmware update cannot be initiated because Local Firmware update is disabled yet?

I have a Z170 Gaming K4.
Waiting now for 1 month and no new patches seem to come out that fix this, very unsettling.


Posted By: BWolf
Date Posted: 17 Dec 2017 at 2:25pm
I resorted to flashing my BIOS, after that the error was gone and the fix worked.
I would have rather not done it, next time I will invest into a double bios board.


Posted By: rico
Date Posted: 17 Dec 2017 at 11:28pm
The Z170 Gaming K4 IS a double BIOS board :/

Anyways, the INTEL patch didn't work first time for me either but re-flashing my BIOS worked for me too. Again, this isn't even an ASRock patch.


Posted By: arturk
Date Posted: 19 Dec 2017 at 6:38pm
" rel="nofollow -
On Z270 Gaming-ITX/ac after ME update HDCP 2.2 is not working anymore. Before update everything was OK! This means that after applying update we will lose possibility to watch on integrated graphics Netflix in 4k and play UHD BR movies.

Does anybody found fix for broken HDCP support? Motherboards with Z370 received Bios update fixing this issue, but as for now for Z270 there there is nothing new ...


Posted By: arturk
Date Posted: 22 Dec 2017 at 7:18am
Originally posted by arturk arturk wrote:

" rel="nofollow -
On Z270 Gaming-ITX/ac after ME update HDCP 2.2 is not working anymore
Problem was fixed by CMOS memory reset. Smile


Posted By: hoisdom
Date Posted: 25 Dec 2017 at 11:31pm
Originally posted by BWolf BWolf wrote:

I resorted to flashing my BIOS, after that the error was gone and the fix worked.
I would have rather not done it, next time I will invest into a double bios board.
" rel="nofollow -



My bios is already on the newest version (7.20), did you flash the newest version again or did you update from an older version?


Posted By: chris719
Date Posted: 02 Jan 2018 at 6:11am
" rel="nofollow - Any update on a working fix for X299?


Posted By: jclausius
Date Posted: 03 Jan 2018 at 12:12am
" rel="nofollow - Hi there... I'm a bit confused after reading the posts in this thread.

Can anyone confirm if you're on x299 based mobos with Gen 8 CPUs, has anyone seen a patch from ASRock? I get the 'mismatch SKU' error with the ME1 download. However, the intel bulletin says my config is susceptible - https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

Also, can anyone with X299 platform based boards confirm the version of ME on their system? For example, for me:

System Board: x299e-itx/ac
CPU:          i7-7820x
ME Version:   11.10.0.1287


Posted By: jclausius
Date Posted: 03 Jan 2018 at 12:29am
Can anyone from ASRock confirm they have a patch for the x299 based motherboards coming soon?

Intel Tech Support tells me ASRock should already have the patch - http://s1235.photobucket.com/user/jclausius/media/intel%20chat%20-%202018-01-02%2010-25-49_zpscve4pd7j.png.html" rel="nofollow">


Posted By: dbeachy1
Date Posted: 05 Jan 2018 at 1:10am
" rel="nofollow - I'm getting the same error ("Error 8704: Firmware update operation not initiated due to a SKU mismatch") running the "ME1" patch on my ASRock X299 Taichi board with an Intel i9-7900X CPU.  I see this issue was first reported six weeks ago in another thread, so I'm surprised there is still no fix for it.  As I understand it, the error means that the firmware patch does not apply to my CPU (???).


I've updated my Windows build to 16299.192 via the Microsoft security patch, but the Intel detection tool for INTEL-SA-00086 still shows my system as vulnerable since the Intel ME firmware patch won't install on my system.  I opened a support ticket with ASRock about it, so I'll report back if and when I get more information.


Posted By: jclausius
Date Posted: 05 Jan 2018 at 3:01am
That's good news. Seems the ME1 patch doesn't work because it doesn't support the Skylake-X processors... At least that is what I recall reading.

I emailed ASRock about 10 days ago. Hopefully they get back to you. Thanks for any follow-up info.


