Closed gourdcaptain closed 7 years ago
thatsamguy
commented
7 years ago Exact same error for me too.
Mageia 6 64bit (cauldron)
Kernel 4.9.27
Intel E3-1230v2
Asrock H77 Pro4/MVP Motherboard (7 Series/C216 Chipset Family MEI Controller)
lsmod | grep mei
mei_me 36864 0
mei 102400 1 mei_me
mjg59
commented
7 years ago Do you have any firmware options related to AMT? If so, what are they set to?
gourdcaptain
commented
7 years ago Couldn't reboot the one I initially tried it on, but tried it on a Lenovo Yoga 700 11-inch (Intel Core m5-6754), got the same error, and there are no AMT-based firmware settings at all in the firmware. Looking at both CPU's data sheets, while the motherboard on the X99 system has an MEI controller show up in lspci, both CPUs lack vPro? So it might have to do with that. (X99 is a weird beast, as it's got so many Xeon motherboard components it's literally incapable of using due to induced restrictions like ECC memory controllers that my kernel log will never shut up about during boot. I don't think there are any X99-compatible CPUs with vPro.)
mjg59
commented
7 years ago Ok, I'm /inclined/ to believe that this indicates that the system doesn't implement AMT at all, but I'll try to do some more research.
liara
commented
7 years ago Same here, I believe the machine doen't have amt. strace output, if it helps:
execve("./mei-amt-check", ["./mei-amt-check"], [/* 17 vars */]) = 0
brk(NULL) = 0x5581feb43000
access("/etc/ld.so.preload", R_OK) = 0
open("/etc/ld.so.preload", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
close(3) = 0
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=201650, ...}) = 0
mmap(NULL, 201650, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fcc95980000
close(3) = 0
open("/usr/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\6\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1977568, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcc9597e000
mmap(NULL, 3815728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fcc953ec000
mprotect(0x7fcc95587000, 2093056, PROT_NONE) = 0
mmap(0x7fcc95786000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19a000) = 0x7fcc95786000
mmap(0x7fcc9578c000, 14640, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fcc9578c000
close(3) = 0
arch_prctl(ARCH_SET_FS, 0x7fcc9597f480) = 0
mprotect(0x7fcc95786000, 16384, PROT_READ) = 0
mprotect(0x5581fe06e000, 4096, PROT_READ) = 0
mprotect(0x7fcc959b2000, 4096, PROT_READ) = 0
munmap(0x7fcc95980000, 201650) = 0
open("/dev/mei0", O_RDWR) = 3
ioctl(3, IOCTL_MEI_CONNECT_CLIENT, 0x7ffc4fbfe9e0) = -1 ENOTTY (Inappropriate ioctl for device)
write(2, "Error: IOCTL_MEI_CONNECT_CLIENT "..., 56Error: IOCTL_MEI_CONNECT_CLIENT receive message. err=-1
) = 56
close(3) = 0
exit_group(1) = ?
pabl0
commented
7 years ago Same with Intel NUC i5-4250U. The hardware does not support vPro, can it be detected with some clearer error message?
Hello71
commented
7 years ago $ sudo ./mei-amt-check
Error: IOCTL_MEI_CONNECT_CLIENT receive message. err=-1
$ dmesg | grep -i mei
[ 2.889975] mei_me 0000:00:16.0: enabling device (0000 -> 0002)I'm using a laptop, I don't think it supports vPro or whatever.
joeyh
commented
7 years ago My Yoga 11 fails the same, and has in dmesg:
[351075.298521] mei_me 0000:00:16.0: hbm: properties response: wrong status = 1 CLIENT_NOT_FOUND [351075.298522] mei_me 0000:00:16.0: mei_irq_read_handler ret = -71. [351075.298545] mei_me 0000:00:16.0: unexpected reset: dev_state = INIT_CLIENTS fw status = 1E000245 60002106 00000200 00004400 00000000 40000010
rst
commented
7 years ago Here's a search for processors with vPro (I think!): https://ark.intel.com/Search/FeatureFilter?productType=processors&VProTechnology=true
For what it's worth, my laptop's processor (Core i7-4510U) is not on the list, and I get the "IOCTL_MEI_CONNECT_CLIENT" error.
bowaggoner
commented
7 years ago I get this error on a Core i7-2600k and Arch Linux kernel 4.10.13. Motherboard is a GA-Z68X-UD4-B3, I don't see any BIOS options related to AMT.
