Scribd
Upload
36 views14 pages

Intel (R) CSME Detection Tool For Legacy Systems User Guide

The Intel® CSME Legacy Detection Tool User Guide provides instructions for detecting security vulnerabilities in Intel® Management Engine firmware versions 6.x to 10.x. It includes details on obtaining, installing, and running the tool on both Windows and Linux systems, as well as interpreting the results and troubleshooting issues. The guide emphasizes that the tool is not applicable for MacOS and outlines the importance of having the appropriate drivers and administrative privileges for successful operation.

Uploaded by

тирреџ
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
36 views14 pages

Intel (R) CSME Detection Tool For Legacy Systems User Guide

The Intel® CSME Legacy Detection Tool User Guide provides instructions for detecting security vulnerabilities in Intel® Management Engine firmware versions 6.x to 10.x. It includes details on obtaining, installing, and running the tool on both Windows and Linux systems, as well as interpreting the results and troubleshooting issues. The guide emphasizes that the tool is not applicable for MacOS and outlines the importance of having the appropriate drivers and administrative privileges for successful operation.

Uploaded by

тирреџ
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

Intel® CSME Legacy Detection

Tool

User Guide

September 2019
Introduction

You may not use or facilitate the use of this document in connection with any infringement or other legal analysis concerning
Intel products described herein. You agree to grant Intel a non-exclusive, royalty-free license to any patent claim thereafter
drafted which includes subject matter disclosed herein.

No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document.
Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service
activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with
your system manufacturer or retailer or learn more at intel.com.

Intel technologies may require enabled hardware, specific software, or services activation. Check with your system manufacturer
or retailer.

The products described may contain design defects or errors known as errata which may cause the product to deviate from
published specifications. Current characterized errata are available on request.

Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness
for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or
usage in trade.

All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel
product specifications and roadmaps.

Copies of documents which have an order number and are referenced in this document may be obtained by calling 1-800-548-
4725 or visit www.intel.com/design/literature.htm.

Intel, and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.
*Other names and brands may be claimed as the property of others.

© 2019 Intel Corporation. All rights reserved

2 User Guide
Introduction

Contents
1 Introduction ...................................................................................................... 5
2 Using the Intel CSME Legacy Detection Tool .......................................................... 6
2.1 Obtaining the Intel CSME Legacy Detection Tool ......................................... 6
2.2 System Requirements ............................................................................. 6
2.3 Installing the Tool – Linux* ...................................................................... 7
2.4 Running the Linux* Console Tool .............................................................. 7
2.5 Installing the Tool – Windows* ................................................................. 7
2.6 Running the GUI Tool .............................................................................. 8
2.7 Running the Windows* Console Tool ......................................................... 9
3 Results ........................................................................................................... 11
3.1 Registry Location .................................................................................. 11
3.2 XML .................................................................................................... 11
3.3 Console Return Codes ........................................................................... 11
3.4 Console Output Values .......................................................................... 12
4 Using the Intel SA-00125 Detection Tool to Identify Impacted Systems .................. 13
5 Troubleshooting Signature Validation Issues ....................................................... 14

User Guide 3
Introduction

Table of Figures
Figure 1: Program Screen Output Example for Vulnerable System ........................... 8
Figure 2: Output Example for System that is Not Vulnerable ................................... 9
Figure 3: Windows* Console Tool Options ........................................................... 10
Figure 4: Intel-Legacy Console Output Example................................................... 10
Figure 5: Risk Assessment Logic ........................................................................ 10
Figure 6: Console Return Codes......................................................................... 12
Figure 7: Console Output Values ........................................................................ 12
Figure 8: Criteria for Determining Whether a System is Vulnerable ........................ 13

4 User Guide
Introduction

1 Introduction
This document will guide you through multiple processes to detect the security
vulnerability described in Intel-SA00086 on platforms running Intel® Management
Engine firmware versions 6.x through 10.x.
For more information, refer to the relevant Intel Security Advisory list at
https://www.intel.com/content/www/us/en/support/articles/000031784/technologies.
html.

Note: This tool is for use only on platforms running Intel® Management Engine
firmware versions 6.x through 10.x. If your platform is running a later version of
firmware, use the tool at https://downloadcenter.intel.com/download/28632.

If you are a user of a single Windows* PC and you wish to determine its
status:
We have provided the Intel Legacy Detection GUI application
(CSME-Detection-Tool-Legacy-GUI.exe) for local analysis of a single or standalone
Windows* system.

If you want to determine the status for multiple Windows* machines:


We have provided the Intel Legacy Detection Tool Console application
(CSME-Detection-Tool-Legacy-console.exe). This tool can perform detection and write
its findings to the local Windows* Registry, and (optionally) to an XML and/or .txt file,
for subsequent collection and analysis.

