You are not logged in.

#1 2022-11-10 17:26:48

Cvlc
Member
Registered: 2020-03-26
Posts: 295

[SOLVED] Gnome device security - Intel ME

Hi,

I know that the new "Device Security" panel in Gnome settings is mostly useless. However, my curiosity is piqued by the fact that the Intel Management Engine Version seemingly cannot be read, leading to a level 0 rating.

Does accessing the Intel ME version require a specific package ? Or is the UEFI firmware (MSI) not reporting it properly? (the up to date version is properly shown in the firmware). I cannot find any info regarding this anywhere.

Thanks !

Last edited by Cvlc (2022-11-22 09:58:47)

Offline

#2 2022-11-11 16:57:44

yochananmarqos
Member
Registered: 2020-02-05
Posts: 222

Re: [SOLVED] Gnome device security - Intel ME

Do you have fwupd installed? My Intel Management Engine Version shows Valid.

Offline

#3 2022-11-12 22:29:10

Cvlc
Member
Registered: 2020-03-26
Posts: 295

Re: [SOLVED] Gnome device security - Intel ME

Yes I do have fwupd, the device security panel doesn't work without it.

I have green ticks everywhere except for Intel ME

Offline

#4 2022-11-22 09:14:59

Cvlc
Member
Registered: 2020-03-26
Posts: 295

Re: [SOLVED] Gnome device security - Intel ME

Hi,

I'm looking at the users and groups article, is there any chance that specific permissions are needed for the intel ME version to be read ?

Offline

#5 2022-11-22 09:22:42

d.ALT
Member
Registered: 2019-05-10
Posts: 959

Re: [SOLVED] Gnome device security - Intel ME


<49,17,III,I>    Fama di loro il mondo esser non lassa;
<50,17,III,I>    misericordia e giustizia li sdegna:
<51,17,III,I>    non ragioniam di lor, ma guarda e passa.

Offline

#6 2022-11-22 09:32:37

Cvlc
Member
Registered: 2020-03-26
Posts: 295

Re: [SOLVED] Gnome device security - Intel ME

ls -la /dev/ | grep -i mei
crw-------   1 root   root   511,     0 22 nov.  09:37 mei0

So can the Gnome security panel read from that ?

I was reading https://fwupd.github.io/libfwupdplugin/ … ei.Version and apparently not valid means affected by CVEs, not necessarily that it's not read properly. But the ME version is fairly recent so I'm surprised that would be the case.

[edit]

$ sudo fwupdtool security
...
✘ CSME v0:15.0.2.1377:           Invalid
...

So definitely not an issue with permissions

Last edited by Cvlc (2022-11-22 09:38:42)

Offline

#7 2022-11-22 10:03:43

Cvlc
Member
Registered: 2020-03-26
Posts: 295

Re: [SOLVED] Gnome device security - Intel ME

Solved, not a bug;

The Intel® Converged Security and Management Engine Version Detection Tool shows the system as vulnerable despite being the latest update from MSI. Need to hope for a new release from them.

So the device security panel isn't so useless after all, it can help learn about # fwupdtool security which I didn't know about. Apparently it's going away in Gnome 44

Thanks !

Offline

Board footer

Powered by FluxBB