What is the Heci and LMS – this is the rolling question week after week. Reseting the ME password. Intel VT-d and how is Intel AMT enabled? Here are the most popular Forum threads and blogs during the last few weeks. Top 15 Forum Threads HP DC7700 (2007) Intel Management Engine Password Reset (2007) AMT Error Message “[UNS] Failed to subscribe to local Intel(R) AMT” (2008) how to install AMT SOL/LMS and HECI drivers silently (2008) lms service cannot connect to heci driver (2009) “Me is in recovery state” (2008) Intel AMT status is disabled (2007) Need to Enable or Disable AMT on your system? (2008) problem with HECI and network connection? (2008) intel management engine interface device cannot start code 10 on HP 8200 elite (2011) Intel Active Management Technology Status: Disable (2008) AMT is disabled (2009) Enabling AMT on system (2008) AMT status error message (2007) Intel motherboard monitoring (voltage/fan/temperature/CI status) programming documentation (2009) Forum posts can be great for finding answers to your questions, but it is even better if the question has been blogged. Here are Top Blogs that our developers have been reading: Top 20 Blogs (pretty much the same list as from last month with a couple of exceptions.) Let us talk about HECI and LMS (2007) Understanding VT-d: Intel Virtualization Technology for Directed I/O (2009) Intel AMT software: LMS, HECI, MEI… why do I need those? Part 10 in the series (2009) I forgot my “ME” Password! (2008) All about System Power States (S0-S5) (2007) Tips & Tricks for Setting up & Accessing an Intel AMT Client (2008) Step by Step Guide on How to Enable VT-d and Perform Direct Device Assignment (2009) Intel Management and Security Status (IMSS), advanced configurations. Part 9 (2009) To VT-d or Not to VT-d? A guide on whether to Utilize Direct Device Attach in your Virtualized System? (2010) UNS “Failed to subscribe to local Intel AMT” Error Messages and how to fix them (Intel AMT SW, 7th part) (2009) Instructions to disable the Intel AMT privacy notification popup (2007) Meshcentral.com – New Mobile Application (New in Jan 2012!) How about a Security Layer? (2011) Dual Boot Windows Vista and Windows Server 2008 (2008) More configurations (disabling) of the Intel AMT icon. Part 4 in the Intel AMT software series (2008) And the Lenovo T400 said: “Beep.Beep-Beep-Beep.Beep-Beep-Beep.Beep! (2009) Wake On LAN and the Magic Packet (2007) Sharing Virtual Disks Among VMs using VMware* ESX Server (2009) The Keys to Intel vPro Technology: HECI-MEI-LMS-SOL-UNS (2011) Intel® AMT User Notification Service (2009)
Posts Tagged ‘Security’
01.2012: Intel(r) AMT Developer’s Most Wanted
Posted in Software Tools 
Tags: amt, amt disable, Guide, heci driver, intel management engine, lenovo beep, Management, open source, Security, security-status, Sharing, technology, utilize-direct, virtual, Windows 
Comments OffAES-NI in Laymen’s Terms
What is AES-NI – first answer AES-NI are a set of six new instructions introduced by Intel when we introduced the new 2010 Intel® Core™ processor family code named Westmere. AES-NI stands for Advanced Encryption Standard – New Instructions. These instructions implement hardware accelerated versions of certain compute intensive steps used in the AES (RijnDael) algorithm. Okay – so what is the Advanced Encryption Standard (AES)? AES is a standard that defines how to encrypt plain text using an encryption key. It is implemented with the RijnDael (pronounced Rhine Dahl) algorithm. One cool thing about AES is that even though this algorithm is completely open for examination, it is possible to encrypt a plain text message with it that is very, very difficult to break. This is possible because the algorithm takes the plain text message you want to encyrpt, and merges it in a certain way with a secret key. As long as the key is kept private, the encrypted message has proven to be safe from being broken, at least to this point in time. So the algorithm is completley known, but as long as the key is protected, messages encoded with it are virtually safe from