Mailinglist Archive: opensuse (794 mails)

< Previous Next >
Re: [opensuse] Installing IME firmware updates in openSuSE
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512



On Tue, 2017-11-28 at 15:19 +0000, Paul Groves wrote:
On 28/11/17 15:08, Christopher Myers wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I ran Intel's IME firmware bug detection tool on my Lenovo T570
today,
and it said that my laptop is vulnerable and to contact my vendor.
So I
went to Lenovo's website and found patches...for Windows only. I'm
going to bet that Lenovo won't release Linux patches, or bootable
CDs
with firmware patches, etc.

Out of curiosity, how are others addressing things like this? Do I
really have to swap out my hard drive with a Windows version to
install
the patch, and then revert back to my nice safe Linux home
afterwards?
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE7GM/Dul8WSWn72odQ1nEo4DFCIUFAlode84ACgkQQ1nEo4DF
CIUyAgf/eN/8zHeQVUqtrDgovckKz0QR9elBfgQKkLK/pVzeTpC9GKtKGzj7uNN+
RxTVc3Rdj0WzcoU7VfgvxAXj14B5TOpG/zEwdtPd5m1HtcvRPxOHYFQllGzKJgPx
p5zF0gQ8TElLnskkO94AQDU0OAL/usgwqWtvPvu0nzS3EVr9NnezIdflxtsYLIDD
Hhf+AwL6X1DfkEO7WsWFP5jEZU9KatfHgT9UP5msPU76Hk17b/ZSNX0GrO1vHNdk
BPU+BJYNYlo5KvvSkk9pHz+t65H9l7iFNdh0rRjGxepmjDATdGKOWQOHbq+EQag4
991GWaYrrDG7rXq+JTglL6fkqg/LBQ==
=N7ib
-----END PGP SIGNATURE-----
N�����r��y隊Z)z{.�ﮞ˛���m�)z{.��+�:�{Zr�az�'z��j)h���Ǿ� ޮ�^�ˬ
z�


I remember doing one on an old Intel Q35 chipset board.

Check in the BIOS which IME you have and download the patch from
Intel.
Sometimes they have linux support and sometimes DOS support so you
can
use a bootable USB. Make sure you don't try to install the wrong
firmware because if you do, you're gonna have a bad time!


I found this interesting.

https://www.theinquirer.net/inquirer/news/3019569/purism-disables-int
els-management-engine-on-linux-powered-laptops



I do like the idea of being able to run a laptop that doesn't have the
backdoor enabled, but unfortunately work won't let us go that route
(we've standardized on specific models.)


In this case, Intel's not releasing firmware directly unfortunately :/


https://www.intel.com/content/www/us/en/support/articles/000025619/soft
ware.html
Why can’t Intel provide the necessary update for my system?

Intel is unable to provide a generic update due to management engine
firmware customizations performed by system and motherboard
manufacturers.
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE7GM/Dul8WSWn72odQ1nEo4DFCIUFAlodg3AACgkQQ1nEo4DF
CIWB4AgAlA56raruR6Hk7K2odNS3yUPbBAUy36tx8QJyJYf+r9sPm5bZvcSyw2No
FuylT6dR3uG9xQeugClHDL+zOGRHBLWo07W+CbbjzJ59Xg/cH4z9PAEPYgx7R77Y
2v2coGDvOJ71tdUqC+UehhroeHWh9feOGI599vmUT+yyrGqORGO6m4GB5Zn5Z1ag
aNHsxYbnyhDxOHRpvztCx24bF0bYJvF+fwerbGxQT3+Kd42fGb2/8EMZhOWBSIlH
XMr798/r2RvV2A69n7ioZRsaKOmbSkgd4Cmr0XRXYgYe3qSmWO6nj5dvhVS3cE0E
48p4RlKBhm+EWOmsbhVvj1zIljdtcQ==
=qMJZ
-----END PGP SIGNATURE-----
< Previous Next >