4 Replies Latest reply on Nov 27, 2017 3:16 PM by mohd_anis

    Unable to upgrade Intel ME firmware




      I have a Skylake i7-6700k with an Asus MAXIMUS VIII HERO (z170 motherboard). I've been trying to upgrade my Intel management engine but I've run into a problem which seems to be related to management engine itself.

      I've installed the intel management engine interface drivers with no issue ( as far as I can tell.


      I've ran the SA00086 tool from Intel that can be downloaded from here: Intel-SA-00086 Detection Tool

      It reports my system as vulnerable:


      Risk Assessment

      Based on the analysis performed by this tool: This system is vulnerable.


      Processor Name: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz

      OS Version: Microsoft Windows 10 Pro


      Intel(R) ME Information

      Engine: Intel(R) Management Engine


      SVN: 1


      I have downloaded the tool (http://dlcdnet.asus.com/pub/ASUS/mb/LGA1151/Z170-A/MEUpdateTool_UI_20171103_TP.zip ) from Asus for my motherboard for updating ME firmware (it uses FWUpdLcl64.exe from Intel), but when running it, it encounters an error:


      Intel (R) Firmware Update Utility Version:

      Copyright (C) 2007 - 2017, Intel Corporation. All rights reserved.

      Communication Mode: MEI

      Error 8719: Firmware update cannot be initiated because Local Firmware update is disabled


      It seems like my management engine is locked down somehow from being updated. There's no options in my UEFI/BIOS related to management engine.


      Here's the output from MEInfoWin.exe:



      Intel(R) MEInfo Version:

      Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.







      Intel(R) ME code versions:



      BIOS Version                                 3504

      MEBx Version                       

      GbE Version                                  0.7

      Vendor ID                                    8086

      PCH Version                                  31

      FW Version                          H

      Security Version (SVN)                       1

      LMS Version                                  Not Available

      MEI Driver Version                 

      Wireless Hardware Version                    Not Available

      Wireless Driver Version                      Not Available



      FW Capabilities                              0x11111D40



              Intel(R) Capability Licensing Service - PRESENT/ENABLED

              Protect Audio Video Path - PRESENT/ENABLED

              Intel(R) Dynamic Application Loader - PRESENT/ENABLED



      Re-key needed                                False

      Platform is re-key capable                   True

      TLS                                          Disabled

      Last ME reset reason                         Firmware reset

      Local FWUpdate                               Disabled

      BIOS Config Lock                             Enabled

      GbE Config Lock                              Enabled

      Host Read Access to ME                       Enabled

      Host Write Access to ME                      Disabled

      Host Read Access to EC                       Disabled

      Host Write Access to EC                      Disabled

      SPI Flash ID 1                               EF4018

      SPI Flash ID 2                               Unknown

      BIOS boot State                              Post Boot

      OEM ID                                       00000000-0000-0000-0000-000000000000

      Capability Licensing Service                 Enabled

      OEM Tag                                      0x00000000

      Slot 1 Board Manufacturer                    0x00000000

      Slot 2 System Assembler                      0x00000000

      Slot 3 Reserved                              0x00000000

      M3 Autotest                                  Disabled

      C-link Status                                Disabled

      Independent Firmware Recovery                Disabled

      EPID Group ID                                0xF87

      LSPCON Ports                                 None

      5K Ports                                     None

      OEM Public Key Hash FPF                      0000000000000000000000000000000000000000000000000000000000000000

      OEM Public Key Hash ME                       0000000000000000000000000000000000000000000000000000000000000000

      ACM SVN FPF                                  0x0

      KM SVN FPF                                   0x0

      BSMM SVN FPF                                 0x0

      GuC Encryption Key FPF                       0000000000000000000000000000000000000000000000000000000000000000

      GuC Encryption Key ME                        0000000000000000000000000000000000000000000000000000000000000000



                                                   FPF                      ME

                                                   ---                      --

      Force Boot Guard ACM                         Disabled                 Disabled

      Protect BIOS Environment                     Disabled                 Disabled

      CPU Debugging                                Enabled                  Enabled

      BSP Initialization                           Enabled                  Enabled

      Measured Boot                                Disabled                 Disabled

      Verified Boot                                Disabled                 Disabled

      Key Manifest ID                              0x0                      0x0

      Enforcement Policy                           0x0                      0x0


      I noticed that "Local FWUpdate" is set to Disabled. How can I enable this flag to upgrade my old firmware?


      Would really appreciate some help on this matter. Thanks!