eves dropping. So who cares? So what kind of software developers might use AES? and who might benefit from the new AES-NI? There may be more than you think at first: developers who write code that that use secure socket layer (SSL), database engines, whole disk encryption applications, files compression applications, VoIP, instant messaging, email, virtualization software, electronic payment systems, virtual private networks, and list goes on. To learn more about who might use AES see this wiki article on AES instruction set or this article on AES-NI analysis on Tom’s Hardware . So how does AES (Rijndael) work? To understand how the AES (Rijndael) algorithm works I highly recommend that you look at Jeff Moser’s “A Stick Figure Guide to the Advanced Encryption Standard (AES) – A play in 4 acts” . This creative, stick figure, cartoon approach is the best method I have seen for communicating how AES works – five stars Mr. Moser! My stick figure image below is an icon tribute to the excellent efforts of Mr. Moser in laying bare the essense of AES. Thanks Mr. Moser! What is AES-NI – second answer Now consider that the six AES-NI from Intel provide two instructions to accelerate encrypting a round, two instructions for decryping a round, and two more instructions to accelerate the generation of round keys. In summary, the six new instructions provide a faster way to crunch through the Rijndael algorithm (AES). Curious to know more? Read more about it in my friend, Jeff Rott’s, blog. Jeff wrote an excellent blog on Intel® Advanced Encryption Standard Instructions (AES-NI) , in which he introduces the six instructions, describes the benefits, and introduces ways to actually implement these in your code (plus references). So how can you implement AES-NI in your code? As long as you are using one of the following compilers (or later) you can get direct access to the instructions: AES-NI are supported by version 11 of the Intel C/C++ compiler, and also by Microsoft* Visual Studio* 2008 Service Pack 1 and by gcc version 4.4. You can implement it the hard way using MASM or inline assembly. Or you can make it easier on yourself and use compiler intrinsics (just be sure to include wmmintrin.h or intrin.h). See Martyn Corden’s Post here on Compiling with AES-NI . Another approach is to use a library such as OpenSSL or Intel’s IPP to implement AES-NI – Jeff has references 
If you really want to dig in and see the reference and code snippets read Intel’s Shay Gueron’s in-depth whitepaper called “Intel® Advanced Encryption Standard (AES) Instructions Set”. See Shay’s abstract and whitepaper link here . Finally – if you want a complete understanding of AES, much more than you will find in a Wiki article or blog, then check out the following book. ” The Design of Rijndae l” is the definitive book on the subject, written by the Rijndael creators.
Posted in Software Tools Tags: aes, cryptography, intel, Microsoft, reference, rijndael, Security, standard Comments OffJeff’s Notebook: Intel® vPro™ Developer Community – A resource for developing PC manageability & security software
Well, 2012 is here and with the New Year, you’ll be seeing some new topic areas for my blogs. This year, I’m going to be exploring the additional areas of PC manageability and security software. This is an area that continues to gain attention by IT managers and software developers that are trying to address the needs of efficiently managing PC’s, addressing malware/viruses and the security of data on PC’s. Intel has been addressing these concerns for some years with its Intel vPro technology that has been built into various Intel processor-based desktops and laptops. So, if you are a software developer of IT manageability and security software and you want to learn more about vPro technology and how to enable your software to take advantage of it, recently a new community has been launched to provide you with the information that you may want. This is the Intel vPro Developer Community . Check out this new community and discover more about Intel vPro technology.
