TLDR; Find a copy of the Intel CSME Linux updater binary FWUpdLcl and use that to apply the firmware .bin update extracted from your Windows IME Driver installer.
IME is a mixed bag and should be disabled (as much as feasible) if you’re not using it or updated if you’re planning on using it. Modern tools like meshcentral make it pretty easy to leverage the enormously useful features (remote power control, KVM, IDE-R to mount boot drives…etc), so I’m going the update route for now.
Updating Intel Management Engine on Linux
- Identify your current ME major version
- I begrudgingly installed MEAnalyzer with a bunch of python dependencies
- I should have just looked in the Vendor (HP) IME firmware update package to find it
- Intel provides the CSME Version Detection Tool for this – it’s a bit more straighforward (safer?) than installing MEAnalyzer on a server
- Obtain the CSME Tools for your IME version/chipset
- Only matching CSME tools major version will be able to work on your chipset (CSME v11 -> IME v11.xx.xx)
- Sometimes your vendor makes them available, otherwise, get them here: CSME v11: WinRAID Forums | Mega
- Extract the LINUX updater executable (`LINUX64\FWUpdLcl`) and copy it to your working directory
- Obtain the .bin firmware you want to update to
- Download the windows version of Intel Management Engine Drive update package for your specific chipset (often HP provides Windows update packages but not Linux ones)
- HP ProDesk 600 G2 v2205.15.0.2623 Rev.A: https://ftp.hp.com/pub/softpaq/sp139501-140000/sp139884.exe
- Extract the binary (
ME_11.8_Corporate_D0_H_Production.bin) firmware for you chipset to your working directory (/tmp/CSMEv11)
>> Note: (7zip works good for extracing from .exe or .zips)
>> Note: some packages may include C and H versions – designating Compact or Halo (I think?) – MEAnalyzer can help you figure that out – most business machines will be H
- Download the windows version of Intel Management Engine Drive update package for your specific chipset (often HP provides Windows update packages but not Linux ones)
- Prepare for updating
- Check you have the right version for your chipset – it will error if you don’t
root@srv-test:~/CSMEv11#./FWUpdLcl -FWVER - Save a backup of your current IME firmware
root@srv-test:~/CSMEv11#./FWUpdLcl -SAVE ./currentfw_2023_09_27.bin - Confirm you’ve identified your current version properly
root@srv-test:~/CSMEv11# ./FWUpdLcl -FWVER ./currentfw_2023_11_27.bin
Intel (R) Firmware Update Utility Version: 11.8.92.4222
Copyright (C) 2007 - 2022, Intel Corporation. All rights reserved.
FW Version: 11.0.0.1205
- Check you have the right version for your chipset – it will error if you don’t
- Update your firmware
- Double check your current and target versions
root@srv-test:~/CSMEv11# ./FWUpdLcl -FWVER
Intel (R) Firmware Update Utility Version: 11.8.92.4222
Copyright (C) 2007 - 2022, Intel Corporation. All rights reserved.
FW Version: 11.0.0.1205
root@srv-test:~/CSMEv11# ./FWUpdLcl -FWVER ./ME_11.8_Corporate_D0_H_Production.bin
Intel (R) Firmware Update Utility Version: 11.8.92.4222
Copyright (C) 2007 - 2022, Intel Corporation. All rights reserved.
FW Version: 11.8.92.4222 - Execute the update
root@srv-test:~/CSMEv11# ./FWUpdLcl -ALLOWSV -F ./ME_11.8_Corporate_D0_H_Production.bin
Intel (R) Firmware Update Utility Version: 11.8.92.4222 Copyright (C) 2007 - 2022, Intel Corporation. All rights reserved.
Communication Mode: MEI Checking firmware parameters... Warning: Do not exit the process or power off the machine before the firmware update process ends.
Sending the update image to FW for verification: [ COMPLETE ]
FW Update: [ 100% (|)] Do not Interrupt
FW Update is completed successfully.
- Double check your current and target versions
- Reboot your machine, and check that running version of IME