4/25/25, 7:51 PM Intel (Conv.Sec.

el (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

HOSTED BY LEVEL1TECHS

Intel (Conv.Sec.) Trusted Execution Engine: Drivers,

Firmware and Tools

plutomaniac 1 November 24, 2014, 6:58pm

Intel (Converged Security) Trusted Execution Engine:

Drivers, Firmware and Tools

Last Updated: 2022-05-24

Intel Trusted Execution Engine Introduction:

Built into many Intel Chipset-based platforms is a small, low power computer subsystem called the Intel
Trusted Execution Engine (Intel TXE). This can perform various tasks while the system is booting, running
or sleeping. It operates independently from the main CPU, BIOS & OS but can interact with them if
needed. The TXE is responsible for many parts of an Intel-based system. Such functionality extends, but
it's not limited, to Platform Clocks Control (ICC), Thermal Monitoring, Fan Control, Power
Management, Overclocking, Silicon Workaround (resolves silicon bugs which would have otherwise
required a new cpu stepping), Identity Protection Technology, Boot Guard, Rapid Start Technology,
Sensor Hub Controller (ISHC), Wireless Display, PlayReady, Protected Video/Audio Path etc. Thus it is
essential for it to be operational in order for the platform to be working properly.

Intel Converged Security Engine Introduction:

The evolution of Intel Trusted Execution Engine into a unified security co-processor, running x86 code
under a Minix-based Operating System. It was first introduced in 2015 with the release of Skylake
CPUs working alongside 100-series Sunrise Point Platform Controller Hub (PCH). The CSE hardware
can run Management Engine (ME) 11+, Trusted Execution Engine (TXE) 3+ or Server Platform Services
(SPS) 4+ firmware. So there are a total of three families of CSE-based firmware: CSME (CSE ME),
CSTXE (CSE TXE) and CSSPS (CSE SPS). The CSE hardware is also capable of running other types
of firmware such as Power Management Controller (PMC), Integrated Sensor Hub (ISH), Imaging Unit
(iUnit), Clear Audio Voice Speech (cAVS), Wireless Microcode (WCOD) etc.

Intel Power Management Controller Introduction:

Handles all Platform Controller Hub (PCH) power management related activities, running ARC code on
top of the CSE hardware. PMC administers power management functions of the PCH including
interfacing with other logic and controllers on the platform to perform power state transitions, configure,
manage and respond to wake events, aggregate and report latency tolerance information for devices and
peripherals connected to and integrated into the PCH etc. It was first introduced in 2018 with the release
of Coffee/Cannon Lake CPUs working alongside 300-series Cannon Point PCH.

Disclaimer:

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 1/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

All the software and firmware below comes only from official updates which were provided and
made public by various manufacturers! The System Tools are gathered and provided with the sole
purpose of helping people who are out of other viable solutions. Thus, they can be extremely helpful to
those who have major problems with their systems for which their manufacturer refuses to assist due to
indifference and/or system age.

Getting Started:

Intel (CS)TXE is a Hardware platform which runs Firmware, is monitored/configured by Tools and
interfaces with the user via Drivers. To get started, you need at the very least to know what
(CS)TXE firmware major and minor version your system is running. Such info can be retrieved in
various ways but you can use the free system information and diagnostics tool HWiNFO >
Motherboard > Intel ME/TXE > Intel ME/TXE Version. The format is Major.Minor, Build,
Hotfix. Once you determine the system's (CS)TXE firmware major and minor version, you can install the
latest Drivers from section A and update the (CS)TXE Firmware by following sequentially the relevant
steps at Section B using the required Tools from Section C.

A. Intel TXEI Drivers

The latest v4 DCH drivers are usable with CSTXE 3-4 systems running under Windows 10 >= 1709.
The latest v4 MSI drivers are usable with CSTXE 3-4 systems running under Windows 8, 10 <= 1703.
The latest v3 drivers are usable with CSTXE 3 systems running under Windows 7. The latest v2 drivers
are usable with TXE 2 systems running under Windows 7, 8, 10 or TXE 1 systems running under
Windows 10. The latest v1 drivers are usable with TXE 1 systems running under Windows 7, 8. In
order to check your current installed version, use Intel TXEInfo tool as instructed below.

Note: To extract the files below you need to use programs which support RAR5 compression!

A1. Intel TXEI Drivers and Software

These packages contain the Intel TXEI drivers with their respective software & system services. It is
advised to install these to enable all the Engine-related functionality. Since the Intel TXEI Drivers and
Software are OS version dependent, search and run "winver.exe" to determine your own.

TXEI Drivers and Software v2028.4.0.1091 DCH (Windows 10 >= 1709)

TXEI Drivers and Software v2028.4.0.1091 MSI (Windows 8, 10 <= 1703)
TXEI Drivers and Software v3.1.50.8289 (Windows 7)
TXEI Drivers and Software v2.0.0.1094 (Windows 7, 8, 10)
TXEI Drivers and Software v1.1.0.1064 (Windows 7, 8)

Note: TXEI Drivers and Software v2028.4.0.1091 DCH package includes v1924.4.0.1062 TXEI
driver. TXEI Drivers and Software v2028.4.0.1091 MSI package includes v1924.4.0.1062 TXEI
driver. TXEI Drivers and Software v3.1.50.8289 package includes v3.0.0.1115 TXEI driver. TXEI
Drivers and Software v2.0.0.1094 package includes v2.0.0.1094 TXEI driver. TXEI Drivers and
Software v1.1.0.1064 package includes v1.1.0.1064 TXEI driver.
https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 2/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

A2. Intel TXEI Driver Only

These packages contain only the Intel TXEI Drivers without any additional software or system services.
Installing these allows only very basic Engine-related functionality. Since the Intel TXEI Driver is OS
version dependent, search and run "winver.exe" to determine your own.

TXEI Driver v1924.4.0.1062 (Windows 8, 10)

TXEI Driver v3.0.0.1115 (Windows 7)
TXEI Driver v2.0.0.1094 (Windows 7, 8, 10)
TXEI Driver v1.1.0.1064 (Windows 7, 8)

B. Intel (CS)TXE Firmware

SPI/BIOS Regions (FD/Engine/BIOS):

The SPI/BIOS chip firmware is divided into regions which control different aspects of an Intel-based
system. The mandatory regions are the Flash Descriptor (FD), the (Converged Security) Trusted
Execution Engine (CSTXE/TXE or Engine) and the BIOS. The FD controls read/write access
between the SPI/BIOS chip regions and holds certain system hardware settings. The (CS)TXE holds the
system's Engine firmware. For security reasons, the FD and Engine regions of the SPI/BIOS chip are
usually locked so that no read/write access is allowed via software means. Since the FD controls that
read/write access, it must be locked/protected so that it is not manually overwritten to allow unauthorized
access to the firmware regions of the system's SPI/BIOS chip. The Engine region at the system's
SPI/BIOS chip is also locked/protected due to the nature of the CSE/TXE co-processor, as explained at
the Introductions above.

Engine Firmware Attributes (Family/Platform/SKU/Version):

Intel (CS)TXE or Engine firmware is mainly categorized based on its target Chipset Family (i.e. Bay
Trail, Apollo Lake, Gemini Lake etc), Type/SKU (i.e. 1.25MB MD, 1.375MB IT etc) and Version (i.e.
4.0.0.1245 = Major.Minor.Hotfix.Build). Be careful of what firmware your download relevant to your
system. To understand your exact Chipset Family, (CS)TXE Type/SKU and (CS)TXE Version, you can
usually run TXEInfo or TXEManuf tools with "-verbose" parameter. Otherwise, ME Analyzer can
show you all the relevant information, after loading your SPI/BIOS image (Flash Descriptor + Engine +
BIOS), when the latter is available. If a SPI/BIOS image is not available, run FWUpdate tool (when
available) with parameter "-save fw.bin" and load the resulting "fw.bin" image into ME Analyzer instead.
All the firmware below correspond to a specific Family which runs a specific (CS)TXE firmware
version (example: For systems running CSTXE v4).

Engine Firmware Regions (RGN/EXTR):

The Type of each Engine/(CS)TXE firmware Region can be either Stock (RGN) or Extracted
(EXTR). Stock are clean/stock/unconfigured images provided by Intel to OEMs. Extracted are
dirty/extracted/configured images from various SPI/BIOS. The Engine firmware at the system's
https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 3/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

SPI/BIOS chip is always EXTR, generated by the OEM after configuring the equivalent RGN with the
appropriate system settings.

Engine Firmware Configuration (CODE/DATA):

The Engine Firmware Regions (RGN/EXTR) consist of two sections: CODE and DATA. CODE is the
actual Engine firmware whereas DATA is where all the system-specific settings are stored, as configured
by the OEM at the factory via Intel Flash Image Tool. The Engine firmware is not static as it holds
system-specific configuration and can additionally be configured by the Engine co-processor itself while
the system is running in order to provide the proper support and functionality. Any such changes are
written into the DATA section of the Engine Region and the firmware is considered Initialized. That means
that the DATA section can be in one of three states: Unconfigured, Configured or Initialized.
Unconfigured means that the Engine firmware image is the stock one Intel provides and not configured by
the OEM at all (RGN). Configured means that the OEM has applied model specific settings and the
Engine region is ready for deployment (EXTR). Initialized means that the Engine region comes from a
system which was already running and thus the Engine co-processor has further configured the DATA
section to suit that particular system better (system specific or dirty EXTR).

Engine Security Version Number (SVN):

All (CS)TXE firmware are defined by a Security Version Number (SVN) like 1,2,3 etc which is used to
control the possible upgrade/downgrade paths provided by Intel's FWUpdate tool. The SVN gets
incremented if there is a high or critical security fix that requires a Trusted Computing Base (TCB)
recovery operation, a significant event in the life cycle of the firmware which requires renewal of the
security signing keys in use. A downgrade to a lower SVN value via FWUpdate tool is prohibited
whereas an upgrade to the same or higher SVN is allowed. For example if your current firmware
has a SVN of 2, you can update to another firmware with SVN >= 2 (for example 3) but you cannot
downgrade to another firmware with SVN < 2 (for example 1). Trying to flash a firmware with lower
SVN will result in the error "The image provided is not supported by the platform" or similar. To view the
SVN value of any (CS)TXE firmware, you can use ME Analyzer tool.

Engine Version Control Number (VCN):

All (CS)TXE firmware are defined by a Version Control Number (VCN) like 1,2,45,193 etc which is
used to control the possible upgrade/downgrade paths provided by Intel's FWUpdate tool. The VCN
gets incremented if there is a security fix, a significant firmware change or a new feature addition. A
downgrade to a lower VCN value via FWUpdate tool is prohibited whereas an upgrade to the
same or higher VCN is allowed. For example if your current firmware has a VCN of 176, you can
update to another firmware with VCN >= 176 (for example 193) but you cannot downgrade to another
firmware with VCN < 176 (for example 174). Trying to flash a firmware with lower VCN will result in
the error "The image provided is not supported by the platform" or similar. To view the VCN value of any
(CS)TXE firmware, you can use ME Analyzer tool.

Engine Production Ready Status (PV):

All (CS)TXE firmware are defined by a Production Version/Ready Status (PV) which can be either Yes

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 4/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

or No and is used to control the possible upgrade/downgrade paths provided by Intel's FWUpdate tool.
The PV status is set to Yes when a firmware is validated/ready for use at Production platforms, thus when
its status is Stable and not Beta, Alpha etc. An upgrade/downgrade from PV to non-PV firmware via
FWUpdate tool is prohibited whereas upgrades/downgrades to the same PV or from non-PV to
PV are allowed. For example if your current firmware has PV set to Yes, you can upgrade/downgrade
to another firmware with PV set to Yes but you cannot upgrade/downgrade to another firmware with PV
set to No. Trying to flash a firmware with incompatible PV will result in the error "The image provided is
not supported by the platform" or similar. To view the PV status of any (CS)TXE firmware, you can use
ME Analyzer tool.

(CS)TXE Firmware SKUs:

TXE Firmware v1.0 is divided into two SKUs: Thin 1.25MB and Full 3MB. TXE Firmware v1.1 and
v1.2 have combined the two previous SKUs into a single 1.375MB SKU. TXE Firmware v2.0 has a
single 1.375MB SKU. CSTXE 3 has two SKUs based on Apollo Lake (APL) or Broxton (BXT)
platform. CSTXE 4 has only one SKU for Gemini Lake (GLK) platform. To determine your SKU, ME
Analyzer (by loading your SPI/BIOS image) or TXEInfo can help you sort most system specific details.

Engine Firmware Updating: There are two ways to upgrade or downgrade the Engine firmware, either
via Intel FWUpdate tool or manually.

The Intel FWUpdate tool is an official command line utility provided by Intel which uses the Engine
co-processor itself to upgrade/downgrade the TXE firmware quickly and easily. FWUpdate tool
requires that the Engine co-processor is operational and that its current Engine firmware
region is healthy at the system's SPI/BIOS chip. To check if the Engine itself as well as its current
firmware are healthy, you can use Intel TXEInfo and TXEManuf tools, as instructed below.
FWUpdate tool also requires that the SVN, VCN and PV are not violated. FWUpdate tool
does not require the user to have read/write access to the Engine firmware region of the
system's SPI/BIOS chip, as dictated by the Flash Descriptor region permissions. Moreover,
FWUpdate tool deals only with Engine CODE and does not require any prior Configuration
(DATA). It can thus work with either RGN or EXTR Engine Regions. The basic usage is FWUpdLcl
-f update_file_name.bin. You can see the entire supported parameters by displaying the utility's help
screen via FWUpdLcl -?. Note that the name of the file to be flashed via FWUpdate does not matter.

In the event in which the usage of Intel FWUpdate tool is not possible, you can try to
upgrade/downgrade the (CS)TXE firmware manually. Such cases include updating Converged
Security Trusted Execution Engine (CSTXE) firmware, downgrading to Engine firmware which violate
SVN, VCN or PV, repairing a corruption/problem etc. To upgrade/downgrade/repair manually, you
need first & foremost to have read/write access to the Engine firmware region of the system's
SPI/BIOS chip. To check if your FD is locked or to attempt to unlock it, follow the [Guide] Unlock
Intel Flash Descriptor Read/Write Access Permissions for SPI Servicing. Once you have
read/write access to the Engine firmware region of your system's SPI/BIOS chip, you can use any
general purpose firmware flasher software such as Intel Flash Programming Tool, AMI AFU,
Flashrom etc, which directly reads/writes the system's SPI/BIOS chip firmware. Before flashing, you

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 5/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

must make sure that the Engine firmware region to be flashed back is Configured (EXTR) for your
specific system via Intel Flash Image Tool (FIT). In order to do that, follow the [Guide] Clean
Dumped Intel Engine (CS)ME/(CS)TXE Regions with Data Initialization. Never flash RGN
or 3rd-party EXTR firmware to the Engine firmware region of the system's SPI/BIOS chip
without first configuring them for your specific system (EXTR) via FIT. Since general purpose
firmware software do not upgrade/downgrade/repair the Engine firmware region of the system's
SPI/BIOS chip via the Engine co-processor itself, they are usually not restricted by the SVN, VCN
and PV security measures. As long as you have read/write access to the Engine firmware region of the
system's SPI/BIOS chip and a DATA Configured (EXTR) Engine firmware image, they should
accomplish the desired action. Note however that some platforms have the current TCB SVN and/or
ARB SVN value permanently set/fused/burned in the Chipset so you cannot downgrade their
firmware with another which has lower TCB SVN and/or ARB SVN.

TXE 1 - 2 Updating:

Intel TXE v1 - v2 firmware can be updated easily & safely by using FWUpdate tool. Intel TXE v1.0
firmware (3MB & 1.25MB) can be upgraded to v1.1 or v1.2 firmware (1.375MB). However, the
upgrade process can not be done via FWUpdate tool. Read more at "Engine Firmware Updating"
above.

CSTXE 3 - 4 Updating:

Intel CSTXE v3 - v4 firmware do not have a FWUpdate tool. The CSTXE firmware updating is
normally left to OEMs only, via two possible methods: Download & Execute (DnX, rarely used) or
Capsule Update (normal SPI/BIOS image re-flash, most common). End-users who are looking to update
their CSTXE firmware must follow the [Guide] Clean Dumped Intel Engine (CS)ME/(CS)TXE
Regions with Data Initialization, provided that they first have a full SPI/BIOS image from their OEM
or a system firmware dump. To be able to flash the updated SPI/BIOS image back (Capsule Update
method), you need to have read/read access to the system's SPI/BIOS chip firmware. Read more at
"Engine Firmware Updating" above.

B1. (Converged Security) Trusted Execution Engine - (CS)TXE

CSTXE 4
For CSTXE v4
CSTXE 3.1
For CSTXE v3.0 - v3.1
CSTXE 3.2
For CSTXE v3.2
TXE 2.1 1.375MB
For TXE 1.375MB v2.1
TXE 2.0 1.375MB
For TXE 1.375MB v2.0
TXE 1.2 1.375MB M/D
For TXE 1.375MB M/D v1.2
https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 6/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

TXE 1.1 1.375MB M/D

For TXE 1.375 M/D v1.1
TXE 1.1 1.375MB I/T
For TXE 1.375 I/T v1.1
TXE 1.0 1.25MB M/D
For TXE 1.25MB M/D v1.0
TXE 1.0 1.25MB I/T
For TXE 1.25MB I/T v1.0
TXE 1.0 3MB M/D
For TXE 3MB M/D v1.0
TXE 1.0 3MB I/T
For TXE 3MB I/T v1.0

C. Intel (CS)TXE System Tools

The Intel (CS)TXE System Tools are used for creating, modifying, and writing binary image files,
manufacturing testing, Intel (CS)TXE setting information gathering and Intel (CS)TXE firmware
configuration and updating. These tools are not released to end-users but only to OEMs. The software
below comes only from official updates which were provided and made public by various OEMs.

Flash Image Tool: Creates and configures a complete SPI image file which includes regions such as
Flash Descriptor (FD), BIOS/UEFI, Intel (CS)TXE etc. The user can manipulate the completed SPI
image via a GUI and change the various chipset parameters to match the target hardware.

Flash Programming Tool: Used to program a complete SPI image into the SPI flash device(s). FPT
can program each region individually or it can program all of the regions with a single command. The user
can also use FPT to perform various functions such as view the contents of the flash on the screen, write
the contents of the flash to a log file, perform a binary file to flash comparison, write to a specific address
block, program fixed offset variables etc.

Manifest Extension Utility: Used to generate a 3rd party Independent Update Partitions (IUP) which
are compressed and signed by an external signing tool, such as OpenSSL. The signed contents may then
be stitched into a SPI/BIOS image using the Intel Flash Image Tool (FIT).