Posted in Software Tools Tags: Additional, amt, developer-community, gain-attention, intel, intel amt, intel sw partner program, intel vpro, manageability, new-community, Security, take-advantage Comments OffTaking a look at Intel Anti Theft & Identity Protection Technologies
I wanted to start a new blog introducing myself in a new role at Intel. As part of my new role I will be explaining Intel’s Security, Manageability, and Virtualization features to a broad base of ISV’s through our scale enabling team and associated platform communities. In my new role, I have been learning about many of Intel’s security technologies and am excited about bringing these technologies to light in my blogs, and Intel Software Network TV. To see why I am excited, and a little daunted with my new tasks, take a look at a couple of clips of Mooly Eden at Intel’s recent Intel Developer Conference. These technologies are amazing ,…but there is so much ground that they span! The first clip showcases Intel’s Anti Theft technologies (starting at 31:10 mark and ending at 34:57). Here Mooly invited McAfee co president, Todd Gebhart, to the stage to discuss McAfee’s Anti Theft which allows a user to lock their laptop or even wipe their data by issuing a poison pill in the event that their laptop is stolen. Then Mooly introduced a new technology called Intel Identity Protection Technology (IPT) . To showcase this technology, Mooly had a hacker, garbed in a ninja costume, attempt to use a key logger and frame grabbing software to attempt to hack, demo presenter, Mark’s bank transaction. In this amazing clip, the hacker successfully grabs the username and password to Mark’s bank account, using a nefarious keylogger. BUT – the hacker cannot capture or generate a third authentication token which has been set up between Mark & his bank. The hacker is thwarted from any mischievous activity by IPT. Using this IPT technology, a random layout pin pad is generated and displayed to Mark, which allows Mark to send an additional credential to the bank in order to authenticate the transaction. Mark’s bank account is safe! See this part of the clip at 35:08 to 38:44 . If you want to learn even more, see Intel’s Ned Smith’s IPT foils at 2011 Kerberos conference. I plan to be interviewing experts from various corners of Intel to help describe these technologies in more detail. We will also be working to bring API’s to light with Software Developer Guides, tech briefs, and whitepapers, videos and more. I also hope to keep one eye on new developments in the security space in the rest of industry to help articulate security, virtualization and manageability trends that I see developing.
Posted in Software Tools Tags: api, Bank, Data, guides, hacker, intel, intel-developer, intel-identity, laptop, mobility, mooly, network, Security, technology Comments OffCommunication error between application and Intel® ME module (FW Update Client)
Have you experienced this error message, or one like it? Then this blog is for you because you could be experiencing an issue with your MEI Driver. This write-up contains information on how to go about determining if your vPro software is dishing out error messages due to not having a valid MEI Driver installed. Note: All OEM reference information in this document is subject to change without notice. Please contact OEMs regarding any requests for reference information updates. First let us cover what are the key Intel Technologies that utilize the MEI Driver: Intel® Active Management Technology (AMT) Intel® Anti-Theft (AT) Technology Symptoms of an invalid or Missing Driver: For Intel® AMT, the MEI driver is needed for the following functionality: Discovery (The SCS Discovery tool, for example, runs on the local client) Host Based Provisioning (Intel AMT makes local calls to the Manageability Engine (ME) and thus the driver needs to be present) Agent Presence Feature (local calls to the ME are required to set up Watchdog timers) 3PDS Storage feature (local client usage only) – MEI driver is not used when making the remote API calls. For Intel® AT, the MEI driver is needed for the following functionality: Enrollment Rendezvous with the Server Unenrollment To sum it up, the MEI driver is needed whenever the Manageability Engine is accessed from software running on the local client. The first symptom you would run into is an error message of sorts - it may resemble the following: Error 9450: Communication error between application and Intel® ME module (FW Update Client) Error 9459: Internal error (Could not determine FW features information) Unable to initialize CLS: Error (259): Cannot locate device interface info for HECI: No more data is available. Error: Error state returned when testing Intel® AT. Please verify Intel® Management Engine Interface driver is installed and system supports Intel® AT capability. Getting to the root of the issue: First, you should make sure that the Manageability Engine is enabled in the BIOS – if it is not, then enable it. If you are experiencing errors with Intel® AT, also make sure Intel® AT is enabled in the BIOS. The same goes for Intel® AMT – make sure the ME and Intel AMT are both enabled in the BIOS. Be aware that the OEMs have differing ways to enable features in their BIOS’s and you will experience variances here. If your problem was simply not enabling the ME / Intel AT/ Intel AMT then you may need to go download some tools. Here are my