If you are a user of a Linux* system and you wish to determine its status:
We have provided the Intel Legacy Detection Console application
(intel_csme_detection_tool_legacy) for analysis of Linux* systems.

Note: The Detection Tool does not support MacOS.

User Guide 5
Using the Intel CSME Legacy
Detection Tool

2 Using the Intel CSME Legacy


Detection Tool
What is the Intel Legacy Detection Tool?

The Intel Legacy Detection Tool can be used by local users or an IT administrator
to determine whether a system running Intel® Management Engine firmware versions
6.x through 10.x is vulnerable to the exploit documented in Intel
Security Advisory Intel-SA-000086.

The Detection Tool is offered in two versions for Windows* and in a single version for
Linux*.

 For Windows* there is an interactive GUI tool that retrieves the device’s
hardware and software details and provides an indication of risk assessment.
This version is recommended for evaluating a local Windows* system.

 The second version, for Linux* and Windows*, is a console executable that
can perform the risk assessment and optionally save the detection information
to the Windows* registry (Windows* only), to an XML file, and/or to a text
file. This version is more convenient for IT administrators who need to perform
bulk detection operations across multiple machines.

2.1 Obtaining the Intel CSME Legacy Detection Tool


The Intel CSME Legacy Detection Tool download package is available at
https://downloadcenter.intel.com/download/29057/.

2.2 System Requirements


Windows*:

 Microsoft* Windows* 7, 8, 8.1, 10 (including 10 S), or 2012 R2 for servers


(x64) (Windows*10 IOT Core is not supported)

 .Net version 4.5 or later

 Intel® Management Engine Interface (Intel® MEI) driver

 Administration privileges

Linux*:

 Ubuntu* LTS 16.04 (for client), Redhat 7.2 (for Server)

 Python* 2.6.6

 Local operating system administrative access

6 User Guide
Using the Intel CSME Legacy
Detection Tool

2.3 Installing the Tool – Linux*


Unzip the package into a directory.

Ensure that Execute permission is set on the intel_csme_detection_tool_legacy


file.

2.4 Running the Linux* Console Tool


From the installation directory, if Python 2.x is installed, execute the command:
sudo ./intel_csme_detection_tool_legacy

Note: If Python 3.x (and not Python 2.x) is installed, execute the command:
sudo python3 intel_csme_detection_tool_legacy

Note: The Linux* tool accepts no command line options.

2.5 Installing the Tool – Windows*


Unzip the downloaded package into a directory.

The console tool can be found in the DiscoveryTool subdirectory. The GUI tool can be

found in the DiscoveryTool.GUI directory.

User Guide 7
Using the Intel CSME Legacy
Detection Tool

2.6 Running the GUI Tool


CSME-Detection-Tool-Legacy-GUI.exe is designed to run on a single system. The tool
outputs the detection information to the screen.

Following is an example of the program’s output when run on a vulnerable system:

Figure 1: Program Screen Output Example for Vulnerable System

8 User Guide
Using the Intel CSME Legacy
Detection Tool

Note: On SPS platforms the recovery version is displayed in the ME Information


section.

Following is an example of the program’s output when run on a system that is not
vulnerable:

Figure 2: Output Example for System that is Not Vulnerable

2.7 Running the Windows* Console Tool


Execute CSME-Detection-Tool-Legacy-console.exe from a command prompt.

Syntax: CSME-Detection-Tool-Legacy-console.exe [[option...]]

The following table shows the program’s available options:

Command Line Option Functionality


-n, --noregistry Prevents writing results to the registry
Prevents results from being displayed on the
-c, --noconsole
console
Path to the directory in which to store the
-p <filepath>, output file. If no path is specified, the file
--filepath <filepath> will be written to the directory from which the
tool is run.
Displays these command line switches and
-h, --help, -?
their functions

User Guide 9
Using the Intel CSME Legacy
Detection Tool

Figure 3: Windows* Console Tool Options

Following is an example of the CSME-Detection-Tool-Legacy-console output:

Figure 4: Intel-Legacy Console Output Example


The following table describes the logic that is used to determine a risk assessment:

Message Meaning

The detected version of the Management Engine firmware is


Vulnerable
considered vulnerable for INTEL-SA-00086.

The system meets the “Not Vulnerable” criteria described in


Not
Identifying impacted systems using the INTEL-SA-00086 Detection
Vulnerable
Tool

May Be Tool could not communicate with the Intel® MEI/TXEI Driver. Platform
Vulnerable vulnerability cannot be ascertained.

 The tool did not receive a valid response when requesting hardware
inventory data from your computer. Contact the system manufacturer
for assistance in determining the vulnerability of this system.

