A Computer hardware and components forum. ComputerBanter.com

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » ComputerBanter.com forum » System Manufacturers & Vendors » Dell Computers
Site Map Home Authors List Search Today's Posts Mark Forums Read Web Partners

Intel Management Engine Updates



 
 
Thread Tools Display Modes
  #1  
Old June 5th 19, 12:39 AM posted to alt.sys.pc-clone.dell,alt.comp.os.windows-10
Boris[_7_]
external usenet poster
 
Posts: 8
Default Intel Management Engine Updates

Machine is a Dell Inspiron 3668 desktop running Windows 10 Home Premium,
1803 build 17134.765. Looks like this machine is two builds behind (.766
and .799) before even getting to 1809. I'm set to get updates
automatically, and I keep hitting Check for Updates, but that's for
another post.

Within the last few days this machine's Windows Update got an "Intel-
System-1/21/2019 12:00:00 AM-1904.12.0.1209".

(There's a button to "Install Now". or, as it says, "We'll automatically
install updates when you aren't using your device..." Well, this machine
is on 24x7 and 'active hours' are 8am to 9am, so there's plenty of time
to install, but this has never happened. I always have to hit Install or
Restart to install an update. Again, this is for another post.}

Also, Dell, through their Support Assist, keeps telling me of an Urgent
Chipset update for the "Intel Management Engine Components Installer
1914-12-0-1255".

So, Windows wants to install an Intel System update, and Dell wants to
install an Intel something or other:

https://postimg.cc/gallery/lokw0sjs/

Anyone install this particular Dell update? Problems?

I guess the Windows Intel-System will eventually get installed, since I
can't prevent that. Anyone familiar with that one?

  #2  
Old June 5th 19, 01:35 AM posted to alt.sys.pc-clone.dell,alt.comp.os.windows-10
😉 Good Guy 😉
external usenet poster
 
Posts: 7
Default Intel Management Engine Updates

On 05/06/2019 00:39, Boris wrote:

Anyone install this particular Dell update? Problems?


Is there any particular reasons why you always ask stupid questions
about updates? Updates are updates; You can either install them or
simply ignore them until they install themselves.

Why do you guys have to ask here when silly things like what yo are
asking can easily be answered by using your own common sense. Have you
always been as stupid as you seem to appear here or are you taking a
micky of people who are silly like you to answer your questions.

Can you just go and **** off and if you don't have any brains then go
and hire an Indian Technician who can solve most of your IT problems.




--
With over 950 million devices now running Windows 10, customer
satisfaction is higher than any previous version of windows.

  #3  
Old June 5th 19, 02:24 AM posted to alt.sys.pc-clone.dell,alt.comp.os.windows-10
Paul[_26_]
external usenet poster
 
Posts: 1,009
Default Intel Management Engine Updates

Boris wrote:
Machine is a Dell Inspiron 3668 desktop running Windows 10 Home Premium,
1803 build 17134.765. Looks like this machine is two builds behind (.766
and .799) before even getting to 1809. I'm set to get updates
automatically, and I keep hitting Check for Updates, but that's for
another post.

Within the last few days this machine's Windows Update got an "Intel-
System-1/21/2019 12:00:00 AM-1904.12.0.1209".

(There's a button to "Install Now". or, as it says, "We'll automatically
install updates when you aren't using your device..." Well, this machine
is on 24x7 and 'active hours' are 8am to 9am, so there's plenty of time
to install, but this has never happened. I always have to hit Install or
Restart to install an update. Again, this is for another post.}

Also, Dell, through their Support Assist, keeps telling me of an Urgent
Chipset update for the "Intel Management Engine Components Installer
1914-12-0-1255".

So, Windows wants to install an Intel System update, and Dell wants to
install an Intel something or other:

https://postimg.cc/gallery/lokw0sjs/

Anyone install this particular Dell update? Problems?

I guess the Windows Intel-System will eventually get installed, since I
can't prevent that. Anyone familiar with that one?


