Pondering IME Recovery State Issues: intel detection tool

Pondering IME Recovery State Issues

OK, then. First let me explain that IME is short for Intel Management Engine. This firmware component is present on all modern PCs with Intel CPUs since 2008. It operates while the OS is active, and IME also runs during boot-up. In fact, IME is accessible even when a PC is shut down or sleeping, as long as power is available. I’m pondering IME recovery state issues for one reason. My 2012-vintage Lenovo X220 Tablet hangs at every restart to report that “ME is in a recovery state.” I must enter a keystroke before boot-up continues.

I’m learning that IME has deep access on any Windows PC where it resides. For more details, check out the Wikipedia article Intel Management Engine.

Why I’m Pondering IME Recovery State Issues

Fixing this issue on my old Lenovo touchscreen PC is proving nearly impossible. Check out this Win-RAID forum thread on ME Cleaner (a management engine cleanup tool). Hopefully, you’ll get a sense of what contortions removing IME entail. Long story short: some real BIOS hacking, with no guarantee of success, is required to disable (or remove) IME at the BIOS level. Sheesh!

The lead-in graphic for this story comes from Intel’s Converged Security and Management Engine Version Detection Tool (CSMEVDT). For the X220 Tablet, it shows that the system is no longer supported (no surprise there, considering its age). No new releases planned, either…

Increasing Horror Results When Pondering IME

In fact, the more I learn about the Intel Management Engine, the more disturbed I become. The Wikipedia article (cited above) does a good job of hitting the high points. What I learned from direct experience on my X220 Tablet is also scary. It goes so far as to speculate that state-level threat actors have been actively seeking out IME exploits for over a decade.

But alas, even after disabling IME in BIOS, the Recovery State error continues. At least the related driver error for “Serial Over LAN” (SOL) access no longer appears in Device Manager.

For the moment, I’m against making BIOS hacks. I’m pretty sure that the absence the SOL driver means IME can no longer access the network. But gosh, this is a scary set of security vulnerabilities to contemplate. Indeed, the rest of my Intel-based systems have IME “working properly.” That’s where my real concerns begin. I’ll have to make sure to patch them all, pronto!


Leave a Reply

Your email address will not be published. Required fields are marked *