Notice: Avoid using the Windows builds of very old (CS)TXE System Tools which either retrieve info
(TXEInfo, TXEManuf, Flash Programming Tool) or modify the platform (FWUpdate, Flash
Programming Tool) as they may not work properly on newer operating system versions. When available,
it is advised to use either the DOS or EFI builds of said very old tools.

Notice: Avoid running the System Tools from paths which include non-English characters (i.e. Cyrillic,
Chinese, Arabic, Greek) as it may cause them to crash or behave unpredictably.

C1. Identifying, Updating and Diagnosing Intel (CS)TXE Firmware

Those who are looking to update/downgrade their firmware should use TXEInfo, FWUpdate and
TXEManuf tools for status information, updating and functionality checking accordingly. The information

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 7/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

and instructions below apply to these three tools only and can be found inside the full Intel TXE System
Tools Packages.

TXEInfo: Shows (CS)TXE and IUP info and checks that the Engine co-processor is operating properly
on the software/firmware level. Make sure it doesn't report any errors. You can use "-verbose" parameter
to get status info in more detail. The "GBE Region does not exist" warning is normal for systems that don't
have an Intel GbE Controller, you can safely ignore it.

TXEManuf: Diagnostic tool which runs various manufacturing-line tests to ensure that the Engine co-
processor is operating properly on the hardware level. It should report a "TXEManuf Operation Passed"
or similar success message. You can use "-verbose" parameter to get diagnostic info in more detail.

FWUpdate: Used to effortlessly upgrade or downgrade the TXE 1 & 2 Engine firmware. Read more
about FWUpdate tool at Section B.

C2. (CS)TXE System Tools

Note: To extract the files below you need to use programs which support RAR5 compression!

CSTXE System Tools v4

For CSTXE v4
CSTXE System Tools v3
For CSTXE v3
TXE System Tools v2
For TXE v2
TXE System Tools v1
For TXE v1
1 Like

[Guide] Clean Dumped Intel Engine (CS)ME/(CS)TXE Regions with Data Initialization

Request to unlock hidden options for tablet BIOS, this is a new model

[Problem] Unable to program modified AMI V5 bios

ME System Tools v4 PMXUTIL error

[REQUEST] Dell Inspiron 3647 mod NVME support

AMI BIOS MODDING problem Chinese no name motherboord

Request for Modded Intel ME Firmware for Lenovo M900 with AMT Support

Dell Wyse 5070 - BIOS update not working - need help!

Question about the role of BIOS, ME, EC in a computer

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 8/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 2 December 13, 2014, 1:57am

Updates since 24/11/2014:

NEW! TXE v1.1 (1.375MB) Firmware from v1.1.0.1115 (VCN ~8) → v1.1.2.1120 (VCN 11)
NEW! TXEI Drivers & Software from v1.1.0.1113 → v1.1.2.1120 complete installer package

Updated TXEI Drivers v1.1.0.1064 (same driver from 01/2014, new security catalog from
09/2014)
Added at TXE System Tools v1.1: Intel TXE FW v1.1.2.1120 HF Release Communication
documentation
Updated at TXE System Tools v1.1: Bay Trail TXE Firmware Release Notes v1.1.0.1089 →
v1.1.2.1120 documentation
Updated at TXE System Tools v1.1: Bay Trail TXE FW Bring Up Guide v1.7 (02/2014) → v1.7
(09/2014) documentation
Updated at TXE System Tools v1.1: System Tools User Guide v1.3 (10/2013) → v1.4 (04/2014)
documentation
Updated at TXE System Tools v1.1: Flash Image Tool from v1.1.0.1089 → v1.1.1.1120
Updated at TXE System Tools v1.1: Flash Manifest Generation Tool from v1.1.0.1089 →
v1.1.2.1120
Updated at TXE System Tools v1.1: Flash Programming Tool(Android) from v1.1.0.1089 →
v1.1.1.1120
Updated at TXE System Tools v1.1: Flash Programming Tool(EFI) from v1.1.0.1089 →
v1.1.1.1120
Updated at TXE System Tools v1.1: Flash Programming Tool(EFI32) from v1.1.0.1089 →
v1.1.1.1120
Updated at TXE System Tools v1.1: Flash Programming Tool(Windows) from v1.1.0.1089 →
v1.1.1.1120
Updated at TXE System Tools v1.1: Flash Programming Tool(Windows64) from v1.1.0.1089 →
v1.1.1.1120
Updated at TXE System Tools v1.1: FWUpdate(Android) from v1.1.0.1089 → v1.1.1.1120
Updated at TXE System Tools v1.1: FWUpdate(LocalEfi32) from v1.1.0.1089 → v1.1.1.1120
Updated at TXE System Tools v1.1: FWUpdate(LocalEfi64) from v1.1.0.1089 → v1.1.1.1120
Updated at TXE System Tools v1.1: FWUpdate(LocalWin32) from v1.1.0.1089 → v1.1.1.1120
Updated at TXE System Tools v1.1: FWUpdate(LocalWin64) from v1.1.0.1089 → v1.1.1.1120
Updated at TXE System Tools v1.1: TXEInfo(Android) from v1.1.0.1089 → v1.1.1.1120
Updated at TXE System Tools v1.1: TXEInfo(EFI) from v1.1.0.1113 → v1.1.1.1120
Updated at TXE System Tools v1.1: TXEInfo(EFI32) from v1.1.0.1089 → v1.1.1.1120
Updated at TXE System Tools v1.1: TXEInfo(Windows) from v1.1.0.1089 → v1.1.1.1120
Updated at TXE System Tools v1.1: TXEInfo(Windows64) from v1.1.0.1089 → v1.1.1.1120
Updated at TXE System Tools v1.1: TXEManuf(Android) from v1.1.0.1089 → v1.1.1.1120
Updated at TXE System Tools v1.1: TXEManuf(EFI) from v1.1.0.1089 → v1.1.1.1120
Updated at TXE System Tools v1.1: TXEManuf(EFI32) from v1.1.0.1113 → v1.1.1.1120
Updated at TXE System Tools v1.1: TXEManuf(Windows) from v1.1.0.1089 → v1.1.1.1120
* Updated at TXE System Tools v1.1: TXEManuf(Windows64) from v1.1.0.1089 → v1.1.1.1120
https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 9/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Note: I know the latest v1.0 firmware is v1.0.5.1120. If you can find it by aqcuiring a full package,
extracting it from a BIOS, using FWUpdate -save etc please share it here.

Pacman 3 January 19, 2015, 10:04pm

Hello

TXE 3MB firmware 1.0.5.1120 i have not tested as i don’t have the suitable HW.

Intel TXE Firmware v1.0.5.1120 (3MB).zip (650 KB)

plutomaniac 4 January 19, 2015, 10:45pm

Pacman, thank you very much for being the first to contribute in TXE and for keeping an eye out for such
firmware & drivers. It seems that it was extracted from a BIOS. Can you tell me which one? Such info
can be useful in order to check if they have also uploaded the equivalent full package or if I can find the
VCN number.

I cannot test these as well because I don’t have the hardware. If anyone has used the firmware, tools &
drivers successfully please let us know here.

Pacman 5 January 19, 2015, 11:07pm

Yes, it was extracted from this Intel NUC BIOS:

https://downloadcenter.intel.com/Detail_…g&DwnldID=24512

plutomaniac 6 January 20, 2015, 1:33pm

NEW! Intel TXE1.0 Firmware 1.25MB from v1.0.4.1089 (VCN ~8) → v1.0.5.1120 (VCN ~8)
NEW! Intel TXE1.0 Firmware 3MB from v1.0.4.1090 (VCN ~8) → v1.0.5.1120 (VCN ~8)

plutomaniac 7 January 23, 2015, 7:37pm

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 10/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Update:

So, I figured out how to determine the VCN when a TXE firmware is extracted from UEFI images:

TXE 1.25MB: 13034h

TXE 3MB: 43034h
TXE 1.375MB: 67034h

The SVN number is most probably 4 bytes to the left meaning:

TXE 1.25MB: 13030h

TXE 3MB: 43030h
TXE 1.375MB: 67030h

Re-Upload! Intel TXE1.0 Firmware 1.25MB v1.0.5.1120 (VCN 11)

Re-Upload! Intel TXE1.0 Firmware 3MB v1.0.5.1120 (VCN 11)

Old_TXE_Firmware.rar (2.29 MB)

lordkag 8 January 23, 2015, 10:55pm

I have found recently an Intel TXE Firmware 1.0.6.1120 in a HP BIOS, didn’t noted which one. Most
likely a 3MB one.

Also attached other older versions I have. Ignore the names for now, I will see if I can add a TXE
detection to my Extractor. With Igor’s script and your help, it shouldn’t be that hard. It seems you
already gone further than Igor:

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 11/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Intel TXE Firmware 1.0.6.1120.rar (607 KB)

Old_TXE.rar (3.55 MB)

plutomaniac 9 January 24, 2015, 1:45am

NEW! Intel TXE1.0 Firmware 3MB from v1.0.5.1120 (VCN 11) → v1.0.6.1120 (VCN 11)

Lordkag, thank you for the newer FW. It’s funny, I found that version some hours before your post at HP
as well. But I couldn’t extract the damn BIOS image at all. Have you written your own scripts to extract
those after identifying the compression?

Anyway, this a 3MB SKU. Here are all the different HP packages with that version - maybe some other
has the 1.25MB variant. Can you please extract those as well?

http://h20564.www2.hp.com/hpsc/swd/publi…b-142261-1#tab2
http://h20564.www2.hp.com/hpsc/swd/publi…b-142260-1#tab2
http://h20564.www2.hp.com/hpsc/swd/public/detail?swItemId=ob_141216_1&#tab2 →
(Extracted, 3MB)

Now, to fix your extractor properly here are some usefull info:
https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 12/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

04 00 00 00 67 5C FF 0D 03 43 00 00 → $SKU for 1.25MB (v1.0) & 1.375MB (v1.1)

04 00 00 00 67 5C FF 0D 05 43 00 00 → $SKU for 3MB (v1.0)

That is: 135E0h for 1.25MB, 438E0h for 3MB & 67760h for 1.375MB SKUs respectively.

Once the $SKU is determined the size to extract is as follows (based on Intel bin size, anything larger is
useless FF padding):

1.25MB (v1.0) → 140000h

3MB (v1.0) → 300000h
1.375MB (v1.1) → 160000h

Also, I have uploaded a new “collection” of TXE firmware. I have added some of my own older
firmware, corrected the names & sizes by adding or removing padding and correctly determined each
firmware’s SKU:

EDIT: File updated with v1.0.0.1058_3MB & 1.0.4.1090_3MB firmware images.

All_TXE_Firmware.rar (4.84 MB)

lordkag 10 January 24, 2015, 8:57pm

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 13/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

They are not compressed, but encrypted. One of the "features" HP is offering to customers is full lock-
down on their paid products. What I do is extract that .exe until I get to this folder:

Then I run InsydeFlash, which (after analysing the system) offers these options:

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 14/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

where you choose the folder to unpack the unencrypted content. If for some reason the flasher disables
the options (happens on newer versions), I use the attached older flasher and drop the file with .fd
extension. Anyway, all of the above links have a 3M firmware, with sp69922.exe offering a clean
firmware, which you might want to use instead of the one I uploaded.

I added TXE detection, by checking the size of modules (those starting with $MME). If it is 0x60, we
have ME, if it is 0x80 (0x60 + 0x20 reserved), we have TXE. I also added TXE variant detection, by
checking the start of first $MN2 section. If it is 0x13000 = 1.25M, 0x43000 = 3M, 0x67000 =
1.375M. If this fails, I will read the SKU and check the major.minor version: 67 5C FF 0D 03 43 and
1.0.x = 1.25MB, 67 5C FF 0D 03 43 and 1.1.x = 1.375MB, 67 5C FF 0D 05 43 = 3MB.

I don’t know about the size. The extraction happens before, at regions display, by analysing the
descriptor (thanks to CodeRush). Only if the region is smaller than 0x1FFFFF, I use 0x17D000 for
1.5MB. The detection happens later, at ME version display, so I don’t feel like using the detection twice.
Plus, if you look at 1.0.0.1055_1.25M, the last section should start at 0xAC000 and be 0x99000 in size,
reaching 0x145000. Even though only padding is after 0x140000 limit, it still cuts the original structure,
with possible complaints from the flasher. So, for now I leave this on hold.

HP New RSA unpack.rar (2.55 MB)

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 15/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 11 January 25, 2015, 2:25am

Thanks for explaining the encrypted HP binaries and for the files.

The difference between sp70119/sp70118 & sp69922 is whether NFC is enabled or disabled. If you
enable/disable it at both the code will be identical (apart from 1,2 bytes at $FPT header -> useless). It
seems that every time you Build a TXE image at FITC, a version will be added at $FPT header where
it’s usually FF at Production images. I said a version because the weird thing is that sometimes that
version is wrong. For example at v1.0.5 & 1.0.6 images (extracted by FITC) it reports 1.0.4 at the
$FPT header (of course it’s correct at $MN2). I’ve seen this before regarding TXE. Maybe, 1.0.5 &
1.0.6 are based on 1.0.4 and this is kept somewhere for some reason. Or maybe it’s a bug. I will
reupload the "FF at $FPT" version (as I like to call it) here so that it’s "clean". I don’t know what’s the
deal with NFC being enabled & disabled, my guess is that FWUpdLcl won’t care either way.

lordkag:

Plus, if you look at 1.0.0.1055_1.25M, the last section should start at 0xAC000 and be 0x99000 in
size, reaching 0x145000.

I don’t understand, how do you check the size exactly? At $SKU for example it makes sense to me (04
00 00 00 or 4 * 3 = 12 or 0xC). According to Igor, the size of $MN2 is between 18 & 1B. So, at the
last $MN2 of 1.0.0.1055_1.25MB firmware that would be: FE 00 00 00 or 254 * 3 = 762 or 0x2FA.
Where am I wrong?

You mentioned something about 1.0.0.1055_1.25MB and the it’s size (regions getting cut-off even
though it’s just padding). Let me explain: I don’t think 1.0.0.1055 is a credible TXE firmware. If you
notice, all other (newer) 1.25MB firmware start the last $MN2 region at a different offset (0xA5000)
and do not contain extra data after the $MN2 size (as calculated above) in contrast to 1.0.0.1055
(0xAC000). I remember back at November when I first wrote this thread that TXE started differently.
Some old documentation (from the original 1.0.0.1050 package, can’t find it anymore unfortunately)
mentioned only one v1.0 firmware SKU and it wasn’t 1.25MB or 3MB. TXE kept changing at the
beginning so old firmware are not really credible. A perfect example of that is the fact that originally v1.1
firmware was supposed to be 3MB in size but with the first PV release (1.1.0.1089) that was changed to
1.375MB, a mixture between the Thin (1.25MB) and Major/Full (3MB) v1.0 SKUs. So for the exact
same reason, 1.1.0.1073 is not a credible TXE firmware. Here:

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 16/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

I also know that the versions & dates are completely messed up. For example:

1.0.0.1050 (3MB) –> 20/08/2013

1.0.0.1055 (1.25MB) –> 16/07/2013
1.0.0.1058 (3MB) –> 06/08/2013
1.0.2.1060 (3MB) –> 20/08/2013

1.0.5.1120 (3MB) –> 17/08/2014

1.0.6.1120 (3MB) –> 11/08/2014

Adding to the (already too much) confusion, firmwares 1.0.0.1058 & 1.0.2.1060 seemed to coexist at
some point for some reason. Even though the official 1.0.2.1060 has no mention of 1.0.0.1058 and the
1.0.0.1058 package does not mention 1.0.2.1060, at an early 1.0.2.1060 package we can see this:

On the other hand, all v1.1 dates make sense as far as I can see. Finally!

Generally: TXE has changed so much since the beginning (early 2013) and that makes it difficult to
understand it sometimes. Especially with no users reporting on whether the above are even working. I
was also wondering whether a special TXE is required for Bay Trail-T (Tablets) compared to Bay Trail-
M/D (Mobile/Desktop). That’s neither here nor there though so I guess I’ll find out at some point.

Sources (Kits & Documentation) containing 1.0.0.1058, 1.0.2.1060 (early), 1.0.2.1060 (release) &
1.1.0.1073: http://www.mediafire.com/download/sx3qbq…&_1.1.0.1073.7z
https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 17/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Attached new TXE firmware "collection" including v1.1.0.1073.

All_TXE_Firmware.rar (4.73 MB)

TXE_1.1.0.10673_Alpha_OLD_SKU.pdf (111 KB)

lordkag 12 January 26, 2015, 7:11pm

Offset of sections:

I also noticed the date between 1.0.5.1120 and 1.0.6.1120. But your 1.0.0.1050 (3MB) is actually
1.0.2.1060 (3MB)

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 18/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 13 May 7, 2015, 1:43am

Say hello to TXE 2.0 Firmware, Tools & Drivers. These are for Braswell & Cherry Trail SoCs.

Updates:

NEW! Intel TXE 2.0 1.375MB Firmware v2.0.0.2060

NEW! Intel TXE System Tools v2.0 r1

Flash Image Tool: 2.0.0.2056

Flash Manifest Generation Tool: 2.0.0.1056
Flash Programming Tool(EFI): 2.0.0.2056
Flash Programming Tool(EFI32): 2.0.0.2056
Flash Programming Tool(Windows): 2.0.0.2056
Flash Programming Tool(Windows64): 2.0.0.2056
FWUpdate(LocalEfi32): 2.0.0.2056
FWUpdate(LocalEfi64): 2.0.0.2056
FWUpdate(LocalWin32): 2.0.0.2056
FWUpdate(LocalWin64): 2.0.0.2056
TXEInfo(EFI): 2.0.0.2056
TXEInfo(EFI32): 2.0.0.2056
TXEInfo(Windows): 2.0.0.2056
TXEInfo(Windows64): 2.0.0.2056
TXEManuf(EFI): 2.0.0.2056
TXEManuf(EFI32): 2.0.0.2056
TXEManuf(Windows): 2.0.0.2056
TXEManuf(Windows64): 2.0.0.2056

NEW! Intel TXEI Driver v2.0.0.1057 INF for manual installation

NEW! Intel TXEI Drivers & Software v2.0.0.2058 complete package
NEW! Intel TXEInfo Tool for TXE 2.0 Firmware v2.0.0.2056
NEW! Intel TXEManuf Tool for TXE 2.0 Firmware v2.0.0.2056
NEW! Intel FWUpdate Tool for TXE 2.0 Firmware v2.0.0.2056

plutomaniac 14 June 5, 2015, 2:16am

Updates 05/06/2015:

NEW! Intel TXE Firmware v1.1.1.1130 (1.375MB BYT-I)

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 19/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

NEW! Intel TXE Firmware v1.0.5.1120 (3MB BYT-MD)

NEW! Intel TXE Firmware v1.0.2.1067 (1.25MB BYT-I)
Reuploaded: Intel TXE Firmware v2.0.0.2060 (1.375MB) from EXTR → RGN
Reuploaded: Intel TXE Firmware v1.1.2.1120 (1.375MB BYT-MD)
Reuploaded: Intel TXE Firmware v1.0.5.1120 (1.25MB BYT-MD)
Reuploaded: Intel TXE Firmware v1.0.6.1120 (3MB BYT-I)

Note: TXE 1.x firmware is different for Bay Trail Mobile/Desktop (BYT-M/D) and for Bay Trail
Tablet/IVI (BYT-I). All variants are now uploaded but 1.25MB BYT-I is not at the latest version of
1.0.6.1120. When I found it, it will be replaced.

