{"id":4321,"date":"2017-11-22T18:19:02","date_gmt":"2017-11-22T08:19:02","guid":{"rendered":"https:\/\/www.flamingspork.com\/blog\/?p=4321"},"modified":"2017-11-29T08:56:38","modified_gmt":"2017-11-28T22:56:38","slug":"updating-windows-management-engine-firmware-on-a-lenovo-without-a-windows-install","status":"publish","type":"post","link":"https:\/\/www.flamingspork.com\/blog\/2017\/11\/22\/updating-windows-management-engine-firmware-on-a-lenovo-without-a-windows-install\/","title":{"rendered":"Updating Intel Management Engine firmware on a Lenovo without a Windows Install"},"content":{"rendered":"<p>This is how I updated my Intel ME firmware on my Lenovo X1 Carbon Gen 4 (reports say this also has worked for Gen5 machines). These instructions are pretty strongly inspired by <a href=\"https:\/\/news.ycombinator.com\/item?id=15744152\">https:\/\/news.ycombinator.com\/item?id=15744152<\/a><\/p>\n<p>Why?\u00c2\u00a0<a href=\"https:\/\/security-center.intel.com\/advisory.aspx?intelid=INTEL-SA-00086&amp;languageid=en-fr\">Intel security advisory<\/a>\u00c2\u00a0and\u00c2\u00a0CVE-2017-5705, CVE-2017-5708, CVE-2017-5711, and CVE-2017-5712 should be reason enough.<\/p>\n<p>You will need:<\/p>\n<ul>\n<li>To download about 3.5GB of stuff<\/li>\n<li>A USB key<\/li>\n<li>Linux installed<\/li>\n<li>WINE or a Windows box to run two executables (because self extracting archives are a thing on Windows apparently)<\/li>\n<li>A bit of technical know-how. A shell prompt shouldn&#8217;t scare you too hard.<\/li>\n<\/ul>\n<p>Steps:<\/p>\n<ol>\n<li>Go to <a href=\"https:\/\/www.microsoft.com\/en-au\/software-download\/windows10ISO\">https:\/\/www.microsoft.com\/en-au\/software-download\/windows10ISO <\/a>and download the <strong>32-bit<\/strong> ISO.<\/li>\n<li>Mount the ISO as a loopback device (e.g. by right clicking and choosing to mount, or by doing &#8216;sudo mount -o loop,ro file.iso \/mnt&#8217;<\/li>\n<li>Go to Lenovo web site for Drivers &amp; Software for your laptop, under Chipset, there&#8217;s ME Firmware and Software downloads You will need both. It looks like this:<br \/>\n<a href=\"https:\/\/i0.wp.com\/www.flamingspork.com\/blog\/wp-content\/uploads\/2017\/11\/Screenshot-from-2017-11-22-19-00-33.png?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"4322\" data-permalink=\"https:\/\/www.flamingspork.com\/blog\/2017\/11\/22\/updating-windows-management-engine-firmware-on-a-lenovo-without-a-windows-install\/screenshot-from-2017-11-22-19-00-33\/\" data-orig-file=\"https:\/\/i0.wp.com\/www.flamingspork.com\/blog\/wp-content\/uploads\/2017\/11\/Screenshot-from-2017-11-22-19-00-33.png?fit=1286%2C229&amp;ssl=1\" data-orig-size=\"1286,229\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Screenshot from 2017-11-22 19-00-33\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/www.flamingspork.com\/blog\/wp-content\/uploads\/2017\/11\/Screenshot-from-2017-11-22-19-00-33.png?fit=584%2C104&amp;ssl=1\" class=\"alignnone size-medium wp-image-4322\" src=\"https:\/\/i0.wp.com\/www.flamingspork.com\/blog\/wp-content\/uploads\/2017\/11\/Screenshot-from-2017-11-22-19-00-33.png?resize=300%2C53&#038;ssl=1\" alt=\"\" width=\"300\" height=\"53\" srcset=\"https:\/\/i0.wp.com\/www.flamingspork.com\/blog\/wp-content\/uploads\/2017\/11\/Screenshot-from-2017-11-22-19-00-33.png?resize=300%2C53&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.flamingspork.com\/blog\/wp-content\/uploads\/2017\/11\/Screenshot-from-2017-11-22-19-00-33.png?resize=768%2C137&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.flamingspork.com\/blog\/wp-content\/uploads\/2017\/11\/Screenshot-from-2017-11-22-19-00-33.png?resize=1024%2C182&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.flamingspork.com\/blog\/wp-content\/uploads\/2017\/11\/Screenshot-from-2017-11-22-19-00-33.png?resize=500%2C89&amp;ssl=1 500w, https:\/\/i0.wp.com\/www.flamingspork.com\/blog\/wp-content\/uploads\/2017\/11\/Screenshot-from-2017-11-22-19-00-33.png?w=1286&amp;ssl=1 1286w, https:\/\/i0.wp.com\/www.flamingspork.com\/blog\/wp-content\/uploads\/2017\/11\/Screenshot-from-2017-11-22-19-00-33.png?w=1168&amp;ssl=1 1168w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/li>\n<li>Run both exe files with WINE or on a windows box to extract the archives, you do <strong>not<\/strong> need to run the installers at the end.