Posted By: dbeachy1
Date Posted: 05 Jan 2018 at 10:03am
Some interesting news here -- I heard back from ASRock support tonight, and here is the message:

 ============================================

From: Support [ mailto:pablomedina@asrockamerica.com" rel="nofollow - mailto:<redacted> ]
Sent: Thursday, January 04, 2018 7:51 PM
To: <redacted>
Subject: RE: $X299 TAICHI/A/ASRK$ Unable to update to Intel ME 11.8.50.3425 (United States)

 check the information below if your motherboard chipset is effected

 

Intel released the newer ME version to fix the security bug recently.

The models 100/200/300 could be updated ME firmware by ME tool directly.

Please be noted that there are two different ME type for our models.

 

1. Consumer ME

Chipset: Z170, Z270, H110, B250, H270, Z370

Consumer ME link: http://asrock.pc.cdn.bitgravity.com/TSD/ME-consumer_11.8.50.3425.zip" rel="nofollow - http://asrock.pc.cdn.bitgravity.com/TSD/ME-consumer_11.8.50.3425.zip

 

2. Corporate ME

Chipset: H170, B150, Q170

Corporate ME link: http://asrock.pc.cdn.bitgravity.com/TSD/ME-corporate_11.8.50.3425.zip" rel="nofollow - http://asrock.pc.cdn.bitgravity.com/TSD/ME-corporate_11.8.50.3425.zip

 

Microsite link:

Reference: http://www.asrock.com/microsite/2017IntelFirmware/" rel="nofollow - http://www.asrock.com/microsite/2017IntelFirmware/

 ============================================

I replied and said that I had already tried running that Consumer ME patch version per my original message.  What is interesting, however, is that support said that the consumer ME patch only supports these chipsets:

1. Consumer ME

Chipset: Z170, Z270, H110, B250, H270, Z370

I replied and asked if they know if and when a version of the patch for the X299 chipset, which is what my motherboard uses, will be available. 

So this explains why the patch doesn't work with our X299 boards: the patch doesn't support that chipset.  Unhappy  Hopefully ASRock will make an X299 version of the ME firmware patch available soon.


EDIT:

Also, according to the https://downloadcenter.intel.com/download/27150" rel="nofollow - INTEL-SA-00086 Detection Tool , my Intel Management Engine version is 11.10.0.1287, so clearly the ME version for X299 boards is separate from the ME versions that the ASRock ME patch is supposed to update.

 



Posted By: jclausius
Date Posted: 06 Jan 2018 at 12:43am
" rel="nofollow -
Originally posted by dbeachy1 dbeachy1 wrote:

Some interesting news here -- I heard back from ASRock support tonight, and here is the message:

?============================================

I replied and asked if they know if and when a version of the patch for
the X299 chipset, which is what my motherboard uses, will be available.?

Great work!! Thank you for shedding some light on the whole situation.

Hopefully they'll respond with an x299 version is available soon!! If so, please let us know. Thanks again.

-jclausius


Posted By: tsunami2311
Date Posted: 06 Jan 2018 at 3:34am
just did http://asrock.pc.cdn.bitgravity.com/TSD/ME-consumer_11.8.50.3425.zip" rel="nofollow - http://asrock.pc.cdn.bitgravity.com/TSD/ME-consumer_11.8.50.3425.zip
on my z170 extreme 4 it now says i am patched but also goes on about some intel license client is obsolete


http://www.guru3d.com/news-story/new-hardware-vulnerability-found-in-intel-processors.html" rel="nofollow - http://www.guru3d.com/news-story/new-hardware-vulnerability-found-in-intel-processors.html

how much of this Spectre??and ?�Meltdown??br>does this  apply too or am i gona need another fw update update?

Im still using bios update 3.20 i only did this update for the   above, I am assuming if I did the bios update to 7.20 I would have reaplly thew above fix?  i am also assuming asrock is gona release new bios for all this


Posted By: jclausius
Date Posted: 06 Jan 2018 at 3:51am
While I think the patch from ASRock will go to patch Management Engine, the other patches you'll have to apply will need to come from your OS vendor (Microsoft or Linux).