Since there is no way to distinguish the two variants apart (BYT-M/D and BYT-I) via a tool such as ME
Analyzer: When you find a new firmware, try to mention from what SPI image (BIOS) it came as well or
which system. Preferably, attach the whole SPI/BIOS image for me to investigate.

plutomaniac 15 June 8, 2015, 9:30pm

Updates 08/06/2015:

Intel TXE System Tools v1.1 from r1 → r2:

Updated Intel TXE FW Update Customer Communication from v1.1.0.1089 → v1.1.0.1113

Intel TXE System Tools v1.0 from r1 → r2:

Added Intel TXE FW Update Customer Communication v1.1.0.1113 (for page 12)

plutomaniac 16 June 17, 2015, 6:24pm

Updates 17/06/2015:

Thread:

Updated Intel FWUpdate Tool for TXE 2.0 Firmware from v2.0.0.2056 → v2.0.0.2060

Intel TXE System Tools v2.0 from r1 → r2:

Updated FWUpdate(Windows) from v2.0.0.2056 → v2.0.0.2060

* Updated FWUpdate(Windows64) from v2.0.0.2056 → v2.0.0.2060

Source:
https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 20/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

TXE Update tool v6.00.00 , www.asus.com/Motherboards/N3150ME/

plutomaniac 17 June 29, 2015, 1:02am

Update 29/06/2015:

* Updated Intel TXE 1.0 3MB Firmware BYT-I from v1.0.6.1120 → v1.0.7.1133

plutomaniac 18 July 9, 2015, 6:46pm

Update 09/07/2015:

NEW! Intel TXE 1.1 1.375MB Firmware BYT-M/D from v1.1.2.1120 → v1.1.3.1133

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 21/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Source:

Asus J1800I-C-SI BIOS 0802

Pacman 19 July 10, 2015, 7:38pm

Hello

Intel TXE software 2.0.0.2073 with driver version 2.0.0.1067.

https://downloadcenter.intel.com/download/24892/

plutomaniac 20 July 10, 2015, 8:06pm

Thank you Pacman!

Updates 10/07/2015:

Intel TXEI Driver INF from v2.0.0.1057 → v2.0.0.1067

Intel TXEI Drivers & Software from v2.0.0.2058 → v2.0.0.2073

plutomaniac 21 July 15, 2015, 3:22pm

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 22/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Updates 15/07/2015:

Re-Uploaded Intel TXEI Driver INF v2.0.0.1067 r2

Re-Uploaded Intel TXEI Drivers & Software v2.0.0.2073 r2

These are from 26/06 instead of 16/06 and include new compiled drivers of the same version with newer
digital signatures.

plutomaniac 22 July 29, 2015, 2:55pm

Updates 29/07/2015:

Intel TXE Thread:

Updated Intel TXE 1.1 1.375MB Firmware BYT-M/D from v1.1.3.1133 → v1.1.4.1145
Updated Intel TXEI Drivers & Software from v1.1.2.1120 → v1.1.4.1145
Updated Intel TXEInfo Tool for TXE 1.1 Firmware from v1.1.1.1120 → v1.1.4.1145
Updated Intel TXEManuf Tool for TXE 1.1 Firmware from v1.1.1.1120 → v1.1.4.1145
Updated Intel FWUpdate Tool for TXE 1.1 Firmware from v1.1.1.1120 → v1.1.4.1145

Intel TXE System Tools v1.1 from r2 → r3:

Updated Flash Image Tool from v1.1.1.1120 → v1.1.4.1145

Updated Flash Programming Tool(EFI) from v1.1.1.1120 → v1.1.4.1145
Updated Flash Programming Tool(EFI32) from v1.1.1.1120 → v1.1.4.1145
Updated Flash Programming Tool(Windows) from v1.1.1.1120 → v1.1.4.1145
Updated Flash Programming Tool(Windows64) from v1.1.1.1120 → v1.1.4.1145
Updated FWUpdate(LocalEfi32) from v1.1.1.1120 → v1.1.4.1145
Updated FWUpdate(LocalEfi64) from v1.1.1.1120 → v1.1.4.1145
Updated FWUpdate(LocalWin32) from v1.1.1.1120 → v1.1.4.1145
Updated FWUpdate(LocalWin64) from v1.1.1.1120 → v1.1.4.1145
Updated TXEInfo(EFI) from v1.1.1.1120 → v1.1.4.1145
Updated TXEInfo(EFI32) from v1.1.1.1120 → v1.1.4.1145
Updated TXEInfo(Windows) from v1.1.1.1120 → v1.1.4.1145
Updated TXEInfo(Windows64) from v1.1.1.1120 → v1.1.4.1145
Updated TXEManuf(EFI) from v1.1.1.1120 → v1.1.4.1145
Updated TXEManuf(EFI32) from v1.1.1.1120 → v1.1.4.1145
Updated TXEManuf(Windows) from v1.1.1.1120 → v1.1.4.1145
Updated TXEManuf(Windows64) from v1.1.1.1120 → v1.1.4.1145
Updated VSCCommn_bin Content from v2.7.8 (07/2013) → v2.7.16 (03/2015)
Updated Bay Trail-MD Intel TXE FW Bring Up Guide from v1.7 (02/2014) → v1.8 (03/2015)

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 23/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Updated Bay Trail MD Intel TXE FW Release Notes from v1.1.2.1120 (09/2014) → v1.1.4.1145
(07/2015)
Added Intel TXE FW Release Customer Communication v1.1.4.1145 (07/2015)

plutomaniac 23 July 30, 2015, 4:52pm

Updates 30/07/2015:

Intel TXE Thread:

* Updated Intel TXE 2.0 1.375MB Firmware from v2.0.0.2060 → v2.0.0.2073

Jest 24 August 2, 2015, 11:36am

Hi.

I successfully updated updated my baytrail tablet from 1.0.2.1060 3MB to 1.0.7.1133. I saw, that can it
be updated to 1.1, but i cannot find any tips how.
And another thing, ME FITC version is still old, how can i update that?

Thanks.

plutomaniac 25 August 2, 2015, 1:50pm

@ Jest:

FITC is a tool, you cannot “update it”. What ME Analyzer shows is the version of FITC that the OEM
used to modify the ME Region of your BIOS file. Nothing more, it’s just information.

You can upgrade to 1.1 firmware but not with FWUpdate. Only with FPT and only if your flash
descriptor is unlocked (error 26 should not be shown when running fptw64 -d SPI.bin for the latter to be
true).

Jest 26 August 2, 2015, 2:39pm

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 24/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

HWinfo32 says "Host ME Region Flash Protection Override Status: Locked

Is this it?

plutomaniac 27 August 2, 2015, 8:42pm

@ Jest:

Yes, it’s locked. You could test the same with FPT but it doesn’t matter. The only way to upgrade now is
via an external programmer. It’s not worth all the trouble though. Unless you have programmer
knowledge, I suggest you just update to the latest 1.0 firmware. Normally it’s up to the OEM to do the
upgrade from 1.0 to 1.1 but that rarely happens.

Jest 28 August 2, 2015, 9:19pm

I did test with FP and i get error 26 or something like that.

So v1.0.7.1133 is the latest version for my tablet right now.

Ok, thanks for your help.

Jest 29 August 8, 2015, 3:18pm

It’s me again. Now with a different problem.

I have Asrock Q1900M baytrail motherboard. Original came with TXE 1.0.2.1060 3MB and i did
update it to 1.0.7.1133. So i was curious if upgrade to 1.1 is possible.

TXEInfo shows

Intel(R) TXEInfo Version: 1.0.4.1089

Copyright(C) 2005 - 2013, Intel Corporation. All rights reserved.

Intel(R) TXE code versions:

BIOS Version: P1.50

VendorID: 8086
SOC Version: C
FW Version: 1.0.7.1133
TXEI Driver Version: 1.0.0.1064
https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 25/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

FW Capabilities: 0x20001040

Intel(R) Capability Licensing Service - PRESENT/ENABLED

Protect Audio Video Path - PRESENT/ENABLED

Last TXE reset reason: Global system reset

Local FWUpdate: Enabled
BIOS Config Lock: Disabled
Host Read Access to TXE: Enabled
Host Write Access to TXE: Enabled
SPI Flash ID #1: EF6017
SPI Flash ID VSCC #1: 20052005
SPI Flash BIOS VSCC: 20052005
BIOS boot State: Post Boot
OEM Id: 00000000-0000-0000-0000-000000000000
Capability Licensing Service: Enabled
OEM Tag: 0x00000001
Global Valid FPF: Invalid
PTT FPF: Enabled
Perform Secure Boot FPF: Disabled
OEM Public Key Hash FPF: 0000000000000000000000000000000000000000
000000000000000000000000
Key Manifest ID FPF: 00
Alternative BIOS Limit FPF: 0000
Secure Boot Status: Not Executed
Secure Boot Recovery Status: Not Executed
PTT Lockout Override Counter: 10

From what i understand, descriptor is not locked. Am i right?

But when i tried fptw64 -d SPI.bin, error 26 shows.

Intel (R) Flash Programming Tool. Version: 1.0.4.1089

Copyright (c) 2007 - 2013, Intel Corporation. All rights reserved.

Platform: Bay Trail

Reading HSFSTS register… Flash Descriptor: Valid

— Flash Devices Found —

W25Q64DW ID:0xEF6017 Size: 8192KB (65536Kb)

Error 26: The host CPU does not have read access to the target flash area. To en

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 26/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

able read access for this operation you must modify the descriptor settings to g
ive host access to this region.

plutomaniac 30 August 8, 2015, 8:42pm

If Error 26 shows, you have a locked flash descriptor. Only via a programmer can you upgrade from
v1.0 to v1.1 in such a case.

plutomaniac 31 August 10, 2015, 5:34pm

Updates 10/08/2015:

Intel TXE Thread:

Intel TXE 2.0 1.375MB Firmware v2.0.0.2073 from EXTR → RGN

Intel FWUpdate Tool for TXE 2.0 Firmware from v2.0.0.2060 → v2.0.0.2073
Intel TXEInfo Tool for TXE 2.0 Firmware from v2.0.0.2056 → v2.0.0.2073
Intel TXEManuf Tool for TXE 2.0 Firmware from v2.0.0.2056 → v2.0.0.2073

Intel TXE System Tools v2.0 from r2 → r3:

Flash Image Tool: v2.0.0.2056 → v2.0.0.2073

Flash Manifest Generation Tool: v2.0.0.1056 → v2.0.0.1059
Flash Programming Tool(EFI): v2.0.0.2056 → v2.0.0.2073
Flash Programming Tool(EFI32): v2.0.0.2056 → v2.0.0.2073
Flash Programming Tool(Windows): v2.0.0.2056 → v2.0.0.2073
Flash Programming Tool(Windows64): v2.0.0.2056 → v2.0.0.2073
FWUpdate(EFI): v2.0.0.2056 → v2.0.0.2073
FWUpdate(EFI32): v2.0.0.2056 → v2.0.0.2073
FWUpdate(Windows): v2.0.0.2060 → v2.0.0.2073
FWUpdate(Windows64): v2.0.0.2060 → v2.0.0.2073
TXEInfo(EFI): v2.0.0.2056 → v2.0.0.2073
TXEInfo(EFI32): v2.0.0.2056 → v2.0.0.2073
TXEInfo(Windows): v2.0.0.2056 → v2.0.0.2073
TXEInfo(Windows64): v2.0.0.2056 → v2.0.0.2073
TXEManuf(EFI): v2.0.0.2056 → v2.0.0.2073
TXEManuf(EFI32): v2.0.0.2056 → v2.0.0.2073
TXEManuf(Windows): v2.0.0.2056 → v2.0.0.2073
TXEManuf(Windows64): v2.0.0.2056 → v2.0.0.2073
Braswell Intel TXE FW Bring Up Guide from v1.2 (03/2015) → v1.3 (04/2015)
Braswell Intel TXE FW PV Release Notes from v2.0.0.2056 (05/2015) → v2.0.0.2073 (06/2015)
https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 27/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Braswell Intel TXE FW Customer Communication from v2.0.0.2056 (03/2015) → v2.0.0.2073

(06/2015)
VSCCommn_bin Content from v2.8.1 (12/2014) → v2.8.3 (03/2015)

SimpleTech 32 August 19, 2015, 1:14am

Just wanted to say that I was able to get my Lenovo laptop (has a Bay-Trail CPU) updated to the latest
firmware. It gave me a message about the OEM ID not being correct so I looked it up with TXEInfoWin
and then copied the OEM ID and used the command fwupdlcl64.exe -OEMID ID# -f TXE.bin

plutomaniac 33 August 19, 2015, 4:02am

SimpleTech:

Just wanted to say that I was able to get my Lenovo laptop (has a Bay-Trail CPU) updated to the
latest firmware. It gave me a message about the OEM ID not being correct so I looked it up with
TXEInfoWin and then copied the OEM ID and used the command fwupdlcl64.exe -OEMID ID#
-f TXE.bin

Yes, that’s a common practice of Lenovo. ME Analyzer should show a note about the existence of such
an OEMID inside the BIOS (SPI) image. I’d like to verify it myself again, so can you tell me the model of
that Lenovo laptop?

plutomaniac 34 August 26, 2015, 3:25pm

Updates 26/08/2015:

Intel TXEInfo Tool for TXE 2.0 Firmware from v2.0.0.2073 → v2.0.0.2077
Intel TXEManuf Tool for TXE 2.0 Firmware from v2.0.0.2073 → v2.0.0.2077
* Intel FWUpdate Tool for TXE 2.0 Firmware from v2.0.0.2073 → v2.0.0.2077

Intel TXE System Tools v2.0 from r3 → r4:

Flash Image Tool from v2.0.0.2073 → v2.0.0.2077

Flash Programming Tool(EFI) from v2.0.0.2073 → v2.0.0.2077
Flash Programming Tool(EFI32) from v2.0.0.2073 → v2.0.0.2077
Flash Programming Tool(Windows) from v2.0.0.2073 → v2.0.0.2077
https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 28/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Flash Programming Tool(Windows64) from v2.0.0.2073 → v2.0.0.2077

FWUpdate(EFI) from v2.0.0.2073 → v2.0.0.2077
FWUpdate(EFI32) from v2.0.0.2073 → v2.0.0.2077
FWUpdate(Windows) from v2.0.0.2073 → v2.0.0.2077
FWUpdate(Windows64) from v2.0.0.2073 → v2.0.0.2077
TXEInfo(EFI) from v2.0.0.2073 → v2.0.0.2077
TXEInfo(EFI32) from v2.0.0.2073 → v2.0.0.2077
TXEInfo(Windows) from v2.0.0.2073 → v2.0.0.2077
TXEInfo(Windows64) from v2.0.0.2073 → v2.0.0.2077
TXEManuf(EFI) from v2.0.0.2073 → v2.0.0.2077
TXEManuf(EFI32) from v2.0.0.2073 → v2.0.0.2077
TXEManuf(Windows) from v2.0.0.2073 → v2.0.0.2077
TXEManuf(Windows64) from v2.0.0.2073 → v2.0.0.2077
Braswell Intel TXE FW Release Notes v2.0.0.2073 from PC → PV
Braswell Intel TXE FW Customer Communication v2.0.0.2073 from PC → PV

plutomaniac 35 August 28, 2015, 2:13pm

Update 28/08/2015:

Intel TXE 1.2 1.375MB Firmware BYT-M/D from v1.1.4.1145 → v1.2.0.1149

Can someone with a v1.1 system test if you can update to v1.2 firmware with FWUpdate tool?

smf 36 August 28, 2015, 4:07pm

plutomaniac:

Can someone with a v1.1 system test if you can update to v1.2 firmware with FWUpdate
tool?

I can’t, it complains about sku mismatch. I have an N2830 on a Toshiba which I think is BayTrail-M
I would like to try 1.1.4.1145 and see what that says but you seem to remove old versions.

plutomaniac 37 August 28, 2015, 4:25pm

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 29/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

I thought so. That’s what they did with v1.0 → v1.1 updating as well.

I have attached 1.1.4.1145 for you to test.

1.1.4.1145_1.375MB_PRD_RGN.rar (672 KB)

smf 38 August 28, 2015, 4:48pm

plutomaniac:

I thought so. That’s what they did with v1.0 –> v1.1 updating as well.

I have attached 1.1.4.1145 for you to test.

I can install that ok. I was on a really old version and was able to update to Intel TXE Firmware
v1.1.1.1130 (1.375MB BYT-I).rar & now 1.1.4.1145.

Any time I have tried 1.2 I get

C:\Users\Password\Downloads>FWUpdLcl64.exe -f Production_VLV_SEC_REGION.bin

Intel (R) Firmware Update Utility Version: 1.1.4.1145

Copyright (C) 2007 - 2015, Intel Corporation. All rights reserved.

Communication Mode: TXEI

Checking firmware parameters…

Warning: Do not exit the process or power off the machine before the firmware update process ends.
Sending the update image to FW for verification: [ COMPLETE ]

FW Update: [ 15% (Stage: 4 of 17) (/)]

Error 8741: FW Update Failed.

Error 8704: Firmware update operation not initiated due to a SKU mismatch

Whether it works or not is another matter, I got here because I don’t appear to have a TPM and all I
know about TXE comes from Wikipedia/google

"Intel TXT uses a Trusted Platform Module (TPM) and cryptographic techniques to provide
measurements of software and platform components so that system software as well as local and remote
management applications may use those measurements to make trust decisions"
https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 30/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

My CPU isn’t listed in the baytrail md pdf, but I’m sure it is a baytrail m

7 Hardware and Software Compatibility • Intel® Pentium® N3510/ 3520 Processor • Intel® Celeron®
N2810/ 2820 Processor • Intel® Celeron® N2910/ 2920 Processor • Intel® Celeron® N2805/
N2806 Processor • Intel® Celeron® N2815 Processor

Intel says:

Intel TXT enabled BIOS, Authenticated Code Modules (ACM) created and signed by Intel inside the
BIOS, and Trusted Platform Modules (TPM) integrated onto the motherboard that provides securely-
generated cryptographic keys. This is a hardware-based mechanism that stores cryptographic keys and
other data related to Intel TXT within the platform. It also provides hardware support for the attestation
process to confirm the successful invocation of the Intel TXT environment. The attestation process uses
the TPM to establish mutual trust between parties regarding execution environment during runtime.