5im-0n
commented
7 years ago same message on intel i7-6700 with vPro support: https://ark.intel.com/products/88196/Intel-Core-i7-6700-Processor-8M-Cache-up-to-4_00-GHz
root@home:/home/test/mei-amt-check# ./mei-amt-check
Error: IOCTL_MEI_CONNECT_CLIENT receive message. err=-1
root@home:/home/test/mei-amt-check# lsmod |grep mei
mei_me 36864 0
mei 98304 1 mei_me
root@home:/home/test/mei-amt-check# dmesg |grep mei_me
[ 6.508366] mei_me 0000:00:16.0: enabling device (0000 -> 0002)
root@home:/home/test/mei-amt-check# cat /var/log/syslog |grep mei_me
root@home:/home/test/mei-amt-check# ls -la /dev/mei0
crw------- 1 root root 243, 0 May 10 11:00 /dev/mei0
root@home:/home/test/mei-amt-check# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 8
On-line CPU(s) list: 0-7
Thread(s) per core: 2
Core(s) per socket: 4
Socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 94
Model name: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
Stepping: 3
CPU MHz: 800.195
CPU max MHz: 4000.0000
CPU min MHz: 800.0000
BogoMIPS: 6815.85
Virtualization: VT-x
L1d cache: 32K
L1i cache: 32K
L2 cache: 256K
L3 cache: 8192K
NUMA node0 CPU(s): 0-7
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
root@home:/home/test/mei-amt-check# 
phoe
commented
7 years ago Same here. These are my specs:
root@phoebox:/tmp/mei-amt-check# ./mei-amt-check
Error: IOCTL_MEI_CONNECT_CLIENT receive message. err=-1
root@phoebox:/tmp/mei-amt-check# lsmod | grep mei
mei_me 32768 0
mei 94208 1 mei_me
root@phoebox:/tmp/mei-amt-check# dmesg | grep mei_me
[ 7815.107050] Modules linked in: nls_utf8 hfsplus pci_stub vboxpci(OE) vboxnetadp(OE) vboxnetflt(OE) vboxdrv(OE) tun bbswitch(OE) cpufreq_conservative cpufreq_powersave cpufreq_userspace cpufreq_stats bnep binfmt_misc uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_core videodev media btusb btrtl btbcm btintel bluetooth wl(POE) fuse intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp snd_hda_codec_idt snd_hda_codec_generic snd_hda_codec_hdmi kvm_intel iTCO_wdt iTCO_vendor_support snd_hda_intel kvm snd_hda_codec cfg80211 snd_hda_core snd_hwdep snd_pcm_oss snd_mixer_oss snd_pcm irqbypass snd_timer crct10dif_pclmul crc32_pclmul snd ghash_clmulni_intel ideapad_laptop ie31200_edac soundcore sparse_keymap mei_me joydev serio_raw ac sg rfkill battery mei edac_core lpc_ich mfd_core
root@phoebox:/tmp/mei-amt-check# lscpu
Architektura: x86_64
Tryb(y) pracy CPU: 32-bit, 64-bit
Kolejność bajtów: Little Endian
CPU: 4
Lista aktywnych CPU: 0-3
Wątków na rdzeń: 2
Rdzeni na gniazdo: 2
Gniazd: 1
Węzłów NUMA: 1
ID producenta: GenuineIntel
Rodzina CPU: 6
Model: 60
Nazwa modelu: Intel(R) Core(TM) i3-4100M CPU @ 2.50GHz
Wersja: 3
CPU MHz: 2500.000
CPU max MHz: 2500,0000
CPU min MHz: 800,0000
BogoMIPS: 4988.96
Wirtualizacja: VT-x
Cache L1d: 32K
Cache L1i: 32K
Cache L2: 256K
Cache L3: 3072K
Procesory węzła NUMA 0:0-3
Flagi: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm epb tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid xsaveopt dtherm arat pln pts
root@phoebox:/tmp/mei-amt-check# I don't think it's helpful at this point to post more system configurations. Error messages might be useful if you get something different from what's already posted.