Posted By: ABS
Date Posted: 06 Jan 2018 at 11:33pm
" rel="nofollow - Funny thing.

I installed corporate version of 11.8.50.3425 (H170m Pro4, i3-6100, Win10 Home 64bit).  The uefi and Intel SA-00086 detection tool both confirm the update.  However in Device Manager the Intel Management Engine Interface still shows the old driver (11.6.0.1026).  

Any thoughts?


Posted By: psy
Date Posted: 06 Jan 2018 at 11:44pm
" rel="nofollow - Hello, i have the B85M-ITX motherboard with a i5 4670k (latest bios 2.50) and the intel utility reports that my system is affected by this bug, there will be some bios update from asrock ? thank you.


Posted By: dbeachy1
Date Posted: 07 Jan 2018 at 12:55am
Originally posted by ABS ABS wrote:

" rel="nofollow - Funny thing.

I installed corporate version of 11.8.50.3425 (H170m Pro4, i3-6100, Win10 Home 64bit).  The uefi and Intel SA-00086 detection tool both confirm the update.  However in Device Manager the Intel Management Engine Interface still shows the old driver (11.6.0.1026).  

Any thoughts?


As I understand it, the version of the ME driver software / driver in Windows (installed via a package named "Intel(R) Management Engine Components" in my add/remove programs) is the Windows driver version, which is a different piece of software from the actual firmware that resides in the CPU.  For example, on my system here, Device Manager shows my ME Windows driver as version 11.7.0.1017, but the ME firmware installed on my i9-7900X CPU is 11.10.0.1287.  Installing the new firmware patch from ASrock does not update the Windows drivers for ME, just the firmware itself on the CPU.  Does that make sense?


Posted By: Hackerpcs
Date Posted: 07 Jan 2018 at 3:44am
" rel="nofollow - Is there any fix for my 2nd Generation i5 (Sandy Bridge) board (B75 Pro3-M)?
INTEL-SA-00086 Detection Tool
Application Version: 1.0.0.152
Computer Name:
Scan date: 6/1/2018 5:19:04 μμ

*** Host Computer Information ***
Manufacturer: To Be Filled By O.E.M.
Model: To Be Filled By O.E.M.
Processor Name: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
OS Version: Microsoft Windows 7 Ultimate

*** Intel(R) ME Information ***
Engine: Intel(R) Management Engine
Version: 8.1.0.1265
SVN: 1

*** Risk Assessment ***
Based on the analysis performed by this tool: This system is vulnerable.
Explanation:
The detected version of the Intel(R) Management Engine firmware is considered vulnerable for INTEL-SA-00086.
Contact your system manufacturer for support and remediation of this system.

For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
Copyright(C) 2017, Intel Corporation, All rights reserved.


Posted By: ABS
Date Posted: 08 Jan 2018 at 1:33am
ok that makes sense.  


Posted By: s7cGamer
Date Posted: 08 Jan 2018 at 2:50am
I have this motherboard as well, no BIOS updates available.


Originally posted by Hackerpcs Hackerpcs wrote:

" rel="nofollow - Is there any fix for my 2nd Generation i5 (Sandy Bridge) board (B75 Pro3-M)?
INTEL-SA-00086 Detection Tool
Application Version: 1.0.0.152
Computer Name:
Scan date: 6/1/2018 5:19:04 μμ

*** Host Computer Information ***
Manufacturer: To Be Filled By O.E.M.
Model: To Be Filled By O.E.M.
Processor Name: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
OS Version: Microsoft Windows 7 Ultimate

*** Intel(R) ME Information ***
Engine: Intel(R) Management Engine
Version: 8.1.0.1265
SVN: 1

*** Risk Assessment ***
Based on the analysis performed by this tool: This system is vulnerable.
Explanation:
The detected version of the Intel(R) Management Engine firmware is considered vulnerable for INTEL-SA-00086.
Contact your system manufacturer for support and remediation of this system.

For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
Copyright(C) 2017, Intel Corporation, All rights reserved.