But TPM isn’t mentioned in my BIOS and Windows can’t find it, so it might be that I won’t actually be
able to use TXE even though device manager gives me a yellow warning sign if the driver isn’t installed.

plutomaniac 39 August 28, 2015, 5:06pm

It seems that everyone can update to everything in TXE (when being at the same minor version of
course). Maybe I’ll remove those BYT-MD and BYT-I firmware distinctions. I will upload 1.1.4.1145
again for all systems with v1.1 firmware. I guess, as before (v1.0 → v1.1), the only way to update is via
FPT + full TXE Region and not FWUpdate.

Intel TXT (Trusted Execution Technology) is not related to Intel TXE (Trusted Execution Engine). Similar
name but not related. Updating TXE does not give TPM capabilities.

smf 40 August 28, 2015, 5:20pm

plutomaniac:

Intel TXT (Trusted Execution Technology) is not related to Intel TXE (Trusted Execution Engine).
Similar name but not related. Updating TXE does not give TPM capabilities.

I got hoodwinked by a post on reddit

https://www.reddit.com/r/intel/comments/…d_do_i_need_it/
https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 31/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

"TXE is Trusted Execution Technology. Used for Security, etc.

http://en.wikipedia.org/wiki/Trusted_Exe…Technology&quot;

So TXE is a RISC cpu that does "security", like starlet on the wii.

plutomaniac:

the only way to update is via FPT + full TXE Region

Does this mean I can’t do that:

Intel (R) Flash Programming Tool. Version: 1.1.4.1145

Copyright (c) 2007 - 2015, Intel Corporation. All rights reserved.

Platform: Bay Trail

Reading HSFSTS register… Flash Descriptor: Valid

— Flash Devices Found —

EN25S64 ID:0x1C3817 Size: 8192KB (65536Kb)

Error 26: The host CPU does not have read access to the target flash area. To enable read access for
this operation you must modify the descriptor settings to give host access to this region.

plutomaniac 41 August 28, 2015, 5:38pm

Yes, that’s wrong. TXT is not TXE.

It’s a lengthy process to do that. It requires read/write access to TXE Region which is usually locked for
security purposes. You can check if the flash descriptor is unlocked by running the commnd fptw64 -d
SPI.bin. If it reports Error 26 you have a locked flash descriptor and cannot perform that upgrade
without a hardware programmer and more advanced knowledge. If it dumps the whole SPI chip without
Error 26 then your flash descriptor is unlocked. In that case, you will have to use FITC to transfer all
settings from your current TXE firmware to the 1.2.0.1149 TXE Region and save a new 1.2.0.1149
image with your system’s settings (named for example TXE.bin). Then you can use fptw64 -f TXE.bin -
txe command to flash the new TXE region. All the FPT, FITC etc tools can be found at the System
Tools.

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 32/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

smf 42 August 28, 2015, 6:05pm

plutomaniac:

You can check if the flash descriptor is unlocked by running the commnd fptw64 -d SPI.bin. If it
reports Error 26 you have a locked flash descriptor and cannot perform that upgrade without a
hardware programmer and more advanced knowledge.

Yeah, it is locked. I have a programmer and some experience using it, but I’m not sure I need the stress.
What is TXE actually good for?

The only use interesting case I found for the predecessor (Intel ME) is remote kill.

https://recon.cx/2014/slides/Recon%202014%20Skochinsky.pdf

A bit more googling and I’m now even more confused

https://embedded.communities.intel.com/thread/7868

"Intel® Platform Trust Technology: Also referred as Intel® PTT, is Intel implementation of TCG TPM 2.0
specification in Intel® TXE FW"

I assume I don’t have PTT either, however that manifests itself.

plutomaniac 43 August 28, 2015, 6:18pm

No, you don’t have to do it. It’s not worth the trouble. Leave it at 1.1.4.1145, it’s just fine.

Also, ME is not a predecessor. It’s a different development tree for other systems.

smf 44 August 28, 2015, 6:29pm

plutomaniac:

No, you don’t have to do it. It’s not worth the trouble. Leave it at 1.1.4.1145, it’s just fine.

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 33/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Also, ME is not a predecessor. It’s a different development tree for other systems.

I meant it came first and does a similar job. "In Bay Trail (Atom-based SoC), a new variation of ME is
used"

Is there any software that makes use of TXE that I might find useful?

plutomaniac 45 August 28, 2015, 6:49pm

Not that I know of. Especially TXE. It’s supposed to be hidden from the user, non intrusive. You have
updated firmware & drivers so you are good to go. Nothing more.

SimpleTech 46 August 29, 2015, 4:39am

plutomaniac:

Zitat von SimpleTech im Beitrag #32

Just wanted to say that I was able to get my Lenovo laptop (has a Bay-Trail CPU) updated to
the latest firmware. It gave me a message about the OEM ID not being correct so I looked it
up with TXEInfoWin and then copied the OEM ID and used the command fwupdlcl64.exe -
OEMID ID# -f TXE.bin

Yes, that’s a common practice of Lenovo. ME Analyzer should show a note about the existence of such
an OEMID inside the BIOS (SPI) image. I’d like to verify it myself again, so can you tell me the model of
that Lenovo laptop?

Sorry for the late reply, it’s a Lenovo ThinkPad 11e.

e.v.o 47 August 29, 2015, 3:11pm

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 34/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac:

Zitat von SimpleTech im Beitrag #32

Just wanted to say that I was able to get my Lenovo laptop (has a Bay-Trail CPU) updated to
the latest firmware. It gave me a message about the OEM ID not being correct so I looked it
up with TXEInfoWin and then copied the OEM ID and used the command fwupdlcl64.exe -
OEMID ID# -f TXE.bin

Yes, that’s a common practice of Lenovo. ME Analyzer should show a note about the existence of such
an OEMID inside the BIOS (SPI) image.

Could you put this info in ME Analyzer or on the start posting on how to achieve this (fwupdlcl64.exe -
OEMID ID# -f TXE.bin). Would be sad if such info is buried inside this thread

plutomaniac 48 August 29, 2015, 3:45pm

Added Intel TXE 1.2 1.375MB Firmware v1.2.0.1149 BYT-M/D

Restored Intel TXE 1.1 1.375MB Firmware v1.1.4.1145 BYT-M/D
Removed TXE 1.0 Tools & System Tools Package

@ SimpleTech:

I know of two OEMIDs for Lenovo:

Lenovo: 4C656E6F-766F-0000-0000-000000000000
Lenovo: 00000406-0000-0000-0000-000000000000

Which one do you have?

Also, this is an example of how the OEMID message looks like:

N6O7 49 August 31, 2015, 5:43pm

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 35/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Hello,
I’m trying to upgrade the firmware of a Asus T100TA (S) hybrid tablet with Windows 8.1 x32bit, I have
used ME Analyser and loaded the bios file (T100TASAS.213) but it returned error, so i do not know the
Intel TXE Firmware v1.0.x which two SKUs is: Thin 1.25MB or Full 3MB.

Is there a trick when loading the Bios file, please.

TXE Info returned that:

plutomaniac 50 August 31, 2015, 6:02pm

ASUS only provides the BIOS region for their mobile systems and not a full SPI (FD, BIOS, ME/TXE,
GbE etc). So MEA is telling you that it cannot find a ME firmware inside which makes sense.

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 36/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

You have a BayTrail-T system at v1.0 firmware. You can update to latter 1.0 firmware only under normal
circumstances.

To determine your SKU, make an Update image using FWUpdLcl -save TXE.bin command. Then drop
it into MEA. What does it report?

N6O7 51 August 31, 2015, 6:03pm

plutomaniac:

ASUS only provides the BIOS region for their mobile systems and not a full SPI (FD, BIOS,
ME/TXE, GbE etc). So MEA is telling you that it cannot find a ME firmware inside which makes
sense.

You have a BayTrail-T system at v1.0 firmware. You can update to latter 1.0 firmware only under
normal circumstances.

To determine your SKU, make an Update image using FWUpdLcl -save TXE.bin command. Then
drop it into MEA. What does it report?

I’ll do that soon and report, thanks a lot.

SimpleTech 52 August 31, 2015, 6:14pm

plutomaniac:

@ SimpleTech:

I know of two OEMIDs for Lenovo:

Lenovo: 4C656E6F-766F-0000-0000-000000000000
Lenovo: 00000406-0000-0000-0000-000000000000

Which one do you have?

Also, this is an example of how the OEMID message looks like:

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 37/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Crap, I’m in the process of selling off this notebook. Wish I could have saved the # for ya.

N6O7 53 August 31, 2015, 6:30pm

N6O7:

Zitat von plutomaniac im Beitrag #50

ASUS only provides the BIOS region for their mobile systems and not a full SPI (FD, BIOS,
ME/TXE, GbE etc). So MEA is telling you that it cannot find a ME firmware inside which
makes sense.

You have a BayTrail-T system at v1.0 firmware. You can update to latter 1.0 firmware only
under normal circumstances.

To determine your SKU, make an Update image using FWUpdLcl -save TXE.bin command.
Then drop it into MEA. What does it report?

I’ll do that soon and report, thanks a lot.

Arrgh…those tools & commands only works when you’re on, with the Tablet!

My Z77 desktop computer gives results in "FWUpdLcl -save TXE.bin" with the bios of the
AsusT100TAS loaded (i’m working offline the tablet)…

I do not know if this TXE.bin is good in MEA or not, since it hasn’t run the command
"ME_Analyzer_Run.exe" on the tablet directly.

I’ll will report back when i will work on the tablet directly.
Thank you!

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 38/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 54 August 31, 2015, 6:47pm

@ SimpleTech:

It’s ok. Not that important, support is already there either way.

@ N6O7:

I don’t understand. The Z77 system has nothing to do with TXE. The “TXE.bin” added at the end of the
command is just the file name. It could have been “file.bin” or anything else.

You need to download the FWUpdate v1.1 tool provided at the first post and run the -save command as
shown above. This has to be done at the Tablet. Like the TXEInfo picture you showed me before.

N6O7 55 August 31, 2015, 6:53pm

plutomaniac:

@ SimpleTech:

It’s ok. Not that important, support is already there either way.

@ N6O7:

I don’t understand. The Z77 system has nothing to do with TXE. The "TXE.bin" added at the end of
the command is just the file name. It could have been "file.bin" or anything else.

You need to download the FWUpdate v1.1 tool provided at the first post and run the -save
command as shown above. This has to be done at the Tablet. Like the TXEInfo picture you showed
me before.

Yeah, the first screenshot TXEInfo was direct on tablet…but i do not have the tablet at home now, only
at my Gfriend’s appartement.

I thought the run command could works on my Z77 Desktop with the Asus tablet bios!!

I’ll do that next time! Thanks!

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 39/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

N6O7 56 September 4, 2015, 8:39pm

I’ve used on an Asus hybrid tablet the command FWUpdLcl -save TXE.bin to extract from the Bios file
the part that gives me the real SKU version of the Intel TXE firmware, Thank you Pluto for that tip!

It does show for Intel TXE Firmware v1.0.x a full Sku 3Mb
Guess now i’ve to grab this underneath to upgrade the tablet:

(From 1st page) B4.

TXE v1.0 Firmware-based Systems

Intel TXE 1.0 3MB Firmware v1.0.7.1133 BYT-I

For Bay Trail Tablet/IVI (I) systems which come with TXE firmware v1.0

Thanks again!

plutomaniac 57 September 5, 2015, 1:33am

Yes, exactly. You can update to the 3MB 1.0.7.1133 BYT-I image using FWUpdate tool. Afterwards,
run TXEInfo to see if everything is ok and also TXEManuf to verify health.

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 40/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 58 September 6, 2015, 2:02pm

* Intel TXE 2.0 1.375MB Firmware v2.0.0.2077 from EXTR (dirty) → RGN (clean)

plutomaniac 59 September 17, 2015, 3:40pm

Intel TXE 2.0 1.375MB Firmware v2.0.1.2084

Intel TXEI Driver v2.0.0.1067 INF (from Kit 2.0.1.2084)

Intel TXEI Drivers & Software v2.0.0.1067 (from Kit 2.0.1.2084)

Intel TXE System Tools v2.0 r5:

Flash Image Tool v2.0.1.2084

Flash Programming Tool(EFI) v2.0.1.2084
Flash Programming Tool(EFI32) v2.0.1.2084
Flash Programming Tool(Windows) v2.0.1.2084
Flash Programming Tool(Windows64) v2.0.1.2084
FWUpdate(EFI) v2.0.1.2084
FWUpdate(EFI32) v2.0.1.2084
FWUpdate(Windows) v2.0.1.2084
FWUpdate(Windows64) v2.0.1.2084
TXEInfo(EFI) v2.0.1.2084
TXEInfo(EFI32) v2.0.1.2084
TXEInfo(Windows) v2.0.1.2084
TXEInfo(Windows64) v2.0.1.2084
TXEManuf(EFI) v2.0.1.2084
TXEManuf(EFI32) v2.0.1.2084
TXEManuf(Windows) v2.0.1.2084
TXEManuf(Windows64) v2.0.1.2084
Braswell Intel TXE FW Release Notes v2.0.1.2084 HF1
Braswell Intel TXE FW Customer Communication v2.0.1.2084 HF1

N6O7 60 September 17, 2015, 9:04pm

plutomaniac:

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 41/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Yes, exactly. You can update to the 3MB 1.0.7.1133 BYT-I image using FWUpdate tool.
Afterwards, run TXEInfo to see if everything is ok and also TXEManuf to verify health.

Oky Doky…

It’s done! Also i saved as OLD.bin the previous firmware.

TXE Info:

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 42/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

TXE Manuf Tool passed OK:

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 43/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Thank you much Plutomaniac!

Pacman 61 September 28, 2015, 8:53am

Hello

Here is Intel TXE FW 1.2.1.1153 (1.375MB) Date 20.08.2015

plutomaniac 62 September 28, 2015, 1:26pm

Intel TXE 1.2 1.375MB Firmware v1.2.1.1153 BYT-T

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 44/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

jones23 63 September 30, 2015, 5:35am

i was just wondering if there was a newer driver available for my thinkpad 8 tablet. the last bios update
updated the txe firmware, but the driver is still the same.

plutomaniac 64 September 30, 2015, 3:02pm

The latest driver (1.1.0.1064) can be found at the first post, section A1.
https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 45/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

jones23 65 September 30, 2015, 6:07pm

but isn’t that driver only for the 1.1.x firmware ? or is it downwards compatible with with the 1.0.x
firmware ?

plutomaniac 66 September 30, 2015, 6:35pm

No, v1 drivers are for all BayTrail systems whereas v2 drivers are for all Braswell/CherryTrail systems.

jones23 67 September 30, 2015, 9:23pm

turns out that the 1.1.x driver package installs the same old driver.
and manually updating the firmware doesn’t seem to be possible as the thinkpad 8 isn’t unlocked, from
what i can tell.

plutomaniac 68 September 30, 2015, 10:03pm

There have only been 3 TXE 1.x driver releases since 2013:

1.0.0.1050, 1.0.0.1054 & 1.1.0.1064

At Device Manager > System Devices > Intel Trusted Execution Engine you should see the driver version
of 1.1.0.1064. That’s the latest, generally TXE very rarely has driver updates.

Any TXE 1.x system can be upgraded to latter minor releases so 1.0 → 1.1 → 1.2. However, the minor
version upgrade requires an unlocked flash descriptor and then custom work with Flash Image Tool and
Flash Programming Tool flashing. To detect is the flash descriptor is unlocked (almost never is on tablets)
you can run fptw -d spi.bin command via Flash Programming Tool. If you get Error 26 then you have a
locked flash descriptor and nothing more can be done via software solutions.

Arise 69 October 22, 2015, 7:46pm

Where can I download: Intel TXE System Tools v1.0? Looking for a version of fptw.exe to work on my
baytrail tablet, but so far no luck with getting a proper version.
https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 46/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Thanks in advance.

plutomaniac 70 October 22, 2015, 7:58pm

@ Arise:

Use v1.1 System Tools, they are newer and compatible.

plutomaniac 71 November 30, 2015, 12:15am

Intel TXEI Driver v1.1.0.1064 (Linux) Sources for manual installation

Intel TXEI Drivers & Software v1.1.0.1064 (Win 8.x-10) complete package
Intel TXEI Drivers & Software v1.1.0.1064 (Win 10 IOT Core) complete package

Intel TXE 1.2 1.375MB Firmware v1.2.1.1153 BYT-M/D

Intel TXE 1.1 1.375MB Firmware v1.1.4.1145 BYT-M/D
Intel TXE 1.1 1.375MB Firmware v1.1.4.1145 BYT-IT
Intel TXE 1.0 1.25MB Firmware v1.0.5.1120 BYT-M/D
Intel TXE 1.0 1.25MB Firmware v1.0.2.1067 BYT-IT
Intel TXE 1.0 3MB Firmware v1.0.7.1133 BYT-M/D
Intel TXE 1.0 3MB Firmware v1.0.2.1160 BYT-IT

Intel TXE System Tools v1.x r4:

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 47/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

OEM Data Generation Tool v2.6

Flash Manifest Generation Tool: 1.1.4.1148
Flash Programming Tool(Android): 1.1.4.1145
Flash Programming Tool(Linux): 1.1.4.1145
FWUpdate(Android): 1.1.4.1145
FWUpdate(Linux): 1.1.4.1145
TXEInfo(Android): 1.1.4.1145
TXEInfo(Linux): 1.1.4.1145
TXEManuf(Android): 1.1.4.1145
TXEManuf(Linux): 1.1.4.1145
System Tools User Guide Linux v1.1
Bay Trail-T TXE FW Bring Up Guide v0.88
BYT SW OTM FSP Secure Boot Readme v1.2

Summary:

→ Fixed SKUs & Reuploaded all TXE 1.x Firmware

→ Added TXE 1.x Linux Driver Sources
→ Added TXE 1.x Windows 10 IOT Core Drivers
→ Reuploaded TXE 1.x Windows 8.x-10 Drivers
→ Added TXE 1.x Linux Tools & Documentation
→ Updated TXE 1.x Android Tools

I made some major changes to how TXE 1.x is detected and categorized based on some recent findings.
Some firmware remained the same with a slight name change when others were wrong and got replaced
completely. In detail:

1.375MB v1.2.0.1149 BYT-M/D → 1.375MB v1.2.1.1153 BYT-M/D

1.375MB v1.2.1.1153 BYT-T → None
1.375MB v1.1.1.1130 BYT-T → 1.375MB v1.1.4.1145 BYT-IT
3MB v1.0.5.1120 BYT-M/D → 3MB v1.0.7.1133 BYT-M/D
3MB v1.0.7.1133 BYT-T → 3MB v1.0.2.1160 BYT-IT

Note: The above firmware changes will be visible with MEA 1.4.x or later. It will be released in the near
future. The current version does not detect properly the M/D or I/T platform.

plutomaniac 72 December 2, 2015, 5:07pm

Intel TXE 2.0 1.375MB Firmware v2.0.1.2091

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 48/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

clio 73 December 3, 2015, 3:02pm

Hi,
@plutomaniac
I’ve updated the TXE fw of my stick (Meegopad T02) from 1.1.1.1130 -> 1.1.4.1145 without
problems, but the firmware in the first post for the IT SKU didn’t work (invalid or corrupted fw error),
so I tried the same fw from the post Intel Trusted Execution Engine: Drivers, Firmware & System
Tools (3) and it worked successfully.