This is your "1904" one. 196KB.

https://www.catalog.update.microsoft...0 4.12.0.1208

; File Name: heci.inf
; Install information file for TeeDriver Driver

[TEE_DDI_W10.Services]
AddService = MEI, %FLG_ADDREG_NOCLOBBER%, TEE_Service_W10, win10_32.EventLog

ServiceBinary = TeeDriverW8x64.sys # [Covers Win8 and Win10]
# 2019-02-07 01:11

TEE_DeviceDesc = "Intel(R) Management Engine Interface "
TEE_SvcDesc = "Intel(R) Management Engine Interface "

*******

As for what it might potentially do, it's probably already
installed, and this is just an update. About all I can find
right away, is a bilge article like this.

https://en.wikipedia.org/wiki/Host_E...ller_Interface

The Management Engine is largely uncontrollable by the user. I
want to see a jumper on the motherboard, that could be used to
disable it, and prevent shenanigans. Instead, you just get
bull**** from Intel, such as a tray readout claiming "well, it
might be disabled, but it's software so who really knows".

The Management Engine is a microcontroller (could be in the PCH
aka Southbridge), that provides a means for operations to "burrow into"
a computer from the network. It relies on the motherboard having
an Intel NIC with a special property - the NIC is "dual head", and
packets can be defined, such that they go to the Management Engine
without the OS knowing. It's because of this, you can remotely
boot a Management Engine computing product, even if it's crashed.

A typical scenario, is a Dell Business laptop is plugged into the
network, and the power is off (the laptop is in S5). All of a
sudden, the business laptop "spring to life" and the IT department
pushes out a software update. The laptop promptly goes to
sleep later. At one time, Intel had promised to add this
tech into the Wifi path as well, so in some year, the products
would have the additional function of over-the-air Wifi updates
when the computer was otherwise shutdown.

On a mobile system such as a laptop, the WOL has to be enabled
(NIC has core power or Wifi has core power and MAC processing
is operational), and then the management engine can do its thing.

Researchers have determined the embedded controller runs Minux.

https://en.wikipedia.org/wiki/MINIX

The BIOS chip has multiple code images inside. On a Management Engine
product, such as a Dell Business laptop, maybe there's a 4MB
flash module in the BIOS chip, which the Management Engine loads
and that's where the Minux comes in.

And in all of that, there's no "guaranteed OFF button", as
there's some mechanism where the Management Engine could be
used as an anti-theft solution.

There have been exploits for this interface, which is why
this is just so much "trailing slime" in terms of unnecessary
featuritis.

My newest computer has all the infrastructure for this, but
the BIOS module is missing. (I.e. There *is* a BIOS module,
but it's a null one of some sort. Or at least we think it's
null and cannot harm anyone, but who can be sure when your
hardware has an "attack surface" sitting there 24 hours a day?)

*******

Now, the Dell package is different, as it's 90MB in size.
That's more than just a 196KB TEEdriver, that's the whole
package of stuff you might not necessarily want.

It's likely related to the Windows Update one, but the Dell
one contains the higher level packages.

I got a similar one, which was 50MB, for my newest system.
But it contained *three* pieces of software, of which
*two* of them *did not belong on the computer*. I promptly
uninstalled the little ****er, because Intel had the nerve
to *break Firefox* with their nonsense. Such is the
paternal Father Intel, looking out for my wellbeing,
by breaking my browser (if you were downloading a file,
the download would mysteriously fail as the last byte came
in - clever...). So if any fat-assed 50MB+ updates
come in, I won't be taking them, because I've "been there
and bought the Tshirt". And there won't be any repeat
performances.

You see, at the time, the jumbo package was "recommended as
a way to solve the Device Manager HECI blemish". Now, instead,
we have the Windows Update one, which will put in that TEE
driver and remove the Device Manager blemish. You don't
need to install that Dell one necessarily. Or, if you
do decide you "love Dell", take your sweet time
analysing the package, to see if Intel has learned
any lessons. I see no reason to suspect Intel has
learned a damn thing since the last time :-(

Intel has made it harder to get to their forum, to
read discussion threads about some of this stuff. So one
lead I wanted to pursue, was thwarted by Intel with their
crafty "we'll just redirect you to a random meaningless
web page" shtick. Intel is going out of their way to make
friends.