<\/li>\n<li>you now need to extract the management engine drivers. You can do this in\u00c2\u00a0 ~\/.wine\/drive_c\/DRIVERS\/WIN\/AMT, with &#8220;cabextract SetupME.exe&#8221; or (as suggested in the comments) you can use the innoextract utility (from linux) to extract them (a quick check shows this to work)<\/li>\n<li>Save off HECI_REL folder, it&#8217;s the only extracted thing you&#8217;ll need.<\/li>\n<li>Go and install <a href=\"https:\/\/wimlib.net\/\">https:\/\/wimlib.net\/<\/a> &#8211; we&#8217;re going to use it to create the boot disk. (it may be packaged for your distro).<br \/>\nIf you don&#8217;t have the path <tt>\/usr\/lib\/syslinux\/modules\/bios<\/tt> on your system but you <b>do<\/b> have <tt>\/usr\/share\/syslinux\/modules\/bios<\/tt> &#8211; you will need to change a bit of the file <tt>programs\/mkwinpeimg.in<\/tt> to point to the <tt>\/usr\/share<\/tt> locations rather than <tt>\/usr\/lib<\/tt> before you install wimlib. This probably isn&#8217;t needed if you&#8217;re installing from packages, but may be requried if you&#8217;re on, say, Fedora.<\/li>\n<li>Copy ~\/.wine\/drive_c\/DRIVERS to a new folder, e.g. &#8220;winpe_overlay&#8221; (or copy from the Windows box you extracted things on)<\/li>\n<li>Use mkwinpeimg to create the boot disk, pointing it to the mounted Windows 10 installer and the &#8220;winpe_overlay&#8221;:\n<pre>mkwinpeimg -W \/path\/to\/mounted\/windows10-32bit-installer\/ -O winpe_overlay disk.img<\/pre>\n<\/li>\n<li>Use &#8216;dd&#8217; to write it to your USB key<\/li>\n<li>Reboot, go into BIOS and turn Secure Boot <strong>OFF<\/strong>, Legacy BIOS <strong>ON, <\/strong>and AMT <strong>ON.<\/strong><\/li>\n<li>Boot off the USB disk you created.<\/li>\n<li>In the command prompt of the booted WinPE environment, run the following to start the update:\n<pre id=\"magicdomid6\" class=\"ace-line\"><span class=\"author-269632906 font-color-000000 font-size-medium\">cd \\<\/span>\r\n<span class=\"author-269632906 font-color-000000 font-size-medium\">cd HECI_REL\\win10<\/span><br class=\"author-269632906\" \/><span class=\"author-269632906 font-color-000000 font-size-medium\">drvload heci.inf<\/span><br class=\"author-269632906\" \/><span class=\"author-269632906 font-color-000000 font-size-medium\">cd \\<\/span><br class=\"author-269632906\" \/><span class=\"author-269632906 font-color-000000 font-size-medium\">cd win\\me<\/span><br class=\"author-269632906\" \/><span class=\"author-269632906 font-color-000000 font-size-medium\">MEUpdate.cmd<\/span><\/pre>\n<p>It should look something like this:<\/p>\n<p><a href=\"https:\/\/i0.wp.com\/www.flamingspork.com\/blog\/wp-content\/uploads\/2017\/11\/winpe-intel-me.jpg?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"4323\" data-permalink=\"https:\/\/www.flamingspork.com\/blog\/2017\/11\/22\/updating-windows-management-engine-firmware-on-a-lenovo-without-a-windows-install\/winpe-intel-me\/\" data-orig-file=\"https:\/\/i0.wp.com\/www.flamingspork.com\/blog\/wp-content\/uploads\/2017\/11\/winpe-intel-me.jpg?fit=1024%2C348&amp;ssl=1\" data-orig-size=\"1024,348\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;2&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;Pixel&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;1511375904&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;4.67&quot;,&quot;iso&quot;:&quot;333&quot;,&quot;shutter_speed&quot;:&quot;0.016667&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;1&quot;}\" data-image-title=\"winpe-intel-me\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/www.flamingspork.com\/blog\/wp-content\/uploads\/2017\/11\/winpe-intel-me.jpg?fit=584%2C198&amp;ssl=1\" class=\"alignnone