I compared the checksum of the 1.1.4.1145 firmware from the link posted here, with the MD and the IT
from the first page and there’s no match.
Thanks!

PD: Pic related

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 49/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 74 December 3, 2015, 9:40pm

@clio

Honestly, the difference between M/D and I/T same-version firmware is non-existent content-wise but
not check-wise. I have seen many people manually (programmer) flash M/D firmware on I/T platforms or
vice versa and it was working just fine. In general, TXE 1.x is such a big mess. Nothing like ME on that
regard.

Anyway, you need to update to the same firmware that your SPI/BIOS has, even if it’s “wrong” in theory.
If that’s what the OEM has flashed then that’s what you can update to. In your case:

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 50/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

So, from the first post you need Intel TXE 1.1 1.375MB Firmware v1.1.4.1145 BYT-M/D.

clio 75 December 3, 2015, 9:48pm

Hi @plutomaniac ,
Maybe I expressed myself wrong,
What I tried to say was:
I downloaded the 1.1.4.1145 from the first page, but when I tried to flash it, it gave me an “invalid or
corrupted fw error” so I downloaded the fw from the linked post and it worked.
So I verified the checksum of the 3 files and the 3 files are different so I’m guessing that the fw on the first
post is corrupted.

Edit: seems that the files are good and the eMMC is failing. Sorry

PD: ME Analyzer capture (In 1.3 the TXE is recognized as I/T and in 1.4 as M/D or am I wrong?)

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 51/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 76 December 3, 2015, 10:07pm

clio:

Edit: seems that the files are good and the eMMC is failing. Sorry

That’s good. I was about to start smashing my head against a wall. Such an error would make no sense.

MEA v1.4.x or later is needed to see the major changes I made to TXE detection which is not yet
available. That’s the correct output:

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 52/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 77 December 7, 2015, 8:22pm

Intel TXE 2.0 1.375MB Firmware v2.0.2.3094

plutomaniac 78 December 12, 2015, 7:47pm

Intel TXEI Drivers & Software v2.0.0.1094 complete package

Intel TXEI Driver v2.0.0.1094 (Windows) INF for manual installation

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 53/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 79 January 5, 2016, 1:10am

Intel TXE System Tools v2.0 r6:

Flash Image Tool: 2.0.2.2092

Flash Programming Tool(EFI,EFI32,Windows,Windows64): 2.0.2.2092
FWUpdate(EFI,EFI32,Windows,Windows64): 2.0.2.2092
TXEInfo(EFI,EFI32,Windows,Windows64): 2.0.2.2092
TXEManuf(EFI,EFI32,Windows,Windows64): 2.0.2.2092

plutomaniac 80 January 27, 2016, 1:30am

Intel TXE 2.0 1.375MB Firmware v2.0.2.3095

plutomaniac 81 February 18, 2016, 7:34pm

Intel TXE 2.0 1.375MB Firmware v2.0.4.3098

Intel TXEI Drivers & Software v2.0.0.1094 (ReUpload, newer setup)

MEA DB:
2.0.4.3098_1.375MB_PRD_RGN_6B019FD754326AA6D9D814BC43CA6C5B53A0CA1F_SHA
1

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 54/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 82 February 25, 2016, 2:46pm

Intel TXE System Tools v2.0 r7

Flash Image Tool: 2.0.4.3098

Flash Manifest Generation Tool: 2.0.4.3098
Flash Programming Tool(EFI, EFI32, Windows, Windows64): 2.0.4.3098
FWUpdate(EFI, EFI32, Windows, Windows64): 2.0.4.3098
TXEInfo(EFI, EFI32, Windows, Windows64): 2.0.4.3098
TXEManuf(EFI, EFI32, Windows, Windows64): 2.0.4.3098

plutomaniac 83 April 2, 2016, 12:22am

Intel TXE 1.0 3MB Firmware v1.0.9.1153 BYT-M/D

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 55/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

MEA:
1.0.9.1153_3MB_MD_PRD_RGN_034EC998D64100D4DD9AE25FA1C4568D4A3EAB9E_SHA
1

Note: Version Control Number (VCN) was increased to 14. No downgrade via FWUpdate possible
after updating.

plutomaniac 84 April 6, 2016, 1:57pm

Intel TXE 2.0 1.375MB Firmware v2.0.4.3100

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 56/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

MEA:
2.0.4.3100_1.375MB_PRD_RGN_521192D87B3BDB8066FE781DF30113073C9F3497_SHA1

Thanks to Intel for the newer firmware!

plutomaniac 85 April 12, 2016, 8:30pm

Intel TXE 1.1 1.375MB Firmware v1.1.4.1148 BYT-I/T

MEA:
1.1.4.1148_1.375MB_IT_PRD_RGN_D0063651E2297EFE7820C882A0F90E6EACB807B5_SHA
1

Intel TXE System Tools v1.x r5:

Flash Image Tool: 1.1.4.1148

Flash Programming Tool(EFI,EFI32,Windows,Windows64,Android,Linux): 1.1.4.1148
FWUpdate(LocalEfi32,LocalEfi64,LocalWin32,Android,Linux): 1.1.4.1148
TXEInfo(EFI,EFI32,Windows,Windows64,Android,Linux): 1.1.4.1148
TXEManuf(EFI,EFI32,Windows,Windows64,Android,Linux): 1.1.4.1148

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 57/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 86 May 3, 2016, 2:26am

Intel TXE 1.2 1.375MB Firmware v1.2.1.1161 BYT-M/D

MEA:
1.2.1.1161_1.375MB_MD_PRD_EXTR_3F1ABE9F9DB1BA208024EACA5A27807E379C3605_
SHA1

plutomaniac 87 August 4, 2016, 12:43am

Intel TXE 3.0 Consumer Firmware v3.0.0.1083

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 58/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

For Apollo Lake systems which come with TXE firmware v3.0

Warning: Apollo Lake is not released yet. For research only!

MEA:
3.0.0.1083_CON_BX_PRD_RGN_7C3D339ACE542A9B2BEEB24506FF95345EC092E3_SHA1

plutomaniac 88 August 13, 2016, 2:37pm

Intel TXE 1.0 3MB Firmware v1.0.3.1164 BYT-I/T

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 59/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Note: Version Control Number (VCN) was increased to 15. No downgrade via FWUpdate possible
after updating.

MEA:
1.0.3.1164_3MB_IT_PRD_RGN_306FB567B168C64BFE28A9A18BA38339151838CB_SHA1

Thanks to SoniX for the new 3MB BYT-IT firmware!

Pacman 89 September 21, 2016, 7:14pm

Intel TXE Firmware 2.0.5.3105 1.375MB RGN

Intel TXE Firmware 2.0.5.3105_1.375MB_PRD_RGN_.zip (824 KB)

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 60/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 90 September 21, 2016, 9:44pm

Intel TXE 2.0 1.375MB Firmware v2.0.5.3105

Note: Version Control Number (VCN) was increased to 6. No downgrade via FWUpdate possible
after updating.

MEA:
2.0.5.3105_1.375MB_PRD_RGN_9EBD187744F882AA57B704068F8E3D97327B2E58_SHA1

Thanks to Intel for the new firmware as well as Pacman for letting me know!

razor_amd 91 October 20, 2016, 7:52pm

Dear plutomaniac,

I need Intel TXE Flash Image Tool 1.1.0.1089.

When I clean TXE firmware region with your guide, the laptop won’t turn on. I’d like to try with same
FITC tool like in the original bios, but I can’t find to download it anywhere.

I have a hardware programmer so I can play with different versions, etc… If you need me to try
something, I am here to help.

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 61/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

0220F.bin ← this file is decrypted from HP website, latest version of bios

0220F CleanTXE.bin ← the same file with clean TXE I did by your guide
Backup Beli main u56-w25q64fw.bin ← this is original dump file from notebook
BIOS_F18 za belog.bin ← this is working dump from another website

When I clean TXE bios, FITC version is other and I would like to try with same FITC version please.

All 4 bios files for download (if you need/want)

http://www.mediafire.com/file/eo8nk60ni708w5y/BIOS.rar

Thank you!

plutomaniac 92 October 20, 2016, 9:59pm

@ razor_amd:

I do have 1.1.0.1089 FITC but it won’t change anything, the problem should not be there. You need to
clean the original system dump and not the stock decrypted SPI from HP. You didn’t mention what HP
model that is but you said notebook so I selected that at FITC to do some quick comparisons. Based on
your dump (Backup Beli main u56-w25q64fw), I created an equivalent SPI image with clean/configured
TXE. Additionally, I have disabled Anti-Theft (as the guide says, not the root of your problem though)
and disabled the Flash Descriptor protection so you can reflash the entire SPI from within an OS instead
of the programmer provided that a) the system boots and b) that’s needed for something else (like
upgrading from TXE 1.1 to 1.2 if you want). You can easily re-enable the write protection lock if you
desire so after all modifications and repairs are done. After flashing with the programmer, if the system
doesn’t start and since you cannot do that easily using an OS and Flash Programming Tool, try to reset
the TXE by removing any power (cable, batteries) for 1 minute or so.

Backup_Fix.rar (2.97 MB)

razor_amd 93 October 21, 2016, 8:18am

The notebook model is also written in a bios file inside. It is HP 250 G3 notebook, bios ID is: 0220F.

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 62/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Yes, I get that I need to clean TXE in a bios already in a notebook. But in a 99% cases, the notebook
won’t turn on with a bios already inside, it is somehow corrupted, etc, so I must either program a fresh
clean bios from manufacturer’s site or a dump from other same or similar notebook downloaded from
various forums.

For that reason I can’t always use that backup image from a notebook so I downloaded file:
BIOS_F18.bin. I tried to clean TXE in this file also but when it wouldn’t work, I deleted it. Then I only
changed notebook info and serial number and call it: BIOS_F18 za belog.bin and the notebook works
with it. The one thing I didn’t try is removing all the batteries, including the little one for bios for 1 minute
to reset TXE. I will try your cleaned TXE bios and see how it goes. Will let you know.

I have uploaded complete backup bios files from other notebook that works, untouched. In there is a
Main bios and EC bios of the same board. The other link is HP website, to download bios update for this
notebook model.

1
2

https://drive.google.com/file/d/0B04G7U5l329dZnBpcXptWUZ6bms/view?usp=sharing
http://h20564.www2.hp.com/hpsc/swd/public/detail?sp4ts.oid=6732463&swItemId=ob

One more question I would like to ask you. When I download bios file from manufacturer's website, in
this case it is 0220F.bin (after decryption), is it already a clean ME/TXE one? I think it is, because it has
never been used before on a system and thus it doesn't have any data initialization in it. Please let me
know if I am wrong.

Thanks for all your hard work!!!

razor_amd 94 October 21, 2016, 6:12pm

Just to let you know that the bios is not working.

plutomaniac 95 October 21, 2016, 6:18pm

Well yes, it’s BIOS-related then. The TXE cleanup you and I did as well as FITC version used should
not be related. I cannot currently download the archive from google drive as the service is unresponsive

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 63/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

(probably related to that global DDOS attack that has been going on today). If you used another BIOS
and it now works, you may not need to do anything more.

And yes, in theory the TXE inside the stock HP SPI image should be clean+configured, meaning non-
initialized. I said “in theory” because not all OEMs care enough to do that. HP should be ok but some no
brand Chinese motherboards may come with initialized Engine firmware taken from another system.
That’s why I generally follow the guide regardless. It’s best to first try the one by the OEM and if not,
follow the cleanup process manually if you don’t trust their release.

razor_amd 96 October 21, 2016, 7:28pm

No worries, I flashed the one I already prepared from another forum and the notebook is working for
now. Thank you very much for the info!

Pacman 97 October 26, 2016, 3:09am

Intel TXE 2.1 1.375MB Firmware v2.1.4.3102

Intel TXE Firmware

2.1.4.3102_NaN_PRD_EXTR_B8EA221128D366E23CC1416DB8209D5A1129DEB8.zip (817
KB)

plutomaniac 98 October 26, 2016, 5:55pm

Thank you Pacman for the new firmware. Unfortunately, it seems Intel liked the crapfest that was TXE 1
and decided to extend it. This “newer” branch is older than the last 2.0 firmware we have. To me it seems

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 64/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

like a 2.0.4.3102 firmware which was especially/custom ordered or something and has a minor of 1
instead of 0. Or maybe an early 2.1 branch sample that later got abandoned. I don’t know what sort of
device came with such firmware but it’s 10 months old, older than 2.0.x and haven’t seen any such
branch all this time. I’ll put it at the repo and MEA but I advise people against updating to it. For the
aforementioned reasons and because Intel has started to become very annoying when it comes to SKU
confusion and firmware obfuscation, this 2.1 “branch” will not be at the first post.

Pacman 99 October 27, 2016, 1:02pm

Yes, the date caused me some confusion, but i thought i would post it anyway since i have not seen it
Before.

It is from an Asus device, don’t remember wich one, but if there is any need i can recheck the Asus
BIOSes i downloaded yesterday.

plutomaniac 100 October 28, 2016, 6:11pm

From a quick search, is it VivoStick PC (TS10) by any chance?

Pacman 101 October 29, 2016, 8:50pm

Yes, that is the one.

Razz 102 December 15, 2016, 12:40am

Hi @plutomaniac ,

I am having problems with the Flash Image Tool from the Intel TXE System Tools v2 r1 package. It is
not able to extract the regions on loading the BIOS image from a Gigabyte Brix 3150.

I’m probably doing something wrong but I have attached the BIOS file in case you would like to take
a look.

Thanks for the great tools and for all your work.

image.zip (3.18 MB)

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 65/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Razz 103 December 15, 2016, 10:20pm

@plutomaniac ,

I have re-downloaded the tool and it works now, must have been a bad download.

plutomaniac 104 December 16, 2016, 6:34pm

Intel TXE System Tools v2 r2

Pacman 105 December 27, 2016, 5:26am

Here is Another TXE 2.1 FW 2.1.5.3105 from Lenovo.

Intel TXE FW 2.1.5.3105.zip (818 KB)

plutomaniac 106 December 27, 2016, 2:44pm

Intel TXE 2.1 1.375MB Firmware v2.1.5.3105

It seems that Intel has two branches for TXE2 which follow the same SKU, Date and VCN. The details
of 2.0.5.3105 and 2.1.5.3105 prove that. Why, I don’t know. I’ve now added the 2.1 branch for
https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 66/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

whoever currently has v2.1 firmware at his/her system. No change for MEA as that was implemented in
v1.6.8 two months ago. It would be interesting if someone could test “updating” from 2.0 to 2.1 via
FWUpdate which will probably not be allowed based on past TXE experiences.

Thank you Pacman for the new firmware!

plutomaniac 107 January 21, 2017, 6:11pm

Intel TXE 2.0 1.375MB Firmware v2.0.5.3109

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 67/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

KaminoReal 108 January 25, 2017, 10:32am

Intel (R) Firmware Update Utility Version: 2.0.5.3107

Copyright (C) 2007 - 2015, Intel Corporation. All rights reserved.

Communication Mode: TXEI

Checking firmware parameters…

Warning: Do not exit the process or power off the machine before the firmware update process
ends.
Sending the update image to FW for verification: [ COMPLETE ]

FW Update: [ 15% (Stage: 4 of 17) (/)]

Error 8741: FW Update Failed.

Error 8704: Firmware update operation not initiated due to a SKU mismatch

Nope it didn’t worked.

@Pacman mind to share the new version?

L.E. Nevermind I saw first post was updated since my last visit…

plutomaniac 109 March 7, 2017, 7:11pm

Intel TXEI Driver v3.0.0.1115 (Windows 8.x & Windows 10) INF
Intel TXEI Driver v3.0.0.1115 (Windows 7) INF
Intel TXEI Drivers & Software v3.0.12.1138

Intel TXE System Tools v3 r1

michelolvera 110 March 17, 2017, 9:38am

I have an Asus x540sa (Intel N3700), I regularly update my BIOS firmware but one day I saw in the
device manager that Intel Trusted Execution Engine did not start (Code 10)
STATUS_DEVICE_POWER_FAILURE, I talk to ASUS and they did not give me a reply so I used this
forum To update the firmware and correct the error, I did it and it worked perfectly. THANK YOU!

Yesterday a new BIOS update was released with the following description:
https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 68/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

BIOS 304
Update TXE FW 2.0.2.2092

I apply the update but TXEInfo still shows the firmware installed by me (2.0.5.3109) and not the one that
would be supposed to be (2.0.2.2092), I attach an image, my question is: Is there any error in my system
or everything is correct ?
[[File:Captura de pantalla (4).png|none|auto]]

plutomaniac 111 May 16, 2017, 2:13pm

Intel TXE System Tools v3 r2

plutomaniac 112 August 31, 2017, 3:22pm

Intel TXE System Tools v3 r3

Tito 113 September 4, 2017, 12:45am

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 69/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

@plutomaniac

Latest version of TXEI Drivers & Software in v3 branch is 3.0.13.1144 now.

plutomaniac 114 September 4, 2017, 12:33pm

Ah, I forgot to update it. Thank you @Tito

plutomaniac 115 October 1, 2017, 11:43pm

Intel TXE 2.1 1.375MB Firmware v2.1.5.3107

plutomaniac 116 November 6, 2017, 8:45pm

Intel CSTXE System Tools v3 r4

elisw 117 November 21, 2017, 9:08pm

Hi Plutomaniac,
I am having problems with an X5 Z8350 mini PC, specifically with audio output and LAN and I thought
https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 70/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

it was a BIOS related issue.

then I run TXEInfo and discovered there is a problem with it (see below).
TXEManuf test performed and passed.

Edit: I updated the firmware to 2.0.5.3109 and have the same situation (Invalid global FPF) but no error
is shown.