mjg59
commented
7 years ago I've updated the output to be less confusing. Note that having a CPU with vpro support isn't sufficient for AMT - your motherboard vendor has to include AMT in the ME firmware. Please reopen this issue if you get a "Management Engine refused connection. This probably means you don't have AMT" message and you can verify that the system does have AMT.
stemid
commented
7 years ago I think this issue is about more than just clarity in the error because people are continuing to have this error on computers claimed vulnerable by the manufacturer.
Thought I'd just add some lspci info for my own.
00:00.0 Host bridge: Intel Corporation Skylake Host Bridge/DRAM Registers (rev 08)
00:02.0 VGA compatible controller: Intel Corporation HD Graphics 520 (rev 07)
00:14.0 USB controller: Intel Corporation Sunrise Point-LP USB 3.0 xHCI Controller (rev 21)
00:14.2 Signal processing controller: Intel Corporation Sunrise Point-LP Thermal subsystem (rev 21)
00:16.0 Communication controller: Intel Corporation Sunrise Point-LP CSME HECI #1 (rev 21)
00:17.0 SATA controller: Intel Corporation Sunrise Point-LP SATA Controller [AHCI mode] (rev 21)
00:1c.0 PCI bridge: Intel Corporation Device 9d10 (rev f1)
00:1c.2 PCI bridge: Intel Corporation Device 9d12 (rev f1)
00:1f.0 ISA bridge: Intel Corporation Sunrise Point-LP LPC Controller (rev 21)
00:1f.2 Memory controller: Intel Corporation Sunrise Point-LP PMC (rev 21)
00:1f.3 Audio device: Intel Corporation Sunrise Point-LP HD Audio (rev 21)
00:1f.4 SMBus: Intel Corporation Sunrise Point-LP SMBus (rev 21)
00:1f.6 Ethernet controller: Intel Corporation Ethernet Connection I219-V (rev 21)
02:00.0 Unassigned class [ff00]: Realtek Semiconductor Co., Ltd. RTS522A PCI Express Card Reader (rev 01)
04:00.0 Network controller: Intel Corporation Wireless 8260 (rev 3a) Manufacturer: LENOVO
Product Name: 20F600A4MS
Version: ThinkPad X260
Version: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHzI get ENOTTY when trying to ioctl on /dev/mei0.
EvanCarroll
commented
6 years ago I can verify the system has AMT, using the Intel tool I get,
INTEL-SA-00075-Discovery-Tool -- Release 0.8
Copyright (C) 2003-2012, 2017 Intel Corporation. All rights reserved
------------------Firmware Information--------------------
Intel(R) AMT: ENABLED
Flash: 8.1.30
Netstack: 8.1.30
AMTApps: 8.1.30
AMT: 8.1.30
Sku: 90112
VendorID: 8086
Build Number: 1350
Recovery Version: 8.1.30
Recovery Build Num: 1350
Legacy Mode: False
-----------------SKU Information-----------------
Intel(R) Small Business Technology
Corporate SKU
Intel(R) Anti-Theft Technology (Intel(R) AT)
-------------------------------------------------
Error: IOCTL_MEI_CONNECT_CLIENT receive message. err=-1
------------------Vulnerability Status--------------------
Based on the version of the Intel(R) MEI, the System is Vulnerable.
If Vulnerable, contact your OEM for support and remediation of this system.
For more information, refer to CVE-2017-5689 at:
https://nvd.nist.gov/vuln/detail/CVE-2017-5689 or the Intel security advisory
Intel-SA-00075 at:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
----------------------------------------------------------
Attempting the test on my system results in a "Error: IOCTL_MEI_CONNECT_CLIENT receive message. err=-1" instead of any results. I am using Arch Linux 64-bit, with kernel 4.10.13 (stock version from the Arch repositories), an Intel Core i7 6800k CPU, and an Asus X99-M WS motherboard. I have made sure the mei_me module is loaded prior to running the program with sudo. No kernel log messages show up in relation to this issue.