size-large wp-image-4323\" src=\"https:\/\/i0.wp.com\/www.flamingspork.com\/blog\/wp-content\/uploads\/2017\/11\/winpe-intel-me.jpg?resize=584%2C198&#038;ssl=1\" alt=\"\" width=\"584\" height=\"198\" srcset=\"https:\/\/i0.wp.com\/www.flamingspork.com\/blog\/wp-content\/uploads\/2017\/11\/winpe-intel-me.jpg?w=1024&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.flamingspork.com\/blog\/wp-content\/uploads\/2017\/11\/winpe-intel-me.jpg?resize=300%2C102&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.flamingspork.com\/blog\/wp-content\/uploads\/2017\/11\/winpe-intel-me.jpg?resize=768%2C261&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.flamingspork.com\/blog\/wp-content\/uploads\/2017\/11\/winpe-intel-me.jpg?resize=500%2C170&amp;ssl=1 500w\" sizes=\"auto, (max-width: 584px) 100vw, 584px\" \/><\/a><\/li>\n<li>Reboot, go back into BIOS and change your settings back to how you started.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>This is how I updated my Intel ME firmware on my Lenovo X1 Carbon Gen 4 (reports say this also has worked for Gen5 machines). These instructions are pretty strongly inspired by https:\/\/news.ycombinator.com\/item?id=15744152 Why?\u00c2\u00a0Intel security advisory\u00c2\u00a0and\u00c2\u00a0CVE-2017-5705, CVE-2017-5708, CVE-2017-5711, and CVE-2017-5712 &hellip; <a href=\"https:\/\/www.flamingspork.com\/blog\/2017\/11\/22\/updating-windows-management-engine-firmware-on-a-lenovo-without-a-windows-install\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[1],"tags":[721,586,74,141,348,65],"class_list":["post-4321","post","type-post","status-publish","format-standard","hentry","category-general","tag-bios","tag-firmware","tag-lenovo","tag-linux","tag-update","tag-windows"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p5a6n8-17H","jetpack-related-posts":[{"id":4508,"url":"https:\/\/www.flamingspork.com\/blog\/2019\/12\/10\/looking-at-the-state-of-blackbird-firmware\/","url_meta":{"origin":4321,"position":0},"title":"Looking at the state of Blackbird firmware","author":"Stewart Smith","date":"2019-12-10","format":false,"excerpt":"Having been somewhat involved in OpenPOWER firmware, I have a bunch of experience and opinions on maintaining firmware trees for products, what working with upstream looks like and all that. So, with my new Blackbird system I decided to take a bit of a look as to what the firmware\u2026","rel":"","context":"In &quot;code&quot;","block_context":{"text":"code","link":"https:\/\/www.flamingspork.com\/blog\/category\/code\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":4440,"url":"https:\/\/www.flamingspork.com\/blog\/2019\/01\/23\/cve-2019-6260-gaining-control-of-bmc-from-the-host-processor\/","url_meta":{"origin":4321,"position":1},"title":"CVE-2019-6260: Gaining control of BMC from the host processor","author":"Stewart Smith","date":"2019-01-23","format":false,"excerpt":"This is details for CVE-2019-6260 - which has been nicknamed \"pantsdown\" due to the nature of feeling that we feel that we've \"caught chunks of the industry with their...\" and combined with the fact that naming things is hard, so if you pick a bad name somebody would have to\u2026","rel":"","context":"In &quot;General&quot;","block_context":{"text":"General","link":"https:\/\/www.flamingspork.com\/blog\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":4419,"url":"https:\/\/www.flamingspork.com\/blog\/2018\/11\/19\/tracing-flash-reads-and-writes-during-boot\/","url_meta":{"origin":4321,"position":2},"title":"Tracing flash reads (and writes) during boot","author":"Stewart Smith","date":"2018-11-19","format":false,"excerpt":"On OpenPOWER POWER9 systems, we typically talk to the flash chips that hold firmware for the host (i.e. the POWER9) processor through a daemon running on the BMC (aka service processor) rather than directly. We have host firmware map \"windows\" on the LPC bus to parts of the flash chip.