Paul
  #4  
Old June 5th 19, 03:38 PM posted to alt.sys.pc-clone.dell,alt.comp.os.windows-10
Jonathan N. Little
external usenet poster
 
Posts: 33
Default Intel Management Engine Updates

Paul wrote:

https://en.wikipedia.org/wiki/Host_E...ller_Interface

The Management Engine is largely uncontrollable by the user. I
want to see a jumper on the motherboard, that could be used to
disable it, and prevent shenanigans. Instead, you just get
bull**** from Intel, such as a tray readout claiming "well, it
might be disabled, but it's software so who really knows".


System76 was reverse engineering IME in order to disable it, saw a
Lunduke video a while back where in an interview with System76 they
discussed there plans. Looks like the did it:

https://liliputing.com/2017/11/system76-will-disable-intel-management-engine-linux-laptops.html


--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
  #5  
Old June 6th 19, 03:08 AM posted to alt.sys.pc-clone.dell
Ben Myers[_4_]
external usenet poster
 
Posts: 470
Default Intel Management Engine Updates

Two points to make.

First, I suspect that the updates from Dell and Windows are one and the same.

Second, you can download 1903 from Microsoft and install it directly. No need to make the half-step to 1809... Ben Myers


On Tuesday, June 4, 2019 at 7:39:21 PM UTC-4, Boris wrote:
Machine is a Dell Inspiron 3668 desktop running Windows 10 Home Premium,
1803 build 17134.765. Looks like this machine is two builds behind (.766
and .799) before even getting to 1809. I'm set to get updates
automatically, and I keep hitting Check for Updates, but that's for
another post.

Within the last few days this machine's Windows Update got an "Intel-
System-1/21/2019 12:00:00 AM-1904.12.0.1209".

(There's a button to "Install Now". or, as it says, "We'll automatically
install updates when you aren't using your device..." Well, this machine
is on 24x7 and 'active hours' are 8am to 9am, so there's plenty of time
to install, but this has never happened. I always have to hit Install or
Restart to install an update. Again, this is for another post.}

Also, Dell, through their Support Assist, keeps telling me of an Urgent
Chipset update for the "Intel Management Engine Components Installer
1914-12-0-1255".

So, Windows wants to install an Intel System update, and Dell wants to
install an Intel something or other:

https://postimg.cc/gallery/lokw0sjs/

Anyone install this particular Dell update? Problems?

I guess the Windows Intel-System will eventually get installed, since I
can't prevent that. Anyone familiar with that one?


  #6  
Old June 12th 19, 05:48 PM posted to alt.sys.pc-clone.dell,alt.comp.os.windows-10
Boris[_5_]
external usenet poster
 
Posts: 295
Default Intel Management Engine Updates

The author has marked this message not to be archived. This post will be deleted on June 26, 2019.

Paul wrote in :

Boris wrote:
Machine is a Dell Inspiron 3668 desktop running Windows 10 Home
Premium, 1803 build 17134.765. Looks like this machine is two builds
behind (.766 and .799) before even getting to 1809. I'm set to get
updates automatically, and I keep hitting Check for Updates, but
that's for another post.

Within the last few days this machine's Windows Update got an "Intel-
System-1/21/2019 12:00:00 AM-1904.12.0.1209".

(There's a button to "Install Now". or, as it says, "We'll
automatically install updates when you aren't using your device..."
Well, this machine is on 24x7 and 'active hours' are 8am to 9am, so
there's plenty of time to install, but this has never happened. I
always have to hit Install or Restart to install an update. Again,
this is for another post.}

Also, Dell, through their Support Assist, keeps telling me of an Urgent
Chipset update for the "Intel Management Engine Components Installer
1914-12-0-1255".