Posted By: andressergio
Date Posted: 08 Jan 2018 at 1:46pm
I have ASRock Fatal1ty X299 Professional Gaming i9 + Core i9-7900X Intel Tool detects as VULNERABLE, so far no patch works i get the same SKU Error that others on this thread.

https://imgur.com/4i4neG8" rel="nofollow">


Posted By: Krautmaster
Date Posted: 08 Jan 2018 at 2:45pm
" rel="nofollow - my gosh Asrock whatsup?!, zero support is the the new thing? No ME fix, no answer on the meltdown / spectre thing and a buggy x299 bios monthes old? are u kidding? 

Good hw is only as good as the support which is less than nothing here with my ASROCK board. 


Posted By: jclausius
Date Posted: 09 Jan 2018 at 12:20am
" rel="nofollow - @dbeachy1 - any word from ASRock?


Posted By: jclausius
Date Posted: 09 Jan 2018 at 12:25am
Everyone,

I think for this to be effective, we're going to have to speak with one voice here. Let's try to gather information that the ASRock Tech Support people can see / use as well as future posters.

If you've run the intel SA-00086 detection tool, and you're system is 'vulnerable', please post the following information:



Intel Detection Tool Vulnerable: Yes/No
System Board : ASRock Motherboard Make/Model
CPU :
ME BIOS/Detection Tool Version :

----------------------

So, I have the following:


Intel Detection Tool Vulnerable: Yes
System Board : x299e-itx/ac
CPU : i7-7820x
ME BIOS/Detection Tool Version : 11.10.0.1287


Posted By: dbeachy1
Date Posted: 09 Jan 2018 at 1:26am
Originally posted by jclausius jclausius wrote:

" rel="nofollow - @dbeachy1 - any word from ASRock?


No, they have not replied since I replied back to their initial response to me.  Cry




Posted By: 2ndLastJedi
Date Posted: 09 Jan 2018 at 11:30am
" rel="nofollow - What am i supposed to do to update my z170 extreme4?
Is Asrock working on a update to help fix this current security issue?


Posted By: realist
Date Posted: 09 Jan 2018 at 11:40am
" rel="nofollow - Cmon guys. Not only does the brand new highend X299 Professional Gaming i9 XE not get the ME security patch, but now we have to wait for the recent Intel microcode as well? Oh. My. God.


Posted By: 2ndLastJedi
Date Posted: 09 Jan 2018 at 11:53am
" rel="nofollow - [URL=][/URL]My current ME is 11.6.0.1126 .
Is this okay ? If not will Windows 10 FCU update the ME for me ?
I have the latest P7.20 Bios for my 6600k on z170 Extreme 4 .
I don't really have any clue about these things and just usually let Windows do my updates for me .
I have tried to use this update
https://www.asrock.com/microsite/2017IntelFirmware/
but it starts then stops and has red writing that pops up super quick that i cant read it , i even tried using Shadowplay to record it and stop it when the red writing popped up but it is still to quick and i cant read it ?
Any assistance is truly appreciated .


Posted By: 2ndLastJedi
Date Posted: 09 Jan 2018 at 9:25pm
" rel="nofollow - No one really got any info or help ?


Posted By: jclausius
Date Posted: 09 Jan 2018 at 11:08pm
" rel="nofollow -
Originally posted by 2ndLastJedi 2ndLastJedi wrote:

My current ME is 11.6.0.1126 .
Is this okay ?

I have tried to use this update
https://www.asrock.com/microsite/2017IntelFirmware/
but it starts then stops and has red writing that pops up super quick that i cant read it , i even tried using Shadowplay to record it and stop it when the red writing


1) Can you post some information about your system? See http://forum.asrock.com/forum_posts.asp?TID=6717&PID=42632&title=intel-management-engine-issue-intelsa00086-fix#42632



Intel Detection Tool Vulnerable: Yes/No
System Board : ASRock Motherboard Make/Model
CPU :
ME BIOS/Detection Tool Version :


2) Try opening a command line, and then running the tool using the command line. It should show you the error without having the window disappear.