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 71/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 118 November 21, 2017, 11:10pm

I see that you have read/write access to the TXE Region. To rule out TXE, follow the CleanUp Guide
with 2.0.5.3109_1.375MB_PRD_RGN and reflash. After the “fpt -greset”, try again with the latest
MEInfo and MEManuf.

elisw 119 November 23, 2017, 12:34am

@plutomaniac :
tried but something went wrong after the -greset command.
now something is badly corrupted and cannot access BIOS anymore while all TXE tools are not working
anymore.

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 72/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Edit: after having reflashed the BIOS the tools are working again although I still cannot access the bios

plutomaniac 120 November 23, 2017, 1:22pm

Not being able to access the BIOS or similar issues have nothing to do with TXE. As long as you
followed the CleanUp guide and reflashed TXE firmware properly, everything else falls into
BIOS/system-specific category. Try a clear CMOS and keep the system off and without AC/battery
power for 1 minute or so. If that does not help, I suggest you reflash the latest SPI image (FD + ME +
BIOS etc) from the OEM.

plutomaniac 121 November 30, 2017, 2:59pm

Intel TXEI v3.1.50.2222 Drivers & Software

Intel CSTXE System Tools v3 r5

plutomaniac 122 December 12, 2017, 1:34pm

Intel TXEI Driver v1731.4.0.1199 (Windows 8 & Windows 10) INF for manual installation
Intel TXEI v1731.4.0.1199 Drivers & Software

Note: TXEI v4 drivers are usable with Gemini Lake systems.

Note: TXEI v4 driver versions start with the year & week of release (example: 1731 → 31st week of
2017).

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 73/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

a-dead-trousers 123 December 17, 2017, 2:11pm

Hi!

First of all thank you for this amizing forum. I was able to upgrade nearly all of my devices to the latest
firmware (TXE and ME).
Only one Tablet/Slim Notebook is resiting all of my efforts for a firmwareupgrade. It’s is using an old 1.0
version and I’m a little bit concernd that it’s not safe.
Therefore I have some questions.
According to TXEInfoWin the “Local Firmware Upgrade” is disabled. In the BIOS-Menu I can’t find
anything regarding “TXE”. No “allow BIOS upgrade” or whatsoever. The only option which comes near
is “Secure Boot”.
Is the “local firmware upgradeability” somehow related to secure boot? So only a “credible” OS can
change the firmeware?
Is there a way to switch the “Local Firmware Upgrade” option in the TXE to enabled?

In the first post of this thread there is mentioned a “Upgradeability” for TXE 1.x to as high as 1.2 using
the FPT.
Is there a guide how to achieve this?

The device is quite old so there is no newer bios or any other support from the manufacturer. Only some
quite old device drivers.

wkr
ADT

plutomaniac 124 December 17, 2017, 4:48pm

@ a-dead-trousers:

It has nothing to do with Secure Boot. Local Firmware Update (FWUpdate) can be sometimes
disabled from the BIOS but that doesn’t mean that the OEM left the setting available for the users to
adjust. Either way, you cannot use FWUpdate to update TXE 1.0 firmware to 1.1 or 1.2. A custom
reflash of the entire TXE region (EXTR) was required for that generation. With FWUpdate you can
just update to the latest 1.0 firmware only. In your case, that option is disabled as well. If your system
happens to have read/write access to the TXE region of the SPI chip, you can upgrade via Flash
Programming Tool. Run “fptw -d spi.bin” command. Does it complete successfully or do you see
CPU/BIOS Access Error or similar? If it completes successfully, you can follow the CleanUp Guide
and at step 4 select the latest TXE 1.2 firmware. If it fails, you have no read/write access to the TXE
region. Maybe we can enable some potentially hidden BIOS option though which will allow temporary
read/write access there, provided that you can boot in an EFI shell. In that case, you can dump the
BIOS region only by “fptw -bios -d bios.bin” and then compress & attach it here.

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 74/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

a-dead-trousers 125 December 17, 2017, 7:28pm

Ok, thanks. I will try your suggestions next weekend when I’ve got some spare time (holidays and so on
)

a-dead-trousers 126 December 22, 2017, 6:08pm

@plutomaniac

Now I found some time. As you predicted the SPI chip is not accessible using Flash Programming Tool.
The command "fptw -d spi.bin" results in "Error 26: The host CPU does not have read access to the
target flash area. To enable read access for this operation you must modify the descriptor settings to give
host access to this region.". Therefore I tried to dump the bios with "fptw -bios -d bios.bin" and was able
to do so even without an EFI shell. I hope thats´s ok and nothing of value is missing.

BIOS.zip (1.57 MB)

plutomaniac 127 December 22, 2017, 6:35pm

The EFI shell is required for the next step (setup_var manipulation), if a hidden BIOS option exists and
actually works. I found a few interesting BIOS options which I assume are hidden from the menus.

TXE (Default = Enabled) → 0x16C

TXE HMRFPO (HMRFPO = Host ME Region Flash Protection Override, Default = Disabled) →
0x170
TXE Firmware Update (use of FWUpdate, Default = Disabled) → 0x171
TXE EOP Message (for testing, EOP = End of Post, Default = Enabled) → 0x16D

We are interested in “TXE HMRFO” to allow Read/Write access to the TXE region and thus upgrade to
1.2 firmware. We are also interested in “TXE Firmware Update” which will allow FWUpdate usage, if
required.

Follow these steps but at step 3, change the variable to the one you want. For example “setup_var
0x170 0x01” to enable HMRFPO. You should then be able to dump the SPI chip.

a-dead-trousers 128 December 22, 2017, 10:51pm

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 75/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

No success.
Right after the reboot both values (0x170 and 0x171) are back to being 0x00 instead of 0x01.

This is was GRUB said:

Looking vor Setup variable…
var name: Setup, var size 12, var guid: a04a27f4-df00-4d42 - b5-52-39-51-13-02-11-3d
→ GUID matches expected GUID
successfully obtained “Setup” variable from VSS (got 700 (0x2bc) bytes).
offset 0x170 is: 0x00
setting offset 0x170 to 0x01

I tried the command multiple times to confirm that it is set to 0x01 but after a reboot it’s back at 0x00.

plutomaniac 129 December 23, 2017, 12:12am

Try the attached tool with command “/UnlockTXE”. If that works, it also has command
“EnableTXEFWU”.

BootMode v2.2.rar (86.7 KB)

a-dead-trousers 130 December 23, 2017, 11:05am

Although quite scary (the pc suddenly shutting down) it worked and I was able to dump the SPI chip.
Then I followed your cleanup guide and I’ve got the outimage.bin but what to do with it? Your guide is
missing the “how to actually flash the new bios” part.
I tried with Flash Programming Tool but this gives me "Error 286: Unable to write data to flash with SPI
lock enabled."
To check this I tried to flash an older bios from the vendor (using InsydeFlash) but this also fails during
boot. So I think I have to enable one more small thing using BootMode or another tool.

plutomaniac 131 December 23, 2017, 1:20pm

So the tool works for your machine, good, you’re lucky. You can flash via Flash Programming Tool.
Command “fptw -f outimage.bin” followed by “fptw -greset” is enough in your case. As for SPI lock, it
is possible that “UnlockTXE” deals only with the TXE region of the SPI chip so, with only that option
enabled, one would have to prepare an Engine (TXE) region only image at the CleanUp Guide. Since I
see there are some other options at BootMode such as “EnableBIOSLock” and “InFactoryMode”, try
the former one, it will probably work afterwards.
https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 76/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

a-dead-trousers 132 December 23, 2017, 5:27pm

A quick update:
I succeeded to disable the BIOS lock and to flash the new image. But now the laptop won’t boot
anymore, so I asume I did something TERRIBLY wrong. Currently I’m searching for a way to flash the
original BIOS without an actually working BIOS. The chip is soldered to the motherboard and the device
is quite old so I don’t want to go through the hassle of disasamble everything just to find out I made it
worse during the process.
I found a guide where it’s mentioned that you can use a FAT formatted USB drive containing the BIOS
and a special button combination to flash the bios in a kind of emergency mode. Unfortunately the guide
only mentions HP, Acer and Asus devices but not Lenovo. You don’t happen to know something about
Lenovo, do you?

fs-esprimo 133 December 23, 2017, 5:38pm

From the test I made with that tool on Lenovo T410 laptop with all commands I try:
/InFactoryMode - Set machine in factory mode
/DisableBIOSLock - Disable BIOS Lock
/UnlockTXE - Set the Flash Descriptor Override strap
/EnableTXEFWU - Enable TXE FW local update

All comands are reported as SUCCESSFUL but it can’t disable ME lock region for me to be able to
program DESC unlocked or dump ME region.

Maybe you program BIOS with the full flash dump ME+GBE+BIOS… or with TXE firmware ?

plutomaniac 134 December 23, 2017, 7:05pm

@ a-dead-trousers:

Can you upload your original and modded dumps to see what possibly went wrong?

jockyw2001 135 December 23, 2017, 11:13pm

@plutomaniac : where’s that tool from? (BootMode v2.2.rar)

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 77/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 136 December 23, 2017, 11:25pm

From some older Lenovo system with TXE firmware. It worked for a-dead-trousers (similar?) system
but it doesn’t mean anything for other models. Don’t get your hopes up, this is for specific cases.

fs-esprimo 137 December 23, 2017, 11:31pm

@plutomaniac
Do you have something / know if it is possible to unlock flash descriptor for old Lenovo T410 without
external intervention to chips ?
thx

a-dead-trousers 138 December 24, 2017, 8:20am

@plutomaniac

Here are my two files. Had to find a way to backup the harddrive first. Through USB to SATA bridge I
wasn’t able to read the GPT format.

outimage.zip (2.22 MB)

spi.zip (2.18 MB)

plutomaniac 139 December 24, 2017, 1:06pm

The cleaned/updated SPI image (outimage.bin) is proper, you did everything correctly. So either
something went wrong during flashing or there’s some security measure in place. Since Intel BootGuard
was not a thing at Bay Trail systems, I don’t think it could be something else. Did the flashing complete
properly?

Have you tried removing all power from the machine (AC + Battery) for a few minutes (press the power
button a few times while the system is off)? If that does not help, try removing and re-inserting the
memory modules (make sure you put them back correctly) in case the problem is bad BIOS cache.

a-dead-trousers 140 December 24, 2017, 2:34pm

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 78/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Flashing did not show any problems at all and everything you mentioned to solve the problem I already
did. Except removing the memory modules because they are also soldered to the motherboard. Even the
CMOS battery is soldered but at least not so well, so I was able to remove it. The system was without
any source of power for nearly half an hour and that didn’t help either. So I’m also convinced, that there
must be some sort of (hardware?) security measure. Anyway, thanks for the assurance that I didn’t do
something wrong (except of trying to change the firmware in the first place). At least I can stop doubting
myself and enjoy the christmas holidays.

Merry christmas and relaxing holidays to you.

plutomaniac 141 December 24, 2017, 4:32pm

It’s a shame that the machine no longer boots. No matter what, I wish you a Merry Christmas and happy
new year as well a-dead-trousers. Personally I don’t believe that your original though to update it was
misguided but I suppose you’re unlucky and stumbled upon some sort of Lenovo security measure or
flashing mishap. For now you should definitely enjoy the holidays but if you manage to resolve the issue
and possibly figure out what went wrong, please let us know so that the same thing won’t hopefully
happen to other people in the future.

gerarlab 142 December 24, 2017, 7:58pm

This work is amazing! Could I translate it to spanish and post it?

plutomaniac 143 December 26, 2017, 3:52pm

Thank you for your kind words. I don’t think there is a point in doing that for multiple reasons. No matter
what, I would expect people to at least have a source link to the original forum thread.

plutomaniac 144 January 3, 2018, 1:27pm

Intel TXE 1.1 1.375MB Firmware v1.1.5.2162 IT

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 79/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 145 January 9, 2018, 5:45pm

Intel CSTXE System Tools v3 r6

TheGiolly 146 February 4, 2018, 10:06pm

Why there aren’t (CS)TXE firmwares available?

plutomaniac 147 February 4, 2018, 10:38pm

TheGiolly:

Why there aren’t (CS)TXE firmwares available?

There aren’t any in this thread because Intel no longer has a FWUpdate tool for CSTXE-based Atom
platforms (APL, GLK). The official update methods are either via OEM BIOS updates (Capsule) or
when the system is in Download & Execute (DNX) mode. Another issue is that CSTXE is usually
partially signed by the OEM and their RSA Public Key + Exponent hash is stored in the SoC (hardware,
FPF). So, on such images, you cannot update the CSTXE firmware without the OEM Private RSA Key
without the platform rejecting your new image. This is what I’ve understood but someone can correct me
if I’m wrong.

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 80/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

TheGiolly 148 February 4, 2018, 10:53pm

Oh, ok. Thank you very much for the explanaiton

plutomaniac 149 February 8, 2018, 1:20pm

Intel TXE 2.0 1.375MB Firmware v2.0.5.3112

plutomaniac 150 March 2, 2018, 11:04am

Intel TXE 2.0 1.375MB Firmware v2.0.5.3117

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 81/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Smartpol 151 March 4, 2018, 5:06pm

Hi! I’ve read the thread and made a conclusion that I can’t update TXE on my laptop by myself.

plutomaniac:

Intel no longer has a FWUpdate tool for CSTXE-based Atom platforms (APL, GLK)

Me Analyzer info of my laptop:

I can do it only by updating bios, if my laptop manufacturer provide me updated bios, isn’t it?

plutomaniac 152 March 4, 2018, 8:24pm

Smartpol:

Hi! I’ve read the thread and made a conclusion that I can’t update TXE on my laptop by myself. I
can do it only by updating bios, if my laptop manufacturer provide me updated bios, isn’t it?

Usually yes, only if the OEM has an updated SPI/BIOS. But it can also depend, what laptop model are
we talking about?

xingyou12 153 March 5, 2018, 6:46pm

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 82/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Hi,Plutomaniac,excuse me,forgive my poor English,I have upgradged my TXE firmware

successfully,thank you,but I have another question:I use HWiNFO64 to look Intel ME information,and
the I find Intel ME Version and Intel ME Recovery Image Version is 2.0, Build 3117, Hot Fix 5,the same
as I upgrade,but it is different from Intel ME FITC Version,it is just 2.0, Build 1027.What did I wrong in
somewhere?Thank you very much.[[File:QQ??20180306015305.png|none|auto]]

Smartpol 154 March 5, 2018, 7:23pm

plutomaniac:

Usually yes, only if the OEM has an updated SPI/BIOS. But it can also depend, what laptop model
are we talking about?

Laptop model is Jumper EzBook 3 Pro - cheap chinese laptop from aliexpress. I think, that I wouldn’t
have any BIOS updates from manufacturer (I try to request it, but no luck ). My aim is to eliminate
intel-SA-00086 vulnerability by updating/editing bios of my laptop. Is there any chance to get TXE
updated or disabled for my laptop?

plutomaniac 155 March 5, 2018, 8:55pm

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 83/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

@ xingyou12:

The FITC version does not matter as it’s the tool which adjusted the firmware settings.

@ Smartpol:

Do you have read/write access to the SPI/BIOS chip or a programmer which you can use? Please
compress & attach a SPI/BIOS image for that model to see if the OEM used signing.

Smartpol 156 March 6, 2018, 6:30am

plutomaniac
Hi! Thanks for quick reply! I can use AfuEfix64.efi (I successfully made BIOS update with /P and /B
keys for latest available BIOS, which I found at techtablets.com, but intel SA-00086 is still there ).
The image of that BIOS is here 09_30_17_BIOS.zip in zip. I have ch341a programmer, but doesn’t
sure, that it is compatible with my BIOS chip.

plutomaniac 157 March 6, 2018, 1:44pm

@ Smartpol:

The CSTXE firmware is signed but, in your specific case, not with an OEM key so hopefully I’ve
updated it with CSTXE 3.1.50.2222 and re-signed it properly. I cannot guarantee that it will work but I
think it will. So if you decide to test this, I suggest to make sure that you can recover via the programmer.

09_30_17_BIOS_fix.rar (3.75 MB)

Smartpol 158 March 6, 2018, 6:39pm

I tried to update BIOS in built-in UEFI shell using “AfuEfix64.efi 09_30_17_BIOS_fix.bin /P /B”
command as I did at previous update, every part of the updating process gave me ‘OK’ or ‘done’ result.
After turning my laptop off I tried to turn it on but there was only black screen with power led light on. I
think, that recover via the programmer is necessary but at first decide to try unplugging laptop battery.
After this I try to power it on several times with strange behavior of power led without any display activity
and viola! I got my laptop working with latest TXE firmware without intel SA-00086 vulnerability!
Amazing! Big thanks for your help, plutomaniac!

P.S. 2 more questions:

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 84/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

1. How can I thank you more materially (maybe via paypal)?

2. Can I share this bios at techtablets with other people, who use this laptop?

plutomaniac 159 March 7, 2018, 2:02am

Oh that’s great, you’re the first person to have updated the CSTXE 3 firmware in this forum since 2016,
partially due to the fact that your SPI is not really signed. Yes, after reflashing the CSTXE firmware, the
system must be reset. You can either do it by running “fptw -greset” after the reflash or manually by
removing all power for 1 minute or so (AC + Battery, RTC is ok). Sometimes both are required and a
few power on attempts to kick start the system again. So you did great as your perseverance to power it
on proved that the signing worked.

By the way, aside from the updated CSTXE 3.1.50.2222 firmware which fixes INTEL-SA-00086, I
also updated the CPU Microcode in order to add hardware fixes for Spectre variant 2 vulnerability
(INTEL-SA-00088).

1. Thank you a lot for your offer. You can find a Paypal Donation button at my ME Analyzer or MC
Extractor readme files over at github.
2. Yes of course.

Smartpol 160 March 7, 2018, 6:42am

Thanks again, plutomaniac. I’ve just send you some support and thanks via paypal

plutomaniac 161 March 7, 2018, 2:03pm

Thank you very much Smartpol for your contribution. Enjoy your firmware-upgraded system!

TheGiolly 162 March 8, 2018, 9:08pm

Hi @plutomaniac
Can I ask you where did you find the CSTXE 3.1.50.2222 that you used to update that BIOS?
Thanks

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 85/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 163 March 10, 2018, 9:34pm

@TheGiolly

At the Engine Firmware Repositories you can now find CSTXE 3 & 4 packs. I will also update the
Engine CleanUp Guide with CSTXE instructions so that the user can check if their firmware is OEM
signed. If it’s not signed, the procedure remains the same but if it is, the user will need to input the OEM
Private Key used during signing which of course is not public but the instructions will be there in case
someone has it.

zyo 164 March 11, 2018, 8:06am

Is there anyway to update CSTXE firmware without a backup bios? (if not is there anyway to backup a
laptop’s bios)
I have an Apollo lake laptop (Yepo 737A) that’s similar to the Jumper Ezbook in the previous post but
unfortunately I couldn’t find a bios online.