\u2026","rel":"","context":"In &quot;code&quot;","block_context":{"text":"code","link":"https:\/\/www.flamingspork.com\/blog\/category\/code\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.flamingspork.com\/blog\/wp-content\/uploads\/2018\/11\/4096bytewindowtrace.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.flamingspork.com\/blog\/wp-content\/uploads\/2018\/11\/4096bytewindowtrace.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.flamingspork.com\/blog\/wp-content\/uploads\/2018\/11\/4096bytewindowtrace.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.flamingspork.com\/blog\/wp-content\/uploads\/2018\/11\/4096bytewindowtrace.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":4345,"url":"https:\/\/www.flamingspork.com\/blog\/2017\/12\/11\/a-simplified-view-of-openpower-firmware-development\/","url_meta":{"origin":4321,"position":3},"title":"A (simplified) view of OpenPOWER Firmware Development","author":"Stewart Smith","date":"2017-12-11","format":false,"excerpt":"I've been working on trying to better document the whole flow of code that goes into a build of firmware for an OpenPOWER machine. This is partially to help those not familiar with it get a better grasp of the sheer scale of what goes into that 32\/64MB of flash.\u2026","rel":"","context":"In &quot;code&quot;","block_context":{"text":"code","link":"https:\/\/www.flamingspork.com\/blog\/category\/code\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.flamingspork.com\/blog\/wp-content\/uploads\/2017\/12\/devflow-legend.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.flamingspork.com\/blog\/wp-content\/uploads\/2017\/12\/devflow-legend.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.flamingspork.com\/blog\/wp-content\/uploads\/2017\/12\/devflow-legend.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.flamingspork.com\/blog\/wp-content\/uploads\/2017\/12\/devflow-legend.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":4028,"url":"https:\/\/www.flamingspork.com\/blog\/2016\/02\/08\/my-linux-conf-au-2016-talk-adventures-in-openpower-firmware-is-up\/","url_meta":{"origin":4321,"position":4},"title":"My linux.conf.au 2016 talk &#8220;Adventures in OpenPower Firmware&#8221; is up!","author":"Stewart Smith","date":"2016-02-08","format":false,"excerpt":"Thanks to the absolutely amazing efforts of the LCA video team, they've already (only a few days after I gave it) got the video from my linux.conf.au 2016 talk up! Abstract In mid 2014, IBM released the first POWER8 based systems with the new Free and Open Source OPAL firmware.\u2026","rel":"","context":"In &quot;General&quot;","block_context":{"text":"General","link":"https:\/\/www.flamingspork.com\/blog\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3775,"url":"https:\/\/www.flamingspork.com\/blog\/2014\/07\/17\/openpower-firmware-up-on-github\/","url_meta":{"origin":4321,"position":5},"title":"OpenPower firmware up on github!","author":"Stewart Smith","date":"2014-07-17","format":false,"excerpt":"With the whole OpenPower thing, a lot of low level firmware is being open sourced, which is really exciting for the platform - the less proprietary code sitting in memory the better in my books. If you go to https:\/\/github.com\/open-power you'll see code for a bunch of the low level\u2026","rel":"","context":"In &quot;code&quot;","block_context":{"text":"code","link":"https:\/\/www.flamingspork.com\/blog\/category\/code\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/posts\/4321","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/comments?post=4321"}],"version-history":[{"count":6,"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/posts\/4321\/revisions"}],"predecessor-version":[{"id":4336,"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/posts\/4321\/revisions\/4336"}],"wp:attachment":[{"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/media?parent=4321"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/categories?post=4321"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/tags?post=4321"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}