Posted By: Hackerpcs
Date Posted: 10 Jan 2018 at 12:07am
Originally posted by Krautmaster Krautmaster wrote:

no answer on the meltdown / spectre thing

They are not fixable through motherboard

Originally posted by realist realist wrote:

Cmon guys. Not only does the brand new highend X299 Professional Gaming i9 XE not get the ME security patch,

Security should be provided for all motherboards, I agree that normally latest and high end boards will be prioritized but Asrock should work on older boards too


Posted By: rico
Date Posted: 10 Jan 2018 at 4:33am
Originally posted by realist realist wrote:

" rel="nofollow - Cmon guys. Not only does the brand new highend X299 Professional Gaming i9 XE not get the ME security patch, but now we have to wait for the recent Intel microcode as well? Oh. My. God.


Well you got something today: https://www.asrock.com/MB/Intel/Fatal1ty%20X299%20Professional%20Gaming%20i9%20XE/index.asp#BIOS" rel="nofollow - https://www.asrock.com/MB/Intel/Fatal1ty%20X299%20Professional%20Gaming%20i9%20XE/index.asp#BIOS

Add "Multi Core Enhancement" item for Skylake-X CPU



-------------
Z170 Gaming K6+, i7-6700K (stock coz >4GHz anyways), 16 GB G.Skill 3400MHz (F4-3400C16-8GTZ)


Posted By: 2ndLastJedi
Date Posted: 10 Jan 2018 at 8:39am
" rel="nofollow - Okay i have run the test and its shows as vulnerable but i cant figure out how to post the screenshot of its report ?
When i click the insert image icon it asks for a web address of the image !


Posted By: 2ndLastJedi
Date Posted: 10 Jan 2018 at 8:04pm
" rel="nofollow - Okay i managed to update the ME and it says i'm not vulnerable but now it says i need to update :

intel capability licensing service client 1.47.715.0

because my one is obsolete ??????????
Where do i find this as it says to get it from my system manufacturer ?


Posted By: jclausius
Date Posted: 10 Jan 2018 at 10:59pm
" rel="nofollow -
Originally posted by 2ndLastJedi 2ndLastJedi wrote:

Okay i managed to update the ME and it says i'm not vulnerable but now it says i need to update :

intel capability licensing service client 1.47.715.0

because my one is obsolete ??????????
Where do i find this as it says to get it from my system manufacturer ?
Perhaps @tsunami2311 can answer if the issue was resolved.

Did you see the post - http://forum.asrock.com/forum_posts.asp?TID=6717&PID=42387&title=intel-management-engine-issue-intelsa00086-fix#42387


Posted By: tsunami2311
Date Posted: 11 Jan 2018 at 2:09am
I was never looked in to why it says i only did this update cause i thought it was part current issue going around, then i noticed the original post date


Posted By: tsunami2311
Date Posted: 11 Jan 2018 at 2:13am
Originally posted by 2ndLastJedi 2ndLastJedi wrote:

" rel="nofollow - [URL=][/URL]My current ME is 11.6.0.1126 .
Is this okay ? If not will Windows 10 FCU update the ME for me ?
I have the latest P7.20 Bios for my 6600k on z170 Extreme 4 .
I don't really have any clue about these things and just usually let Windows do my updates for me .
I have tried to use this update
https://www.asrock.com/microsite/2017IntelFirmware/
but it starts then stops and has red writing that pops up super quick that i cant read it , i even tried using Shadowplay to record it and stop it when the red writing popped up but it is still to quick and i cant read it ?
Any assistance is truly appreciated .


the me fix is not included in the origina 7.20 bios or i so i been told, I to am also hoping MS push the needed the updated microcodes to people other wise "alot" people will remain effect,  atlest by the current "flaws" that hit the news, seeing what fixes there are need both microcode and os patches, I truely hope it dont need bios updates cause like said majority people will never get them


Posted By: boistordu
Date Posted: 12 Jan 2018 at 1:11am
" rel="nofollow - Why the hell don't we have already a bios update with it? And why the hell, on the Z270 fatality gaming pro there is not the updated firmware for installation ?


