intel_sa00086 firmware vulnerability

Discussion in 'UDOO X86' started by bpr, Nov 22, 2017.

  1. bpr

    bpr New Member

    Joined:
    Nov 11, 2013
    Messages:
    10
    Likes Received:
    7
    Just learned of this newly discovered threat vector, ran Intel's test and found both x86 and x86Ultra firmware "may be vulnerable." Intel advises that "the Intel MEI/TXEI driver is available from your system manufacturer." Anyone looking into this. See https://downloadcenter.intel.com/download/27150
    Thanks
    Edit two weeks later:
    Hard to believe in this day and time that UDOO doesn't even bother to respond to this!?
     
    Last edited: Dec 6, 2017
    LDighera and tuxun like this.
  2. tuxun

    tuxun Member

    Joined:
    Dec 20, 2013
    Messages:
    67
    Likes Received:
    12
    thanks for info!
     
  3. LDighera

    LDighera UDOOer

    Joined:
    Jan 13, 2014
    Messages:
    206
    Likes Received:
    36
    My Results:

    Risk Assessment
    Based on the analysis performed by this tool: This system is not vulnerable.
    For more information refer to the INTEL-SA-00086 Detection Tool Guide or the Intel Security Advisory Intel-SA-00086 at the following link: https://www.intel.com/sa-00086-support
    INTEL-SA-00086 Detection Tool
    Application Version: 1.0.0.135
    Scan date: 11/28/2017 05:11:21
    Host Computer Information
    Name: UDOOX86
    Manufacturer: SECO
    Model: UDOO x86
    Processor Name: Intel(R) Celeron(R) CPU N3160 @ 1.60GHz
    OS Version: Microsoft Windows 10 Pro
    Intel(R) ME Information
    Engine: Intel(R) Management Engine
    Version: 2.0.4.3098
    SVN: 1​
     
    Laura likes this.
  4. bpr

    bpr New Member

    Joined:
    Nov 11, 2013
    Messages:
    10
    Likes Received:
    7
    Can someone at UDOO comment? I've stopped using my UDOO boards til we get a fix.
     
  5. waltervl

    waltervl UDOOer

    Joined:
    Dec 12, 2015
    Messages:
    2,314
    Likes Received:
    580
    From the Intel site:
    Consumer PCs with consumer firmware and data center servers using Intel® Server Platform Services are not affected by this vulnerability.
    Udoo X86 is a Consumer PC with consumer firmware.

    Udooer LDighera ran the diagnostic tool to check:
    Risk Assessment
    Based on the analysis performed by this tool: This system is not vulnerable.

    So what is your problem? There is no need for a fix.
     
  6. bpr

    bpr New Member

    Joined:
    Nov 11, 2013
    Messages:
    10
    Likes Received:
    7
    Screenshot_2017-12-06_16-51-35.png
    and
    Screenshot_2017-12-06_17-03-02.png
    The message says to please install the Intel(R) MEI/TXEI driver (available from your system manufacturer).
     
  7. waltervl

    waltervl UDOOer

    Joined:
    Dec 12, 2015
    Messages:
    2,314
    Likes Received:
    580
    That is strange, I am traveling at the moment so not close to my Udoo X86 to verify.
    Are you on the latest bios/uefi?
    Did you install the latest intel drivers?
    On what OS are you on?
     
  8. ccs_hello

    ccs_hello UDOOer

    Joined:
    Apr 15, 2017
    Messages:
    536
    Likes Received:
    194
    For "ATOM architecture" based CPU/SoC, on Intel SA-00086 DFx vulnerabilities,
    only TXE 3.0 based engine has issues. SA-00086 stems from SoC designs.
    TXE 3 starts from Apollo Lake, UDOO x86's N3160/N3700 are still in Braswell step which use
    TXE 2.0/TXE 2.1 engine.

    P.S. Silvermont uses TXE 1, Airmont uses TXE 2, and Goldmont uses TXE3
     
  9. bpr

    bpr New Member

    Joined:
    Nov 11, 2013
    Messages:
    10
    Likes Received:
    7
    @ccs_hello Thanks for that, but Intel at https://www.intel.com/content/www/us/en/support/articles/000025619/software.html#FAQ says
    "
    Q: My system is reported as may be Vulnerable by the Intel-SA-00086 Detection Tool. What do I do?
    A:
    A status of may be Vulnerable is usually seen when either of the following drivers aren't installed:

    • Intel® Management Engine Interface (Intel® MEI) driver
    or
    • Intel® Trusted Execution Engine Interface (Intel® TXEI) driver
    Contact your system or motherboard manufacturer to obtain the correct drivers for your system.
    "
    So this is why I have been concerned and wishing an official response from UDOO/SECO
     
  10. goldio

    goldio New Member

    Joined:
    Apr 14, 2017
    Messages:
    10
    Likes Received:
    1
    In any case we need a statement from Udoo, when we can expect a patch.
     
  11. waltervl

    waltervl UDOOer

    Joined:
    Dec 12, 2015
    Messages:
    2,314
    Likes Received:
    580
    I just checked myself on my system with Ubuntu 16.04 and Bios/Uefi version 1.03: Not Vulnerable!

    So please update to Bios/UEFI V1.03 if you not yet did this! It could also be related to Debian and its (lack of??) drivers for the system as Ubuntu 16.04 and Windows 10 don't show this vulnerability.

    So the patch seems to be: Use Ubuntu, Windows (and perhaps other OS's) and update to Bios/UEFI 1.03. So if you want to ask someone ask the developers of Debian why they do not install the Intel® Management Engine Interface (Intel® MEI) driver or Intel® Trusted Execution Engine Interface (Intel® TXEI) driver for this system.

    Code:
    Application Version: 1.0.0.146
    Scan date: 2017-12-12 18:00:53 GMT
    
    *** Host Computer Information ***
    Name: UDOO-x86
    Manufacturer: SECO
    Model: UDOO x86
    Processor Name: Intel(R) Celeron(R) CPU  N3160  @ 1.60GHz
    OS Version: Ubuntu 16.04 xenial (4.10.0-35-generic)
    
    *** Intel(R) ME Information ***
    Engine: Intel(R) Management Engine
    Version: 2.0.4.3098
    SVN: 0
    
    *** Risk Assessment ***
    Based on the analysis performed by this tool: This system is not vulnerable.
    
    For more information refer to the INTEL-SA-00086 Detection Tool Guide or the
      Intel Security Advisory Intel-SA-00086 at the following link:
      https://www.intel.com/sa-00086-support
     
  12. ccs_hello

    ccs_hello UDOOer

    Joined:
    Apr 15, 2017
    Messages:
    536
    Likes Received:
    194
    That detection software has a goofy error message such as:

    *** Risk Assessment ***
    Detection Error: This system may be vulnerable, please install the Intel(R) MEI/TXEI driver (available from your system manufacturer).


    It means the detection activity had failed (thus "detection error".)
    The reason for that is: it needs the ME/TXE driver to be installed first, before it can conduct the test.

    Since it is unsure if the system is vulnerable or not, it just indicated "may" be vulnerable.

    The next step is what's stated in the error message: install ME/TXE driver first then retest.
     
    Markus Laire likes this.

Share This Page