Intel Converged Security and Manageability Engine - ISpillMyDrink/UEFI-Repair-Guide GitHub Wiki

The Intel Management Engine (ME), also Converged Security and Manageability Engine (CSME), or Trusted Execution Environment (TXE) is a subsystem of all Intel chipsets since roughly 2006.

It's an embedded microcontroller with its own CPU and RAM inside of the PCH, it runs its own firmware, which is contained in the ME Region of any Intel image, and it runs its own microkernel operating system. The ME is initialized before the main processor is released from reset and the BIOS is executed. Therefore it's important that the ME initializes properly as otherwise the system may fail to POST.

The ME was created to tackle problems in the realm of IT administration and its main function is to serve as the backbone of Intel's Active Management Technology, Intel Boot Guard, and many others.

For typical problems that can arise due to a corrupt ME Region, refer to 3. Management Engine Firmware.

Bootguard

One of the Management Engine's functions is to act as a trust anchor for the firmware, verifying the UEFI image before its execution on Bootguard enabled platforms (available since Haswell).

On power-up of a modern Bootguard-enabled Intel system, the ME co-processor boots up from its on-die boot ROM, reads hard- and softstraps, and copies the flash partition table of the ME region into its on-die SRAM. It then continues to check that the hash of the key stored in the partition manifest matches the one in its on-die ROM and validates the signature of the rest of the partition manifest. What follows is the ME "booting up" the X86 followed by the X86 locating the Firmware Interface Table (FIT), fetching and executing applicable microcode updates from the firmware. The X86 then locates the Startup Authenticated Code Module (ACM) in the FIT and executes it using Cache-as-RAM, followed by the X86 requesting and the ME serving the OEM Public Key (PK) hash and Bootguard Profile. The CPU continues to locate and read the BootGuard Key Manifest in the FIT and checks whether it matches the OEM PK. If it does not match, an appropriate action is taken according to the Bootguard Configuration. If it does match, the X86 locates and validates the Bootguard Policy in the FIT. If the verification fails, again appropriate action is taken according to the Bootguard Configuration. If validation succeeds, the ACM then uses the Bootguard Policy structure to read and verify the Initial Boot Block (IBB, roughly covers SEC and PEI phase), at which point the classic boot process begins and the Reset Vector (covered by the SEC) is executed. Verification of the DXE phase is to be implemented by the OEM as a PEI module.

Bootguard configuration is written to the PCH's field-programmable fuses at the end of manufacturing.

UEFITool can be used to determine which sections of the firmware are covered by which Bootguard mechanisms.

  • Red sections are fully covered by an IBB entry (validated before execution of the Reset Vector).
  • Cyan sections are fully covered by vendor's chain-of-trust code entries (validated by the PEI phase).
  • Yellow sections are partially or fully covered by either IBB or vendor's entries.
  • White sections are not covered by any Bootguard mechanism known to UEFITool.

Bootguard Configuration

  • No_FVME Bootguard Disabled
  • VE Verified Boot, Shutdown Timeout
  • VME Verified Boot + Measured Boot, Shutdown Timeout
  • VM Verified Boot + Measured Boot, Not Enforced
  • FVE Verified Boot, Immediate Shutdown
  • FVME Verified Boot + Measured Boot, Immediate Shutdown

Platform Trust Technology (PTT)

Intel Platform Trust Technology (PTT) refers to Management Engine backed fTPM. If enabled the ME will present a TPM device to the host.

PTT can be permanently disabled by writing to the PCH's field-programmable fuses at the end of manufacturing.

Power States

The Management Engine has its own power states, similar to the power states as laid out in the ACPI specification. Whether these power states are available on any given platform is dependent on the system architecture.

M-Off

Management Engine subsystem is completely shutdown, no power is applied.

M3

Management Engine is fully powered but the host is not in S0 power state. The Management Engine PCI-E interface is not available. Main memory is not available to the Management Engine.

M1

Management Engine is fully powered but the host is not in S0 power state. The Management Engine PCI-E interface is not available.

M0

Management Engine subsystem is powered on and host is in S0 power state.