Unknown  This message may be received on a server platform without a PMX Driver
installed. This driver may be not available on all versions of Windows*
OS. If the driver is not present, the recommended workaround is to
run spsInfo or spsManuf application provided with SPS Firmware
release. Both applications will install the PMX Driver.

Firmware versions of Intel® ME 3.x thru 5.x, Intel® TXE 1.x thru 2.x and Intel®
Not Server Platform Services 1.x thru 2.x are no longer supported, thus were not
Supported assessed for the vulnerabilities/CVEs listed in these security advisories There is
no new release planned for these versions.

This tool is applicable for Intel(R) Management Engine versions 6.x-10.x only.
Not
Please use the detection tool located at
applicable
https://downloadcenter.intel.com/download/28632 for this platform.

Figure 5: Risk Assessment Logic

10 User Guide
Results

3 Results
The amount of data returned by the Intel-Legacy Detection command depends on
whether the Intel manageability driver stack is loaded onto the system. If the
Intel® Management Engine Interface (Intel® MEI) driver is present, a more verbose set
of data is displayed. Some of the fields may not be supported by the manufacturer.

3.1 Registry Location


The values from the results table can be found in the following registry key:

HKLM\SOFTWARE\Intel\CSME Detection Tool Legacy.

Under this location, System Status/System Risk contains the vulnerability status
and System Status/System Risk Value contains the application’s return code.

3.2 XML
If you choose to write results to an XML file, that file will be stored in the directory
from which you executed Intel-legacy-console.exe or in the path specified by the
command line options. The results include information such as hardware inventory
and OS. The filename will have the format
CSME-Detection-Tool-Legacy -<ComputerName>-<date>-<Time>.xml.

3.3 Console Return Codes


Number Status Meaning

0 NOTVULNERABLE | STATUS_OK Platform is not vulnerable

Intel® ME driver is not installed


10 HECI_NOT_INSTALLED on the platform. Unable to
determine platform vulnerability.

Error communicating with the


11 HECI_ERROR Intel® ME driver. Unable to
determine platform vulnerability.

100 DISCOVERY_VULNERABLE Platform is vulnerable.

Platform is not vulnerable, it


101 DISCOVERY_NOT_VULNERABLE_PATCHED
has been patched

102 NOT_SUPPORTED Platform is no longer supported

103 NOT_APPLICABLE Wrong tool for this platform

Unable to determine platform


200 DISCOVERY_UNKNOWN
vulnerability

User Guide 11
Results

Figure 6: Console Return Codes

3.4 Console Output Values


Value Location Description

Application
Version of the scanning tool used
Version

Scan Date Date and time of the scan

Computer
Name of the computer scanned
Name

Computer Hardware inventory Computer’s manufacturer


Manufacturer

Computer Computer’s model


Model

Processor Computer’s processor model

Engine ME, CSME, TXE or SPS

A string value with the full Intel®


Intel® ME Firmware information ME firmware version number in
ME Version
the following format:
Major.Minor.Hotfix.Build

Firmware Security Version


SVN
Number

*** Risk
Refer to Figure 5: Risk
Assessment Risk Assessment
Assessment Logic
***

Figure 7: Console Output Values

12 User Guide
Using the Intel SA-00125 Detection Tool to Identify Impacted Systems

4 Using the Intel SA-00125


Detection Tool to Identify
Impacted Systems
Impacted systems are defined as those that have an affected Intel® Management
Engine (ME) firmware version. The affected versions are listed in the following table:

Vulnerable Not Vulnerable

ME Version 10.x.x.x < 10.0.56.3002* ME Version 10.x.x.x >=


ME Version 9.5.x.x < 9.5.61.3012* 10.0.56.3002*

ME Version 9.0.x.x < 9.1.42.3002* ME Version 9.5.x.x >=


9.5.61.3012*
ME Version 8.x.x.x < 8.1.72.3002*
ME Version 9.0.x.x >=
ME versions 6 & 7* 9.1.42.3002*
ME Version
ME Version 8.x.x.x >=
*ME 6-10 only Corporate SKUs are 8.1.72.3002* (E.g., 10.0.58.0 is
vulnerable (E.g., 10.0.54.0 is not vulnerable)
vulnerable)

Figure 8: Criteria for Determining Whether a System is Vulnerable

User Guide 13
Troubleshooting Signature Validation Issues

5 Troubleshooting Signature
Validation Issues
The Detection tool, as a tool that runs with administrative privileges, makes every
effort to validate its own authenticity before running.

In the event that the tool cannot validate itself,


you should ensure that the latest Root Certificate update for
Windows* has been installed. For more information please refer to
https://support.microsoft.com/en-us/help/931125/how-to-get-a-root-
certificateupdate-for-windows

14 User Guide

You might also like