Posted By: jclausius
Date Posted: 13 Jan 2018 at 1:26am
For those of you on x299e-itx/ac, the 1.40 BIOS has been released! See https://www.asrock.com/MB/Intel/X299E-ITXac/index.us.asp#BIOS" rel="nofollow - https://www.asrock.com/MB/Intel/X299E-ITXac/index.us.asp#BIOS


Posted By: rico
Date Posted: 13 Jan 2018 at 4:54am
" rel="nofollow - Bunch of other X299 boards too: https://www.asrock.com/support/index.asp?cat=BIOS

I've been keeping an eye of on that page to see which boards are getting updates. Sadly for me, I've not seen many Z170 updates.


-------------
Z170 Gaming K6+, i7-6700K (stock coz >4GHz anyways), 16 GB G.Skill 3400MHz (F4-3400C16-8GTZ)


Posted By: 2ndLastJedi
Date Posted: 13 Jan 2018 at 12:45pm
" rel="nofollow - After updating to the latest ME1 from Asrock the Intel tool says i'm not vulnerable but now says that my Intel Capability Licence Service is Obsolete ?????????????
So i'm not even sure my z170 Extreme 4 needs more than that License but not sure where or how to update it ?


Posted By: rmsjr
Date Posted: 14 Jan 2018 at 10:44am
I am running into the Intel Compatibility Licensing issue as well.  Based on https://communities.intel.com/thread/120392" rel="nofollow - this thread , it appears that the resolution to this problem is to update the Intel Management Engine Driver.  The driver listed for my MOBO (Taichi x299) hasn't been updated since 6/12/17.  As expected updating this driver did not solve the problem.  Maybe there is an update coming soon from Intel / ASRock?


Posted By: 2ndLastJedi
Date Posted: 17 Jan 2018 at 7:10pm
" rel="nofollow - Still no solution to obsolete Intel Compatibility License ?


Posted By: jclausius
Date Posted: 17 Jan 2018 at 11:23pm
" rel="nofollow - @2ndLastJedi... Has ASRock released a chipset download for your board yet? My guess is it will be in there.

I also think it wouldn't hurt to pose the question to ASRock Tech Support. If you do, please post back your experience.


Posted By: 2ndLastJedi
Date Posted: 18 Jan 2018 at 6:54pm
Z170 Extreme4 is my board , i don't think there has been any new downloads for a couple of months but if YouTubers are anything to go by there should be Bios updates for Skylake on .
Fingers crossed AsRock do soon .


Posted By: rico
Date Posted: 18 Jan 2018 at 11:02pm
" rel="nofollow - Good, some Z170 and H110 BIOS updates today: https://www.asrock.com/support/index.asp?cat=BIOS

Hopefully they'll cover the full range eventually.



-------------
Z170 Gaming K6+, i7-6700K (stock coz >4GHz anyways), 16 GB G.Skill 3400MHz (F4-3400C16-8GTZ)


Posted By: 2ndLastJedi
Date Posted: 19 Jan 2018 at 10:24am
It seems its coming , but when .


Posted By: tsunami2311
Date Posted: 20 Jan 2018 at 3:13am
" rel="nofollow -
Originally posted by rico rico wrote:

Good, some Z170 and H110 BIOS updates today: https://www.asrock.com/support/index.asp?cat=BIOS

Hopefully they'll cover the full range eventually.




they seem to be released batch updates everyday since jan 17 I been check back every day and 1xx series seem to be slowly, Like you i wating on  my z170  MB (extreme 4)  to get updated.

VM way  dont work properly which i already knew for sw microcode updates, and I no interested in do UBU  way


Posted By: 2ndLastJedi
Date Posted: 20 Jan 2018 at 7:02pm
" rel="nofollow - Z270 Extreme 4's up ! can i use that on a Z170 Extreme 4 ?