So, Windows wants to install an Intel System update, and Dell wants to
install an Intel something or other:

https://postimg.cc/gallery/lokw0sjs/

Anyone install this particular Dell update? Problems?

I guess the Windows Intel-System will eventually get installed, since I
can't prevent that. Anyone familiar with that one?


This is your "1904" one. 196KB.

https://www.catalog.update.microsoft...l%20system%201
%2F21%2F2019%201904.12.0.1208

; File Name: heci.inf
; Install information file for TeeDriver Driver

[TEE_DDI_W10.Services]
AddService = MEI, %FLG_ADDREG_NOCLOBBER%, TEE_Service_W10,
win10_32.EventLog

ServiceBinary = TeeDriverW8x64.sys # [Covers Win8 and Win10]
# 2019-02-07 01:11

TEE_DeviceDesc = "Intel(R) Management Engine Interface "
TEE_SvcDesc = "Intel(R) Management Engine Interface "

*******

As for what it might potentially do, it's probably already
installed, and this is just an update. About all I can find
right away, is a bilge article like this.

https://en.wikipedia.org/wiki/Host_E...ller_Interface

The Management Engine is largely uncontrollable by the user. I
want to see a jumper on the motherboard, that could be used to
disable it, and prevent shenanigans. Instead, you just get
bull**** from Intel, such as a tray readout claiming "well, it
might be disabled, but it's software so who really knows".

The Management Engine is a microcontroller (could be in the PCH
aka Southbridge), that provides a means for operations to "burrow into"
a computer from the network. It relies on the motherboard having
an Intel NIC with a special property - the NIC is "dual head", and
packets can be defined, such that they go to the Management Engine
without the OS knowing. It's because of this, you can remotely
boot a Management Engine computing product, even if it's crashed.

A typical scenario, is a Dell Business laptop is plugged into the
network, and the power is off (the laptop is in S5). All of a
sudden, the business laptop "spring to life" and the IT department
pushes out a software update. The laptop promptly goes to
sleep later. At one time, Intel had promised to add this
tech into the Wifi path as well, so in some year, the products
would have the additional function of over-the-air Wifi updates
when the computer was otherwise shutdown.

On a mobile system such as a laptop, the WOL has to be enabled
(NIC has core power or Wifi has core power and MAC processing
is operational), and then the management engine can do its thing.

Researchers have determined the embedded controller runs Minux.

https://en.wikipedia.org/wiki/MINIX

The BIOS chip has multiple code images inside. On a Management Engine
product, such as a Dell Business laptop, maybe there's a 4MB
flash module in the BIOS chip, which the Management Engine loads
and that's where the Minux comes in.

And in all of that, there's no "guaranteed OFF button", as
there's some mechanism where the Management Engine could be
used as an anti-theft solution.

There have been exploits for this interface, which is why
this is just so much "trailing slime" in terms of unnecessary
featuritis.

My newest computer has all the infrastructure for this, but
the BIOS module is missing. (I.e. There *is* a BIOS module,
but it's a null one of some sort. Or at least we think it's
null and cannot harm anyone, but who can be sure when your
hardware has an "attack surface" sitting there 24 hours a day?)

*******

Now, the Dell package is different, as it's 90MB in size.
That's more than just a 196KB TEEdriver, that's the whole
package of stuff you might not necessarily want.

It's likely related to the Windows Update one, but the Dell
one contains the higher level packages.

I got a similar one, which was 50MB, for my newest system.
But it contained *three* pieces of software, of which
*two* of them *did not belong on the computer*. I promptly
uninstalled the little ****er, because Intel had the nerve
to *break Firefox* with their nonsense. Such is the
paternal Father Intel, looking out for my wellbeing,
by breaking my browser (if you were downloading a file,
the download would mysteriously fail as the last byte came
in - clever...). So if any fat-assed 50MB+ updates
come in, I won't be taking them, because I've "been there
and bought the Tshirt". And there won't be any repeat
performances.

