Some time ago I did a fresh install of Windows 7 Home Premium 32 bit on anew machine.In Device Manager there was yellow bang against an unknown PCIcommunications device.I eventually tracked this down to a motherboard chip associated with theitem in the subject line, but could find no 32 bit Win7 driver for it.Having looked at the Intel documentation and the Wiki entry, I found myselflittle wiser as to it's function.I concluded that as a home user I probably had no need of it.However, today, Windows Update has offered me a driver for it. Curiously itis classified as Important (rather than Optional as most driver updates seemto be).I would be grateful if someone could explain ( in non-specialist language)what this device does, and as a home user if I need to have it enabled.Does it, for instance, provide any function to assist Windows Update.
IMEI is one component of Intel's VPRO remote access technology. I'm a bitsurprised that it's unexpectedly showing up in what I presume is a consumercomputer; it's an extra-cost item (last time I talked to our account team wewere told that they paid Intel $25 for each system shipped with thefeature). Unless you plan to put the box in a remote location where it can'tbe accessed if (when) it gets hung it's probably not that much use to you.You don't say what make and model of computer is involved.
Look at the BIOSsetup options; assuming that you don't want it you might be able to disablethe feature there (and thus get rid of the yellow bang in Device Manager).Joe Morris. IMEI is one component of Intel's VPRO remote access technology. I'm a bitsurprised that it's unexpectedly showing up in what I presume is aconsumer computer; it's an extra-cost item (last time I talked to ouraccount team we were told that they paid Intel $25 for each system shippedwith the feature). Unless you plan to put the box in a remote locationwhere it can't be accessed if (when) it gets hung it's probably not thatmuch use to you.You don't say what make and model of computer is involved. Look at theBIOS setup options; assuming that you don't want it you might be able todisable the feature there (and thus get rid of the yellow bang in DeviceManager). The computer is a Dell Inspiron Desktop 580.It has the Intel Core i3 processor 540 and a H57 chipset.Sold in Europe as a mid-range consumer machine.There are no BIOS settings relating to IMEI or AMT.I have disabled the item in Device Manager.From what I can understand of the technical literature it is to allow remoteaccess over a LAN for IT admin / repair purposes even when the system ispowered down.I understand very little about it, but could it be used over the internet toallow an OEM to fix a customers machine?
IMEI is one component of Intel's VPRO remote access technology. I'm a bitsurprised that it's unexpectedly showing up in what I presume is aconsumer computer; it's an extra-cost item (last time I talked to ouraccount team we were told that they paid Intel $25 for each system shippedwith the feature). Unless you plan to put the box in a remote locationwhere it can't be accessed if (when) it gets hung it's probably not thatmuch use to you.You don't say what make and model of computer is involved. Look at theBIOS setup options; assuming that you don't want it you might be able todisable the feature there (and thus get rid of the yellow bang in DeviceManager). The computer is a Dell Inspiron Desktop 580.It has the Intel Core i3 processor 540 and a H57 chipset.Sold in Europe as a mid-range consumer machine.There are no BIOS settings relating to IMEI or AMT.I have disabled the item in Device Manager.From what I can understand of the technical literature it is to allow remoteaccess over a LAN for IT admin / repair purposes even when the system ispowered down.I understand very little about it, but could it be used over the internet toallow an OEM to fix a customers machine? According to the chipset datasheet (322169), only the Q57 has AMT 6.0.The H57, H55, P55 don't.But yet, the data sheet, doesn't distinguish SKUs when it comes tothe registers and the like.
Intel Management Engine Interface is a software program developed by Intel. During setup, the program creates a startup registration point in Windows in order to automatically start when any user boots the PC. The primary executable is named heciudlg.exe. This device cannot start. (Code 10) STATUSDEVICEPOWERFAILURE. Have installed latest intel driver for this on my Dell 8700 and it is still flagged as non-operational in device manager.
So unlike previous chips with AMT, it's unclearwhether this one, places a firm boundary on having AMT or not.The 322170 document, shows the VID and PID of the two IME engine blocks.Again, there is no documentation to state why there are two. Previouschipsets might have had one (with only the Q series chip having thatone enabled). In a quick comparison of the registers for them, theylook identical. So I can't figure out from the register description,why there are two.IMEI #1 8086:3B64IMEI #2 8086:3B65It's not even clear to me, why you'd make them visible in the host space,because they're supposed to have control over the host.
In other words,if your host had a virus, you had AMT, the Management Engine should beable to reset the machine. You wouldn't want a virus to interact with adriver pointed at 3B64 and 3B65, if it could prevent AMT from working.So I don't see the purpose of having a driver.
Maybe it's just forobservability or something?I only have one slide set, from an IDF presentation, that does a decentjob of describing the capabilities. And that slide set is a few yearsold now (and no longer available from the Intel site).An OEM would not need it to fix a consumer machine. There are otherways to do that (as long as the OS is running).So even if the IMEIs was disabled in Device Manager, or no driver was loaded,that doesn't convince me the hardware isn't still 'armed'. The solutionis dependent on the firmware (stored in BIOS chip), and if the AMTfirmware block is missing or neutered, that would certainly preventa lot of stuff from happening. Perhaps reusing a BIOS intended forQ57, is why this is happening? But if that was the case, you'd alsoexpect to see some kind of BIOS control to disable it. Or a jumperor something.