Posted By: rico
Date Posted: 20 Jan 2018 at 11:02pm
Dude, No! I don't even


-------------
Z170 Gaming K6+, i7-6700K (stock coz >4GHz anyways), 16 GB G.Skill 3400MHz (F4-3400C16-8GTZ)


Posted By: 2ndLastJedi
Date Posted: 21 Jan 2018 at 10:10am
lol


Posted By: jclausius
Date Posted: 24 Jan 2018 at 11:34pm
" rel="nofollow - OK. Apparently, it has been reported Intel found some problems with their Management Engine BIOS patch causing system instability (restarts??) that vendors have been pulling their own UEFI/BIOS updates. I see ASRock is no exception, as the x299e-itx/ac BIOS 1.40 has been pulled from their website.

Regardless, I upgraded my UEFI a week or so ago when it was released. It has been stable, with no issues for me, and I'm not planning on downgrading. Is this incorrect thinking?


Posted By: tsunami2311
Date Posted: 25 Jan 2018 at 1:48am
Originally posted by jclausius jclausius wrote:

" rel="nofollow - OK. Apparently, it has been reported Intel found some problems with their Management Engine BIOS patch causing system instability (restarts??) that vendors have been pulling their own UEFI/BIOS updates. I see ASRock is no exception, as the x299e-itx/ac BIOS 1.40 has been pulled from their website.

Regardless, I upgraded my UEFI a week or so ago when it was released. It has been stable, with no issues for me, and I'm not planning on downgrading. Is this incorrect thinking?

 
The Management Engine issue that was completley diffrence is and  has nothing to do with what we talking and what we waiting for and restarts happen on some systems with new bios.

That is cause the new microcode being pushed to fix the meltdown and spec flaws

2 diffrent issue,  Asrock never make formal topic about the Meltdown/spec flaws so it got carried in to this topic

Most of us are talking about this
http://www.asrock.com/Microsite/SA00088/
which has no actual link  on the forums or site that i can see less it really hidden


Posted By: jclausius
Date Posted: 25 Jan 2018 at 3:21am
Yes. I'm talking about the same thing. (I think)

This is interesting. I didn't check the other x299 boards, but for the x299e-itx/ac, there was a UEFI update from last week. I downloaded it and installed it. However, after hearing about the restarts, I went to check to see if there was another update with the latest intel fix. It was here I noticed the UEFI/BIOS update I pulled last week has been removed. That is what I'm referring to.

I don't know if this is true from other boards as well, but do know for certain it definitely applies to the x299e-itx/ac.


Posted By: tsunami2311
Date Posted: 25 Jan 2018 at 3:29am
"Intel Management Engine Issue INTEL-SA-00086 Fix"
Nov 2017

Has nothing to do the Jan 2018 http://www.asrock.com/Microsite/SA00088/" rel="nofollow - http://www.asrock.com/Microsite/SA00088/
Updates which is the Microcode fix which are what are causing the restarts on some systems

they are 2 different issues, they not the same issue


Posted By: jclausius
Date Posted: 25 Jan 2018 at 6:45am
Intel SA-00086 vs SA-00088 (to many similar numerals)

I believe the issue I originally was talking about is found at - https://www.asrock.com/microsite/2017IntelFirmware/" rel="nofollow - https://www.asrock.com/microsite/2017IntelFirmware/

That update was to address the original issue that started this whole thing, correct?

So, the new issue, SA-00088, is to address the reboots caused by the UEFI update to fix SA-00086...

In either case, the x299e-itx/ac at one time had UEFI v 1.40. It looks like that has been pulled on the ASRock website by the suggestion of Intel.

Am I saying this correctly?


Posted By: tsunami2311
Date Posted: 25 Jan 2018 at 9:07am
you kinda confusing me at this so some one else can correct me if i am wrong.

https://www.asrock.com/microsite/2017IntelFirmware/" rel="nofollow - https://www.asrock.com/microsite/2017IntelFirmware/
This is the  MEI fix list in the first page of this topic.

