You are not logged in.
Pages: 1
Hi,
I know that the new "Device Security" panel in Gnome settings is mostly useless. However, my curiosity is piqued by the fact that the Intel Management Engine Version seemingly cannot be read, leading to a level 0 rating.
Does accessing the Intel ME version require a specific package ? Or is the UEFI firmware (MSI) not reporting it properly? (the up to date version is properly shown in the firmware). I cannot find any info regarding this anywhere.
Thanks !
Last edited by Cvlc (2022-11-22 09:58:47)
Offline
Do you have fwupd installed? My Intel Management Engine Version shows Valid.
Offline
Yes I do have fwupd, the device security panel doesn't work without it.
I have green ticks everywhere except for Intel ME
Offline
Hi,
I'm looking at the users and groups article, is there any chance that specific permissions are needed for the intel ME version to be read ?
Offline
# ls -la /dev/ | grep -i mei<49,17,III,I> Fama di loro il mondo esser non lassa;
<50,17,III,I> misericordia e giustizia li sdegna:
<51,17,III,I> non ragioniam di lor, ma guarda e passa.
Offline
ls -la /dev/ | grep -i mei
crw------- 1 root root 511, 0 22 nov. 09:37 mei0So can the Gnome security panel read from that ?
I was reading https://fwupd.github.io/libfwupdplugin/ … ei.Version and apparently not valid means affected by CVEs, not necessarily that it's not read properly. But the ME version is fairly recent so I'm surprised that would be the case.
[edit]
$ sudo fwupdtool security
...
✘ CSME v0:15.0.2.1377: Invalid
...So definitely not an issue with permissions
Last edited by Cvlc (2022-11-22 09:38:42)
Offline
Solved, not a bug;
The Intel® Converged Security and Management Engine Version Detection Tool shows the system as vulnerable despite being the latest update from MSI. Need to hope for a new release from them.
So the device security panel isn't so useless after all, it can help learn about # fwupdtool security which I didn't know about. Apparently it's going away in Gnome 44
Thanks !
Offline
Pages: 1