Smartpol 165 March 11, 2018, 9:00am

zyo:

Is there anyway to update CSTXE firmware without a backup bios? (if not is there anyway to
backup a laptop’s bios)
I have an Apollo lake laptop (Yepo 737A) that’s similar to the Jumper Ezbook in the previous post
but unfortunately I couldn’t find a bios online.

There is no way to update CSTXE firmware without BIOS image. So if you can’t find it online, you
should do BIOS backup to obtain it. If you can boot to built-in UEFI shell (as in Jumper), you can do
BIOS backup by AfuEfix64.efi utility with this command "AfuEfix64.efi backup.rom /O". More
information about it and your laptop you can find at Techtablets.com.

zyo 166 March 12, 2018, 7:16am

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 86/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Thanks, I have backed up the firmware, can anyone help create an updated version?
https://nofile.io/f/d3dn2feEZ0T/backup.bin

plutomaniac 167 March 12, 2018, 5:03pm

@zyo

Your image is OEM signed. However, I have made an attempt to update the CSTXE firmware using a
new method. I cannot guarantee that it will work but I think it will. So if you decide to test this, I suggest
to make sure that you can recover via a programmer.

backup_fix.rar (3.93 MB)

zyo 168 March 12, 2018, 6:58pm

Thanks, I dont really have a programmer to recover in case this goes bad. I recall seeing someone at
techtablets flashing a Jumper Ezbook 3 pro bios onto a Yepo 737A laptop I wonder if it’s OEM signed
how they can do that without bricking…

plutomaniac 169 March 12, 2018, 7:55pm

From the two SPI images I’ve seen, the RSA Keys are different. The real question is whether these
OEMs actually closed Manufacturing Mode at their factory in order to commit the RSA Public Key Hash
at the Chipset hardware (FPF). Run “TXEInfo -verbose” and show me the results.

zyo 170 March 13, 2018, 7:14am

Intel(R) TXEInfo Version: 3.1.50.2222

Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.

FW Status Register1: 0x80000255

FW Status Register2: 0x39850000
FW Status Register3: 0x30B50608

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 87/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

FW Status Register4: 0x00080000

FW Status Register5: 0x00000000
FW Status Register6: 0x00000000

CurrentState: Normal
ManufacturingMode: Enabled
FlashPartition: Valid
OperationalState: CM0 with UMA
InitComplete: Complete
BUPLoadState: Success
ErrorCode: No Error
ModeOfOperation: Normal
SPI Flash Log: Not Present
Phase: BringUp
TXE File System Corrupted: No
PhaseStatus: UNKNOWN
FPF and TXE Config Status: Not committed
FW Capabilities value is 0x31109040
Feature enablement is 0x31109040
Platform type is 0x73FF0321
Intel(R) TXE code versions:

Table Type 0 ( 0x 00 ) found, size of 0 (0x 00 ) bytes

BIOS Version YEPOM10x.8.WP313R.NHNAUHL01
Vendor ID 8086
PCH Version B
FW Version 3.0.13.1144
Security Version (SVN) 0
Number of IFWI Modules 4
IFWI Module Name/Version
FTPR.man Version: 3.0.13.1144
PMCP.man Version: 0.1.0.0
SMIP.man Version: 11822.0.0.0
IUNP.man Version: 0.0.0.0

FW Capabilities 0x31109040

Intel(R) Capability Licensing Service - PRESENT/ENABLED

Protect Audio Video Path - PRESENT/ENABLED
Intel(R) Dynamic Application Loader - PRESENT/ENABLED
Service Advertisement & Discovery - NOT PRESENT
Intel(R) Platform Trust Technology - PRESENT/ENABLED
Persistent RTC and Memory - PRESENT/ENABLED

Re-key needed False

Last TXE reset reason Power up

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 88/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

BIOS Config Lock Enabled

Get flash master region access status…done
Host Read Access to TXE Enabled
Host Write Access to TXE Enabled
Get EC region access status…done
Host Read Access to EC Disabled
Host Write Access to EC Disabled
Protected Range Register Base #0 0x0
Protected Range Register Limit #0 0x0
Protected Range Register Base #1 0x0
Protected Range Register Limit #1 0x0
Protected Range Register Base #2 0x0
Protected Range Register Limit #2 0x0
Protected Range Register Base #3 0x0
Protected Range Register Limit #3 0x0
Protected Range Register Base #4 0x0
Protected Range Register Limit #4 0x0
SPI Flash ID 1 C86017
SPI Flash ID 2 Not Available
BIOS boot State Post Boot
Capability Licensing Service Enabled
OEM Tag 0x00000000
Slot 1 Board Manufacturer 0x00000000
Slot 2 System Assembler 0x00000000
Slot 3 Reserved 0x00000000
EPID Group ID 0x11E4
Keybox Not Provisioned
Crypto HW Support Enabled
Replay Protection Not Supported
Replay Protection Bind Counter 0
Storage Device Type SPI
Replay Protection Bind Status Pre-bind
Replay Protection Rebind Not Supported
Replay Protection Max Rebind 0
Intel(R) PTT Supported Yes
Intel(R) PTT initial power-up state Enabled
PAVP Supported Yes
Integrated Sensor Hub Initial Power State Disabled
End of Manufacturing Enable No
Post Manufacturing NVAR Config Enabled No
Protect BIOS Environment Enabled
CPU Debugging Disabled
BSP Initialization Disabled
Measured Boot Enabled
Verified Boot Enabled
OEM Public Key Hash FPF Not set

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 89/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

OEM Public Key Hash UEP

340383FBD2D92AC6451D2E6AB412B5A5FCC9B476BC496A86845F77F20DAA9C76
OEM Public Key Hash TXE FW
340383FBD2D92AC6451D2E6AB412B5A5FCC9B476BC496A86845F77F20DAA9C76

FPF UEP TXE FW

— — ------
Boot Guard Profile Not set 2 - VM 2 - VM
Key Manifest ID Not set 0x1 0x1
PTT Not set Enabled Enabled
UFS Boot Source Not set Disabled Disabled
EMMC Boot Source Not set Disabled Disabled
SPI Boot Source Not set Enabled Enabled
LED Indication Enabled Disabled Disabled
DnX Not set Disabled Disabled
OEM ID Not set 0x0 0x0
OEM Platform ID Not set 0x0 0x0
SOC Config Lock Not set Not set Not set
RPMB Bind Counter 0x0 0x0 0x0
RPMB Migration Done Not set Not set Not set
Persistent PRTC Backup Power Exists Exists Exists
Allow OEM Signing of DAL Applets No No No
EK Revoke State Not Revoked Not Revoked Not Revoked

zyo 171 March 13, 2018, 7:15am

Looks like FPF is not set?

plutomaniac 172 March 13, 2018, 2:40pm

Yeap, as you can see:

ManufacturingMode: Enabled
FPF and TXE Config Status: Not committed
Host Read Access to TXE Enabled
Host Write Access to TXE Enabled
End of Manufacturing Enable No
OEM Public Key Hash FPF Not set
(all FPF are Not set)

All of the above indicate that, although the SPI/BIOS image is signed, the signature was never
https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 90/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

hardware(FPF)-committed by the OEM. So you can do whatever you want, even commit to FPF
yourself with your own key or whatever (why though?). You can thus follow the Engine CleanUp Guide
and at step 7, just remove the OEM Public Key Hash to disable Signing. The platform should accept that
change because the FPF are not committed. At the above fixed SPI I attached, I’ve updated the CSTXE
firmware to the latest 3.1.50.2238 as well the APL CPU Microcode for Spectre Variant 2 mitigation.

I’d like to emphasize that the above portray my own understanding of the situation. Although, to my
knowledge, nothing should be capable of blocking the update, the risk of flashing is always on the
modder.

zyo 173 March 13, 2018, 7:47pm

Thanks for the explanation much appreciated, I will try flashing the bios tonight.

Just to clarify, is there anything I need to do prior to flashing? Do I just need to load the firmware onto a
USB drive and flash it using afuefix /p /b in EFI shell

plutomaniac 174 March 13, 2018, 8:15pm

Yes, you can flash it via AFU. After flashing, you may need to remove all power (AC + Battery, RTC is
ok) for 1 minute or so and in the meantime, press the power button 1-2 times as well. The system should
boot. If not, try to a few things like discussed here. Once it’s up, run Flash Programming Tool with
command “fptw -greset” for good measure and after the system reboot, everything should be updated
and operational.

zyo 175 March 14, 2018, 7:04am

That worked, the SA-00086 as well as Spectre are patched. Meltdown still remains, I thought the
Microcode update would have addressed that?

plutomaniac 176 March 14, 2018, 1:09pm

Only Spectre Variant 2 requires a microcode fix. Meltdown, Spectre Variant 1 and Spectre Variant 2 rely
on OS-based fixes.

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 91/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 177 March 15, 2018, 5:04pm

Intel CSTXE 4 Firmware v4.0.0.1245

Intel CSTXE 3.1 Firmware v3.1.50.2238

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 92/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Intel CSTXE 3.2 Firmware v3.2.10.1129

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 93/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Note: Added instructions on how you can update the CSTXE 3 & 4 firmware-based platforms (CSTXE
3 - 4 Updating).

plutomaniac 178 April 13, 2018, 8:39pm

Intel CSTXE System Tools v4 r1

Smartpol 179 May 1, 2018, 1:58pm

Hi, plutomaniac. Can you take a look at this BIOS: Teclast F7 rom. It’s not OEM signed and can be
fixed against intel SA-00086 and 88 or not?
https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 94/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

ME Analyzer told me, that there is OEM RSA Signature, but in previous case this signature was not a
problem.

plutomaniac 180 May 1, 2018, 2:13pm

It is signed as can be seen in MEA. Follow the Engine CleanUp Guide.

Smartpol 181 May 1, 2018, 3:26pm

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 95/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Thanks, I’ll make a try. As I understand, this guide is about updating TXE Engine. And how about CPU
microcode updating - is there any guide for this process?

plutomaniac 182 May 1, 2018, 11:36pm

For solely IFWI based platforms like APL & GLK, updating the microcode is very easy and can be
done via Flash Image Tool, just look for the option after the Engine CleanUp Guide procedure, before
building the final image.

plutomaniac 183 May 16, 2018, 9:37pm

Intel TXE System Tools v1 r2

Smartpol 184 June 3, 2018, 3:43pm

Thanks again, plutomaniac. I successfully made CSTXE 3 updated bios for my Teclast F7. But after fpt
-greset my notebook always booted to recovery tab in bios (never showed before). It boots normally
only after flashing updated bios again. Can’t say anything about reason of this strange behavior.
But I can’t find any options to microcode update:

plutomaniac:

just look for the option after the Engine CleanUp Guide

Can you make absolutely clear advice how to do that?

plutomaniac 185 June 3, 2018, 5:24pm

If you re-flashed a dumped BIOS region, it could lead to NVRAM corruption or similar. It’s best to take
the stock SPI image to avoid that. The CPU microcodes are found at Flash Layout > uCode Sub-
Partition. However, these are not CSTXE related.

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 96/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Smartpol 186 June 3, 2018, 6:08pm

First I flash modified BIOS with updated CSTXE engine in built-in uefi shell using "AfuEfix64.efi
updated_bios.rom /P /B", where updated_bios.rom was renamed outimage.bin, which I got by step-by-
step doing Engine CleanUp Guide. After this command I put next: "fpt.efi -greset". After that notebook
was rebooted to recovery tab in bios. BIOS also told me, that TXE engine version is N/A. When I exit
bios without saving anything, windows is booted without any issues. But every boot I begun with
recovery tab in bios, until I flash modified bios again in built-in uefi shell with "AfuEfix64.efi
updated_bios.rom /P /B" command. Then BIOS said, that TXE engine version is 3.1.50.2222 and no
recovery tab in BIOS now. Is now everything OK or not? How I can check NVRAM corruption? Intel
SA-00086 detection tool said me, that my system is updated and TXE engine version is the same
3.1.50.2222 as in BIOS.

plutomaniac 187 June 3, 2018, 7:08pm

This is AFU or BIOS-specific behavior, not CSTXE or CleanUp Guide related. If it works after these
steps then you are good to go.

Smartpol 188 June 3, 2018, 7:13pm

I understand, that it’s not CSTXE or CleanUp Guide related. Thanks a lot for your explanation. It works
now and thanks again for these very useful guides and firmwares!

plutomaniac 189 July 4, 2018, 1:15pm

Intel CSTXE 3.1 Firmware v3.1.50.2244

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 97/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 190 July 27, 2018, 1:31pm

Intel TXE 1.1 1.375MB Firmware v1.1.5.1162 MD

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 98/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 191 August 6, 2018, 12:52pm

Is there someone with an Apollo Lake system to do some safe and quick tests? I’m fairly certain that
CSTXE 4 (GLK) tools are also compatible with CSTXE 3 (APL) systems. We can test this by running
TXEInfo -verbose and TXEManuf -verbose.

Intel CSTXE 4 Firmware v4.0.5.1280

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 99/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Intel CSTXE System Tools v3 r7

plutomaniac 192 August 13, 2018, 5:19pm

Intel CSTXE 3.1 Firmware v3.1.55.2269

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 100/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

mhanor 193 October 5, 2018, 9:27pm

I want to thank you for your work, plutomaniac. I was able to resolve an issue that plagued my Asrock
N3050M since I bought it, just by updating its TXE firmware, by running fwupdate with the appropriate
RGN image. The system always froze when I rebooted it, after days or weeks of uptime. The Asrock
support failed to help me, they just blamed my unsupported OS (Debian). Thank you.

plutomaniac 194 November 27, 2018, 2:45pm

Intel TXE 1.0 1.25MB Firmware v1.0.52.1129 IT

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 101/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 195 December 19, 2018, 6:26pm

Intel CSTXE System Tools v4 r2 - (2018-12-19)

plutomaniac 196 December 25, 2018, 11:50am

Intel CSTXE 4 Firmware v4.0.10.1288

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 102/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 197 March 1, 2019, 6:00pm

Intel CSTXE 3.1 Firmware v3.1.60.2280

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 103/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

gpvecchi 198 March 2, 2019, 10:13pm

Sorry, is it possible to flash TXE 2.1 on devices with TXE2.0? Thanks!

plutomaniac 199 March 3, 2019, 4:28pm

gpvecchi:

Sorry, is it possible to flash TXE 2.1 on devices with TXE2.0? Thanks!

Yes but I don’t remember if FWUpdate tool can do that or if you need to do it manually via Flash

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 104/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Programming Tool and a pre-configured TXE firmware via Flash Image Tool. You can try FWUpdate
and if it doesn’t allow that, you’ll know that it can only be done manually. By the way, I’m not sure what
the rational was, but v2.0 and v2.1 are different branches so it doesn’t mean that v2.1 is newer than v2.0,
just different in some way. For example, the current latest v2.0 is much newer than the current latest v2.1
that we have found. So, I don’t know. Personally I would stick to v2.0 firmware if my system has v2.0
out of the box.

plutomaniac 200 March 6, 2019, 8:42pm

Intel CSTXE System Tools v4 r3

boombastik 201 March 9, 2019, 7:22pm

@plutomaniac this red line is a problem?

plutomaniac 202 March 9, 2019, 9:36pm

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 105/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

I’m not sure. It could be an incompatibility between the old firmware and the newer MEInfo tool version.
Check the TXE status via “-fwsts” parameter. Run MEManuf as well.

plutomaniac 203 March 15, 2019, 3:41pm

Intel CSTXE 4 Firmware v4.0.10.1288 (EXTR → RGN)

Intel TXE 1.1 1.375MB Firmware v1.1.5.1162 MD (EXTR → RGN)

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 106/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Intel TXE System Tools v1 r3 - (2019-03-15)

boombastik 204 March 15, 2019, 3:57pm

I can confirm that i updated successfully a Greek laptop Innovator Aether Slim V141 (z8350) with insyde
bios uefi.
Txe version updated from 2.0.0.2075 to v2.0.5.3117.

Until now it didn’t fail in any sleep and hibernate functions.

plutomaniac 205 April 4, 2019, 1:37pm

Intel CSTXE 3.1 Firmware v3.1.65.2288

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 107/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

klaxklax3 206 April 18, 2019, 7:36pm

can anyone say what this option actually does "Unsolicited Atttack Override PAVP" (enable/desable)
default=enabled

plutomaniac 207 May 4, 2019, 4:33pm

Intel TXE System Tools v1 r4 - (2019-05-04)

plutomaniac 208 May 14, 2019, 5:31pm

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 108/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Intel CSTXE 3.1 Firmware v3.1.65.2317

plutomaniac 209 May 15, 2019, 2:36pm

Intel CSTXE 4 Firmware v4.0.15.1303

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 109/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

1 Like

plutomaniac 210 May 30, 2019, 11:09pm

Intel TXE 2.1 1.375MB Firmware v2.1.5.3117

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 110/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

boombastik 211 June 6, 2019, 1:05pm

new txe version 2 driver Intel Trusted Execution Engine Interface Braswell/Cherry Trail 2.0.5.3117
WHQL:
-https://we.tl/t-TgMq6LoA3T

plutomaniac 212 June 6, 2019, 3:57pm

There is no difference between this and what is offered at the OP.

plutomaniac 213 June 18, 2019, 4:46pm

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 111/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Intel CSTXE 3.1 Firmware v3.1.65.2318

boombastik 214 June 21, 2019, 3:52pm

I leave it here for consideration.

I had a laptop that i put t to sleep automatically after 5 minute, and to hibernate after 30 min.

The most time i found the laptop stuck with a black screen.
I resolved it with TXE EOP Message bios option from enabled to disabled.

plutomaniac 215 July 4, 2019, 1:02pm

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 112/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Intel CSTXE 4 Firmware v4.0.20.1308

plutomaniac 216 August 15, 2019, 11:59am

Intel CSTXE 3.1 Firmware v3.1.70.2325

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 113/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 217 September 9, 2019, 1:21pm

Intel CSTXE 3.1 Firmware v3.1.70.2331

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 114/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 218 September 14, 2019, 7:09pm

Intel CSTXE 4 Firmware v4.0.20.1310

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 115/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 219 September 23, 2019, 8:46pm

Intel CSTXE 4 Firmware v4.0.20.1311

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 116/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

1 Like

pokuly 220 November 14, 2019, 5:07am

I have to admit i don’t understand how to put a recent TXE 4 firmware in a flashable file for my ASRock
J5005.
There is an existing BIOS online that updates the TXE https://www.asrock.com/mb/Intel/J5005-
ITX/index.de.asp#BIOS
I wonder if i overlooked a howto somewhere that explains how to update the TXE part of this file for
such a case?

pokuly 221 November 15, 2019, 5:12am

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 117/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Can it be that easy?