But this topic got sidetracked into the Meltdown/Spec issue cause there is no sticky in reguards to this issue
http://www.asrock.com/Microsite/SA00088/" rel="nofollow - http://www.asrock.com/Microsite/SA00088/

SA-00088 issues new Microcode updates to plug the whole Meltdown/spec  flaw. Some of Microcodes from this Updates are cause certain system to reboot. Those effect chips/boards are the ones that had Bios update pulled.

I am also assuming because this reboot issue Asrock has put pause on doing more bios update  for the new microcodes for the boards that still need them till intel sorts it out.

Honstely Asrock should make Sticky for the
http://www.asrock.com/Microsite/SA00088/" rel="nofollow - http://www.asrock.com/Microsite/SA00088/
issue like they did for the  https://www.asrock.com/microsite/2017IntelFirmware/" rel="nofollow - https://www.asrock.com/microsite/2017IntelFirmware/ Right now the Meltdown/spec issue is only listed in the News section of the site there no mention of on the forums.




Posted By: jclausius
Date Posted: 25 Jan 2018 at 1:07pm
" rel="nofollow - OK. I'm pretty sure it's me that's confused. I thought the Spectre/Meltdown security issue *was* related to the Intel ME BIOS issue. In other words, didn't this hole in the ME BIOS issue lead the Google researchers to discover the Spectre/Meltdown problems?

Upon further reading, it looks like this is not the case. And it looks like the fix for SA-00088 will require both patches to the OS and an updated BIOS/UEFI.

But I'd like to get back back to my original question - I downloaded "X299E-ITXac(1.40)ROM.zip". IIRC, this mentioned it had an updated Intel Management Engine version for SA-00086 on the x299e-itx/ac. However, as of today this BIOS is no longer downloadable from ASRock. For what reason was it pulled? What should I be looking to do next?


Posted By: tsunami2311
Date Posted: 27 Jan 2018 at 7:09am
it was pulled cause the reboot issue associated with some of the microcode that were released to fix the  SA-00088 issue from my understanding. cause Intel told Manufactures to stop  distributing them.


Most MB never got fix for the SA-00086 issued threw Bios update,  it was done threw  individual updates first page of this.




Posted By: jclausius
Date Posted: 27 Jan 2018 at 11:28pm
" rel="nofollow -
Originally posted by tsunami2311 tsunami2311 wrote:

it was pulled cause the reboot issue associated with some of the microcode that were released to fix the? SA-00088 issue from my understanding. cause Intel told Manufactures to stop? distributing them.

Most MB never got fix for the SA-00086 issued threw Bios update,? it was done threw? individual updates first page of this.
OK. Being that my x299e-itx/ac is not rebooting, I'm just going to leave its 1.40 BIOS/UEFI in place and wait for an updated one down the road.

@tsunami2311 - thanks for the discussion and enlightening me on the problem.


Posted By: tsunami2311
Date Posted: 28 Jan 2018 at 2:00am
according to intel the broadwell and haswell chips are the ones affect by reboots.


Posted By: jclausius
Date Posted: 30 Jan 2018 at 1:32am
Originally posted by tsunami2311 tsunami2311 wrote:

according to intel the broadwell and haswell chips are the ones affect by reboots.
Yes. I saw that too.


Posted By: jclausius
Date Posted: 16 Feb 2018 at 5:55am
Unless you picked this up in early January, ASRock released UEFI/BIOS 1.40 for the x299e-itx/ac yesterday.

If you've already downloaded and installed this version before it was removed, there's no need to do it again. In fact, you won't be able to as the UEFI is the exact same one (binary equivalent) to the one from a few weeks ago.

-------------
x299e-itx/ac | i7-7820X@3.60GHz | 32GB - 4x8GB Quad Channel@3000MHz GSkill DDR4 | nVidia GTX 1060M w/ 6GB GDDR5 | Samsung 960 Pro 512GB | Samsung 960 Pro 1TB | 160GB Seagate Momentus | Panasonic UJ265



Print Page | Close Window

Forum Software by Web Wiz Forums® version 12.04 - http://www.webwizforums.com
Copyright ©2001-2021 Web Wiz Ltd. - https://www.webwiz.net