I checked the strap list in the datasheet, and I don'tsee something intended to disable IMEI. I did see a reference tocryptography, so it may not be possible to attack the computer,without knowing the key needed to facilitate communications.When I first read of AMT, I knew there'd be a day like this, wherethe user would lose control.While there are some details here, this info isn't up to date. Withyour hardware, there is no evidence that pulling memory DIMMs outof channel 0, makes any difference at all to the Management Engine.(I checked the Core i3 datasheet.)Paul. According to the chipset datasheet (322169), only the Q57 has AMT 6.0.The H57, H55, P55 don't.But yet, the data sheet, doesn't distinguish SKUs when it comes tothe registers and the like. So unlike previous chips with AMT, it'sunclear whether this one, places a firm boundary on having AMT or not.The 322170 document, shows the VID and PID of the two IME engine blocks.Again, there is no documentation to state why there are two.
Previouschipsets might have had one (with only the Q series chip having thatone enabled). In a quick comparison of the registers for them, theylook identical. So I can't figure out from the register description,why there are two.IMEI #1 8086:3B64IMEI #2 8086:3B65It's not even clear to me, why you'd make them visible in the host space,because they're supposed to have control over the host. In other words,if your host had a virus, you had AMT, the Management Engine should beable to reset the machine. You wouldn't want a virus to interact with adriver pointed at 3B64 and 3B65, if it could prevent AMT from working.So I don't see the purpose of having a driver. Maybe it's just forobservability or something?I only have one slide set, from an IDF presentation, that does a decentjob of describing the capabilities. And that slide set is a few yearsold now (and no longer available from the Intel site).An OEM would not need it to fix a consumer machine.
There are otherways to do that (as long as the OS is running).So even if the IMEIs was disabled in Device Manager, or no driver wasloaded, that doesn't convince me the hardware isn't still 'armed'. Thesolution is dependent on the firmware (stored in BIOS chip), and if theAMT firmware block is missing or neutered, that would certainly preventa lot of stuff from happening. Perhaps reusing a BIOS intended forQ57, is why this is happening? But if that was the case, you'd alsoexpect to see some kind of BIOS control to disable it.
Or a jumperor something. I checked the strap list in the datasheet, and I don'tsee something intended to disable IMEI. I did see a reference tocryptography, so it may not be possible to attack the computer,without knowing the key needed to facilitate communications. Yes, I see only liability here. The document you provided mentions'PKI' or Public Key Infrastructure, so there is some notion ofprotecting communications with it. And the thing is, the hardwareassets the microcontroller needs, have to be connected to makeit work, so if some off-brand networking chip was used, perhapsit wouldn't work.It would really help, if we could tell exactly what firmware wasloaded for the IMEI. If the only thing loaded, is some fan controlfirmware, that might not be so bad.
But if the whole standard Intelpackage was loaded, I think we deserve to know that.Even if we knew what IP port it used, we could say 'well, ifyou're using a firewall, block port X', that would be worth somesmall peace of mind. Of course, the firewall would have to beat your home router, because on the computer itself, the IMEI hasaccess to the Inteo Pro/1000 network chip directly.I prefer to see the results of a Black Hat conference on the topic.To see if that interface has ever been abused. With VT-X fromIntel, it was 'Blue Pill'.' The Blue Pill rootkit for x86-based computers was based on thisconcept: it presents the illusion of a computer that has not beentampered with but uses virtualization to monitor and control thesystem in a nearly undetectable fashion.' I'm just concerned, that buying a non Qxx series chipset, has now resultedin a new set of exposures. Intel does try hard, to not open new holes,but every time you add features like this, it extended the reach ofmalware authors.
Even SMM, a relatively old feature, offers avirtually invisible way for malware to control a computer. SMMis invisible, except if you use a stopwatch and notice chunks oftime disappearing in the OS.Stuff like this generally doesn't happen, because of the numberof variables presented to malware authors. It might be of more interestin a focused attack, where someone knows you have a Dell 580 and theycook up something specially for it.Paul. Yes, I see only liability here. The document you provided mentions'PKI' or Public Key Infrastructure, so there is some notion ofprotecting communications with it. And the thing is, the hardwareassets the microcontroller needs, have to be connected to makeit work, so if some off-brand networking chip was used, perhapsit wouldn't work.It would really help, if we could tell exactly what firmware wasloaded for the IMEI. If the only thing loaded, is some fan controlfirmware, that might not be so bad.
But if the whole standard Intelpackage was loaded, I think we deserve to know that.Even if we knew what IP port it used, we could say 'well, ifyou're using a firewall, block port X', that would be worth somesmall peace of mind. Of course, the firewall would have to beat your home router, because on the computer itself, the IMEI hasaccess to the Inteo Pro/1000 network chip directly.I prefer to see the results of a Black Hat conference on the topic.To see if that interface has ever been abused. With VT-X fromIntel, it was 'Blue Pill'.'
![Intel(r Intel(r](/uploads/1/2/4/1/124105217/291099692.png)
The Blue Pill rootkit for x86-based computers was based on thisconcept: it presents the illusion of a computer that has not beentampered with but uses virtualization to monitor and control thesystem in a nearly undetectable fashion.' I'm just concerned, that buying a non Qxx series chipset, has now resultedin a new set of exposures. Intel does try hard, to not open new holes,but every time you add features like this, it extended the reach ofmalware authors.
Even SMM, a relatively old feature, offers avirtually invisible way for malware to control a computer. SMMis invisible, except if you use a stopwatch and notice chunks oftime disappearing in the OS.Stuff like this generally doesn't happen, because of the numberof variables presented to malware authors. It might be of more interestin a focused attack, where someone knows you have a Dell 580 and theycook up something specially for it. Reply to OPI am using a Z77X based motherboard, Intel i5 3750 CPU, and Windows 7 Home Premium.