You see, at the time, the jumbo package was "recommended as
a way to solve the Device Manager HECI blemish". Now, instead,
we have the Windows Update one, which will put in that TEE
driver and remove the Device Manager blemish. You don't
need to install that Dell one necessarily. Or, if you
do decide you "love Dell", take your sweet time
analysing the package, to see if Intel has learned
any lessons. I see no reason to suspect Intel has
learned a damn thing since the last time :-(

Intel has made it harder to get to their forum, to
read discussion threads about some of this stuff. So one
lead I wanted to pursue, was thwarted by Intel with their
crafty "we'll just redirect you to a random meaningless
web page" shtick. Intel is going out of their way to make
friends.

Paul


I looked at both your and Jonathan N. Little's links. Thank you, both.

My system already had IMEI installed, so with "Intel-System-1/21/2019
12:00:00 AM-1904.12.0.1209" on deck waiting to be installed with a
restart, and not being able to get any new updates until I flushed this
one out of its pending install mode, I restarted. The "Intel-System..."
was installed. I hit the check for updates button and another Windows
update was found, which I installed. I hit the check for updates button
again, and another update came down, which I installed. One more check
for updates and down came feature update 1903, skipping over 1809.

It's like something stuck in the pipes ("Intel-System...") that had to be
flushed down before any more updates could come down. Sort of like what
Monty said in this post:




On another identical Dell (I don't love Dell) machine that I administer, I
did the same thing. That is, keep hitting check for updates, and install
whatever comes down. Eventually, that machine also updated from 1803 to
1903, skipping over 1809.

So much for updating automatically. Still needs human intervention, at
least in my case(s).



  #7  
Old June 12th 19, 08:39 PM posted to alt.sys.pc-clone.dell,alt.comp.os.windows-10
Paul[_26_]
external usenet poster
 
Posts: 1,009
Default Intel Management Engine Updates

Boris wrote:


I looked at both your and Jonathan N. Little's links. Thank you, both.

My system already had IMEI installed, so with "Intel-System-1/21/2019
12:00:00 AM-1904.12.0.1209" on deck waiting to be installed with a
restart, and not being able to get any new updates until I flushed this
one out of its pending install mode, I restarted. The "Intel-System..."
was installed. I hit the check for updates button and another Windows
update was found, which I installed. I hit the check for updates button
again, and another update came down, which I installed. One more check
for updates and down came feature update 1903, skipping over 1809.

It's like something stuck in the pipes ("Intel-System...") that had to be
flushed down before any more updates could come down. Sort of like what
Monty said in this post:




On another identical Dell (I don't love Dell) machine that I administer, I
did the same thing. That is, keep hitting check for updates, and install
whatever comes down. Eventually, that machine also updated from 1803 to
1903, skipping over 1809.

So much for updating automatically. Still needs human intervention, at
least in my case(s).


Clicking the "Check For Updates" button makes you a "Seeker".

This changes the behavior of updating, and "gets them faster"
in certain cases.

So it actually does make a difference.

The OS is more "laid back" if you never punch that button.

This is different than older versions of Windows, where
punching the button did not "give the OS an attitude".

Paul
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Intel's management engine in most CPUs since 2008 can be p0wnedover USB Anonymous Intel 2 November 10th 17 08:10 AM
Guardfish Intel Engine Management Password ? Bernard Rother Intel 0 November 15th 07 07:25 AM
Intel Announces Management Changes [email protected] Intel 0 July 23rd 06 08:02 AM
Working theory: MS update KB904706 updates Creator burn engine plug-in,screws up Easy CD Creator 3.5.x CD Guy Cdr 6 January 17th 06 10:06 PM
Next AMD & Intel war: Management Specs Yousuf Khan General 0 March 2nd 05 04:55 AM


All times are GMT +1. The time now is 05:38 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Copyright 2004-2019 ComputerBanter.com.
The comments are property of their posters.