Loading the BIOS from ASRock into FIT and setting it up the way explained for cleaning with the
dummy key etc.
Overwriting the TXE Region.bin in the Decomp folder with the latest TXE firmware shows up with the
corresponding number under Flash Layout -> Intel TXE sub partition.
After build copy the SMIP part.
I have a file then that shows as “configured” for the ME and behaves valid in UBU.
Anything i got wrong and some things get lost that way?
https://www65.zippyshare.com/v/CzrIagIt/file.html
Edit: One thing that worries me is the different offset of the microcode in the rebuilt version.
Edit2: I got an updated BIOS from ASRock support that contains the 4.0.20.1310 TXE. FIT creates a
completely different file with the 4.0.20.1310 out of the firmware repository. The TXE Region.bin
created from FIT and the original ASRock BIOS is ~250kb smaller. Is this expected? Re-creating the
BIOS in FIT without exchanging any ROM spits out pretty much the same file as the original. Some bytes
are different. Most likely version numbers and alike.

linan186 222 November 23, 2019, 10:13am

Error 7: [SMIP Controller] Invalid Manifest Extension Utility path. Manifest Extension Utility path set to:
''
Error 6: [SMIP Controller] Failed to sign SMIP data.
Error 37: [Ifwi Actions] Failed to build SMIP data.
Error 19: [Ifwi Actions] Failed to prepare OEM SMIP data.
https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 118/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Error 12: [Ifwi Actions] Failed to prepare one or more IFWI components.
Error 15: Failed to build.
Failed to build!
Hello, I used Intel cstxe system tools V4 to clean up the me area and build me. How to solve the
problem

pokuly 223 November 23, 2019, 3:07pm

Link to meu.exe under Build Settings, it is in the guide.

pokuly 224 December 2, 2019, 4:05am

As reported 3 posts above a rebuild using Flash Iamge Tool 4 for my GLK with a different TXE moves
the offset of the µC.
This only happens if the TXE is a EXTR file. Putting in the different RGN versions does not change the
µC offset on rebuild.
I hope this observation is new and is of some help for something.

Edit: Did anybody ever update a TXE v4 successfully?

plutomaniac 225 January 7, 2020, 9:34pm

Intel CSTXE 4 Firmware v4.0.20.1311

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 119/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Intel CSTXE 3.1 Firmware v3.1.70.2334

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 120/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Intel CSTXE System Tools v4 r4 - (2020-01-07)

Intel CSTXE System Tools v3 r8 - (2020-01-07)

plutomaniac 226 March 4, 2020, 1:20pm

Intel CSTXE 3.1 Firmware v3.1.70.2334 (EXTR → RGN)

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 121/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Intel CSTXE System Tools v3 r9 - (2020-03-04)

plutomaniac 227 March 25, 2020, 2:08pm

Intel CSTXE System Tools v4 r5 - (2020-03-25)

1 Like

pkslowk 228 April 4, 2020, 3:54pm

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 122/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Did you solved this issue ?

pkslowk 229 April 4, 2020, 5:00pm

Can someone clean my txe region from my bios dump ?

plases. Bios Dump

plutomaniac 230 May 5, 2020, 12:27pm

Intel CSTXE 3.1 Firmware v3.1.75.2351

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 123/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

mario123 231 May 9, 2020, 9:23am

same problem ,am clear but eror

plutomaniac 232 May 19, 2020, 7:15pm

Intel CSTXE 4 Firmware v4.0.25.1324

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 124/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 233 June 10, 2020, 8:04pm

Intel CSTXE 4 Firmware v4.0.26.1334

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 125/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Intel CSTXE 3.1 Firmware v3.1.76.2356

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 126/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

robertd 234 July 16, 2020, 11:36am

Hi, someone has solution for RSA KEY?

After programming BIOS, Keyboard and Touchpad stop working.

Also i need version of me: 12.0.47.1524 size: 0x2BA000

Laptop: Dell 5482

MB: Bucky/ BenSolo WHL/CNL TVMHG 17859-1

CPU: Intel Core i5 8TH

Someone can help with this region?

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 127/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 235 July 29, 2020, 2:38pm

Intel CSTXE System Tools v3 r10 - (2020-07-29)

mario123 236 August 21, 2020, 5:55am

thanks master

plutomaniac 237 November 1, 2020, 1:32am

Intel CSTXE 3.1 Firmware v3.1.80.2400

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 128/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Intel CSTXE System Tools v4 r6 - (2020-10-31)

plutomaniac 238 November 7, 2020, 5:49pm

Intel CSTXE 4 Firmware v4.0.30.1386

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 129/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 239 December 5, 2020, 10:09pm

Intel TXE System Tools v2 r3 - (2020-12-05)

plutomaniac 240 March 31, 2021, 3:39pm

CSTXE System Tools v3 r12 - (2021-03-31)

Notice that (CS)TXE seems to have been killed off by Intel and merged into (CS)ME. Modern
Atom based platforms now run CSME firmware (LKF - CSME 13.30, JSL - CSME 13.50, EHL
- CSME 15.40 etc). The current (CS)TXE platforms (BYT, CHT, BSW, APL, BXT, GLK)
remain as they are.

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 130/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Coool 241 April 9, 2021, 9:58pm

I successfully upgraded PiPO-X7s TXE 1.375MB M/D v1.1.1.1120 to TXE 1.375MB M/D
v1.1.5.1162. Using FWUpdLcl -f 1.1.5.1162_1.375MB_MD_PRD_RGN.bin command.
I can’t figure out. Can I upgrade to TXE 1.2 1.375MB M/D v1.2.1.1161. For sure you can’t upgrade
to TXE 2.0 1.375MB v2.0.5.3117!

Strange TXEI Driver v2.0.0.1094 (Windows 7, 8, 10) drivers don’t work on PiPO-X7s. I checked
.inf file and hardware ID is only available in Windows 10 section. Missing for Windows 7 and 8.1 (NT
6.1).
I have found working drivers TXE_Win_64_1.1.5.1162 (Intel® Trusted Execution Engine Interface
2014.01.12 1.1.0.1064) on Intel® Trusted Execution Engine (Intel® TXE) Driver for
DN2820FY, DE3815TY site.

Interesting how to upgrade TXE FITC?

plutomaniac 242 April 10, 2021, 2:21pm

Coool:

I checked .inf file and hardware ID is only available in Windows 10 section. Missing for Windows 7
and 8.1 (NT 6.1).

I have adjusted Section A for TXE 1 on old Windows OS. Thanks for the feedback.

Coool:

Interesting how to upgrade TXE FITC?

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 131/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

That doesn’t make sense. Please read Section C to understand what Flash Image Tool is.

Coool 243 April 10, 2021, 4:41pm

As I understood Intel Flash Image Tool (FITC, FITc or FITC.exe) is tool which was used to flash
BIOS initially? But I updated TXE with FWUpdLcl (Intel Firmware Update Utility Version: 1.1.5.1162).
Why info wasn’t updated?

What is difference between TXE 1.375MB M/D and TXE 1.375MB I/T?

plutomaniac 244 April 10, 2021, 4:54pm

FIT is a tool, the tool used to build/configure the firmware. It is not something you update, ignore it. TXE
1.2 is technically compatible with 1.1 but it’s a different branch which existed for some reason on a very
small number of devices. M/D and I/T are different SKUs. You are up to date, nothing more to do.

Coool 245 April 10, 2021, 4:58pm

Tried to upgrade to TXE 1.2 1.375MB M/D v1.2.1.1161 with FWUpdLcl -f

1.2.1.1161_1.375MB_MD_PRD_EXTR.bin without success.

Intel (R) Firmware Update Utility Version: 1.1.5.1162

Copyright (C) 2007 - 2015, Intel Corporation. All rights reserved.

Communication Mode: TXEI

Checking firmware parameters…

Warning: Do not exit the process or power off the machine before the firmware update process ends.
Sending the update image to FW for verification: [ COMPLETE ]

FW Update: [ 15% (Stage: 4 of 17) (/)]

Error 8741: FW Update Failed.

Error 8704: Firmware update operation not initiated due to a SKU mismatch

Is it possible to upgrade with Intel Flash Programming Tool (fptw.exe). Only I don’t want to
corrupt TXE DATA Region (configuration stuff). Do I gain any benefit? Generally all TXE stuff is one
security concern :).
https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 132/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Welcome to the new site!

Welcome to the new site!

plutomaniac 246 April 10, 2021, 11:45pm

As I said, you are up to date TXE wise, nothing more to do.

plutomaniac 247 June 7, 2021, 12:47pm

CSTXE 4 v4.0.32.1524

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 133/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

CSTXE 3.1 v3.1.86.2538

plutomaniac 248 December 5, 2021, 10:34pm

CSTXE 4 v4.0.40.1600

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 134/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

CSTXE 3.1 v3.1.90.2629

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 135/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

plutomaniac 249 March 20, 2022, 2:04pm

CSTXE 4.0 GLK v4.0.45.1848

plutomaniac 251 May 23, 2022, 9:58pm

CSTXE 3.1 APL v3.1.92.2881

plutomaniac 253 January 13, 2023, 10:52am

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 136/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Hi Marvin, I restored the original post content because I wanted to emphasize my appreciation for
people who look out for newer firmware and report them here, no matter if this was already present at
the mega link from a few days ago. The latter won’t always be the case, so I needed to thank you for
helping out.

1 Like

Snailll 254 March 15, 2023, 2:36pm

Did anyone manage to successfully generate the Bios file for T100TA?

MeatWar 255 March 15, 2023, 3:03pm

Follow the guide: [Guide] Clean Dumped Intel Engine (CS)ME/(CS)TXE Regions with Data
Initialization

lfb6 256 August 11, 2023, 3:17pm

4.0.48.2042_B_PRD_EXTR.zip (1.2 MB)

2 Likes

Clean CSTXE 4.0.48.2042 for DELL Wyse 5070

Marvin 257 August 13, 2023, 5:39pm

CSTXE 3.1.94.3086 in Intel CH_0063 bios:

https://www.intel.com/content/www/us/en/download/19456/bios-update-chaplcel.html

╔═══════════════════════════════════════════╗
║ CH0063.CAP (1/1) ║
╟─────────────────────────────┬─────────────╢
║ Family │ CSE TXE ║
╟─────────────────────────────┼─────────────╢
║ Version │ 3.1.94.3086 ║
╟─────────────────────────────┼─────────────╢
║ Release │ Production ║
╟─────────────────────────────┼─────────────╢
https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 137/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum
║ Type │ Extracted ║
╟─────────────────────────────┼─────────────╢
║ Chipset Stepping │ B ║
╟─────────────────────────────┼─────────────╢
║ TCB Security Version Number │ 3 ║
╟─────────────────────────────┼─────────────╢
║ ARB Security Version Number │ 7 ║
╟─────────────────────────────┼─────────────╢
║ Version Control Number │ 112 ║
╟─────────────────────────────┼─────────────╢
║ Production Ready │ Yes ║
╟─────────────────────────────┼─────────────╢
║ OEM Configuration │ Yes ║
╟─────────────────────────────┼─────────────╢
║ Date │ 2023-01-02 ║
╟─────────────────────────────┼─────────────╢
║ File System State │ Configured ║
╟─────────────────────────────┼─────────────╢
║ Flash Image Tool │ 3.1.94.3107 ║

2 Likes

lfb6 260 March 4, 2024, 6:20pm

CSE TXE 4.0.50.2083 Prod B GLK.bin.zip (1.2 MB)

1 Like

luipez 261 March 18, 2024, 5:47pm

Good evening,
First of all, hello to everyone, I found your site looking for information on the problem I have on a
Foxconn NanoPC with an Intel N3700 processor which gives me the error of the little yellow triangle
next to the Trusted Execution Engine Interface device.
The currently installed version is 2.0.0.1094.

Can you tell me where to download the right most updated version, which I hope will solve my problem?

Thank you

MeatWar 262 March 18, 2024, 10:14pm

And what is reported by Windows about the state of the related device…?

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 138/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

2.0.2.2092
2.0.5.3117

luipez 263 March 18, 2024, 11:52pm

The drivers from the first link do not download.

The ones in the second link, even though they appear to be a later version, the installer says they are
newer than the ones currently installed.

luipez 264 March 18, 2024, 11:58pm

I uninstalled the version in use, I tried to launch the installation again and it says “Platform not supported”

MeatWar 265 March 19, 2024, 12:53am

Then the latest for your hardware platform was the ones you had previously, the same in OP of this
thread. It means newer packages do not contain your hw device ID (TXE) in the inf driver list.

luipez 266 March 19, 2024, 11:39am

Unfortunately now I don’t even have the previous version, 2.0.0.1094. because I uninstalled it.

Do you have a link for this version?

MeatWar 267 March 19, 2024, 11:48am

MeatWar:

the same in OP of this thread

Open your “eyes” a little more… i hate lazy people

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 139/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

EDIT: Oh you don’t read any info or topics… you just fetch, section A1 on FIRST POST of this thread

luipez 268 March 19, 2024, 12:37pm

Sorry, I didn’t understand what you meant by OP.

As I said before, I had uninstalled the driver, I also uninstalled the remaining part with Revo Uninstall,
downloaded the OP version, installed it, restarted the machine.
Now the little yellow error triangle no longer appears.

Thank you

frwil 269 November 3, 2024, 1:30am

CSTXE version 4.0.52.2150

Here in: https://ftp.ext.hp.com/pub/softpaq/sp155001-155500/sp155122.exe

3 Likes
https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 140/144
4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

MeatWar Split this topic 270 November 6, 2024, 7:33pm

A post was merged into an existing topic: [Guide] Clean Dumped Intel Engine (CS)ME/(CS)TXE
Regions with Data Initialization

Diesel336 271 November 11, 2024, 3:58pm

Hi to all, i find Flash image tool for server platform based on C621A, current version CSE SPS
v04.04.01.023. I have seen that someone here have this? but file was sended in PM

Hanaku 272 January 8, 2025, 10:11pm

plutomaniac:

v4.0.20.1310

@plutomaniac may i download this file please

Masato 274 March 2, 2025, 2:21pm

Okay… so I read the introduction, the Disclaimer, the Getting Started, the section A, the first two
paragraphs of section B (can’t follow along without tools from section C), I read all of section C… and I
feel properly lost. It’s a lot to take in, a lot of jargon I have not seen before. So I hope you don’t mind
me for asking for directions.

Who updates their “(CS)TXE Firmware by following sequentially the relevant steps at Section B using
the required Tools from Section C”? I mean what use case will call for firmware update of something as
vitally important as TXE obviously is?

Is it only if I want to update the TXE firmware that I need to “install the latest Drivers from section A”?
Are any of these drivers installed already OOTB by Windows? And do I need them if I only want to use
tools like the Flash Programming Tool (FPT) to interact with my (CS)TXE? Can I do that, without
installing special drivers for particular versions/generations/families of (CS)TXE/Engine and without
updating the TXE firmware? This is what I want to do. I want to use FPT to dump my firmware so can
examine or compare the contents of the NVRAM to another dump that I made with a programmer.

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 141/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Should I use HWiNFO, or ME Analyzer, or TXEInfo to get the “Major.Minor” version number and other
details right? If HWiNFO (version 8.22) has reported that I have “Intel ME” version 11.8, does that
mean I have “(CS)TXE” version 11.8? And what “TXEI” driver version do I then need? (By the way,
what does “I” in “TXEI” stand for?)

MeatWar 275 March 2, 2025, 2:48pm

Masato:

Who updates their “(CS)TXE Firmware by following sequentially the relevant steps at Section B
using the required Tools from Section C”? I mean what use case will call for firmware update of
something as vitally important as TXE obviously is?

Whoever wants it or has a system with such SKU, obviously.

You want to digest everything researched in years, in just a few days? Get real will you…
Learn and ask when working on something specific, eventually you will learn specific case by case, not
flooding the forum with questions that later you will ask again for sure, besides that you have a lot to read
sir, understood?

If you did, you would by now already noticed that CS ME is not the same FW engine as CS TXE…
differents aproaches, tools etc…

Masato 276 March 2, 2025, 3:23pm

MeatWar:

Whoever wants it or has a system with such SKU, obviously.

Yes. But you missed the second part: “I mean what use case will call for firmware update of
something as vitally important as TXE obviously is?” In other words, for what purpose would
someone be doing this?

MeatWar:

You want to digest everything researched in years, in just a few days? Get real will you…

I don’t know what gave you that idea. This post is just an overview of different Intel firmware, tools,
drivers, etc. I have no expectation to understand it all, and I don’t need to.

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 142/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

MeatWar:

Learn and ask when working on something specific, eventually you will learn specific case by case,
not flooding the forum with questions that later you will ask again for sure, besides that you have a
lot to read sir, understood?

No, I don’t understand. Why can’t I ask questions about the learning material if I don’t understand
something? Why do I have to be working on something specific before I can ask a question?

I don’t mind the reading. On contrary, I read almost the whole thing, and then some replies too, so that I
would not need to “flood the forum with questions”. But if I don’t understand something, I like to ask for
a clarification and to strengthen my understanding of what I’m reading. Otherwise, I might as well just run
with my head first and learn from my own failure – like the majority of newcomers I would imagine –
rather than by reading what more knowledgeable people with experience write on the topic.

Masato:

It’s a lot to take in, a lot of jargon I have not seen before. So I hope you don’t mind me for asking
for directions.

There’s a similar, but more relevant post over here:

Intel (Conv.Sec.) Management Engine: Drivers, Firmware and Tools (2-15)

Intel (Converged Security) Management Engine: Drivers, Firmware and Tools for (CS)ME 2-15
Last Updated: 2022-09-08 Intel Management Engine Introduction: Built into many Intel-based
platforms is a small, low power computer subsystem called the Intel Management Engine (Intel ME).
This can perform various tasks while the system is booting, running or sleeping. It operates
independently from the main CPU, BIOS and OS but can interact with them if needed. The ME is
responsible for many parts of a…

It covers “Intel ME” (and CSME) specifically, rather than “Intel TXE” (and CSTXE), and it includes the
system tools for Intel ME 11.8.

MeatWar:

If you did, you would by now already noticed that CS ME is not the same FW engine as CS
TXE…differents aproaches, tools etc…

I did notice. Thanks to Wikipedia. But you could have been more helpful in your reply if you had just
pointed me in the right direction by posting the link above.

MeatWar 277 March 2, 2025, 3:38pm

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 143/144

4/25/25, 7:51 PM Intel (Conv.Sec.) Trusted Execution Engine: Drivers, Firmw are and Tools - Intel Management Engine - Win-Raid Forum

Masato:

I don’t mind the reading.

Previous message content, perfectly acknowledged by user recipient.

https://w inraid.level1techs.com/t/intel-conv-sec-trusted-execution-engine-drivers-firmw are-and-tools/30730/print 144/144