recommendations: (1 Star) If you are running Intel® Anti-Theft, download the Anti-Theft Status tool . This tool reports whether or not the system is capable of running Intel® Anti-theft and whether or not there is a valid MEI driver. It does NOT output the version of the MEI driver, if installed. This tool is really only useful if you want to know if there is a valid MEI driver on the system and if the system supports Intel® Anti-Theft. (4 Stars) If you want to do an actual “Discovery” of the system, you want to go download the SCS Discovery Tool . This tool is often pushed down to systems by Manageability Consoles in order to do a system “Scan.” It reports the following: MEI Driver/version, LMS and UNS versions, ME enabled, a host of information needed for implementing Intel AMT, Intel Anti-Theft status, network configurations and more. It can write everything to the system’s registry or to an XML output file. (4 Stars) The Intel Manageability and Security Status tool is also handy to have installed. It normally comes bundled with the Intel AMT drivers from the various OEM websites (note that the Intel AMT drivers are the same for Intel Anti-theft .) Although this tool is great to have, it is not necessary. (3 Stars) Another thing (actually, the first thing) to look at is the Device Manager, if the system is running a Windows OS. No need to download, it is already on your system. The above tools offer a variety of ways to find out information about your system and the MEI driver status. Get them all and play with them. I would say that for just the question of whether or not the system has a valid MEI driver, all you need is your Device Manager. If you need or want to know more, like for determining the status of Intel AT or Intel AMT in finer detail you should use the SCS Discovery tool. Let’s look at the tools individually and see what they have to offer. I have included screen shots here of the information you can get from each of the tools. While there is definitely a lot of overlap, you can see that they all give you the basic information that you need. Intel Anti-Theft Status Tool – note that this tool does not give you deeper information about how Intel AT is configured on your system – if Intel AT is configured on your system then it had a valid MEI driver at one point. The output below shows what the tool tells us if there is not an MEI driver installed as well as what it displays when there is a valid MEI Driver. SCS Discovery Tool -output is either written to the registers, or to an XML file. Below is a very small snippet showing basic information that is important for Intel AMT and Intel AT support. Intel Management and Security Status Tool – you can quickly find out if Intel AMT and/or Intel AT is enabled in the Bios, what are the versions of the FW and of the associated components. Go to “Programs–> Intel–> IMSS” Windows Device Manager – Invalid MEI Driver – look under System Devices. If it is present, find out if it is valid or not by looking at the properties. If it shows that there is a driver, but the major version number doesn’t match the major version number of the FW or it actually has no files associated with it, it is an invalid or a dummy* driver. *Microsoft was pushing out a dummy driver in order to get rid of the yellow bang that would be present when a valid MEI driver was not installed for whatever reason. The good news is that for both 2010 and 2011 platforms Microsoft is now pushing out a valid MEI driver. While this is better than the dummy driver, we recommend to always go out to the OEM site to get up-to-date MEI drivers for your vPro platform. Windows Device Manager – Valid MEI Driver. Look for the version number and it should have the same major version number as the FW version. You have used the tools and now you know that you need a valid driver. Where do you get the MEI driver package if it is not installed on your system? As stated above, it is always best to get the right driver package from your OEM’s support site. There are multiple technologies that depend on the Intel ME, and OEM’s will often have a single MEI driver package that covers multiple technologies. Typically a package also covers multiple models. Each OEM has their own page structure and their own way of finding the driver package. Lenovo: Default support: http://support.lenovo.com/en_US/downloads/default.page? Three mechanisms for finding the appropriate driver package, Quick Path allows for putting in just model (E420, T420, for example), and is probably the most straightforward to use. The MEI bundle is under the Advanced System Management category, normally this category also contains a readme describing which systems the bundle applies to. A typical package name is Intel Management Engine Interface. HP: Default support: http://h20000.www2.hp.com/bizsupport/TechSupport/ProductRoot.jsp The “Search Products” field is on right side of page, the model (Elitebook 8560w, Envy 14 Beats, ProBook 6560b) is sufficient to find the appropriate package. It is necessary to select “Drivers and Software”, and then the OS type before picking a driver package. HP puts MEI package in the “Driver – Chipset” category. A typical package name is Intel Management Engine Components Driver. Dell: Default support page: http://support.dell.com/support/ A pop-up dialog box will come up with options, “Choose a Model” is straightforward. It’s necessary to select “Product Family” (example: Laptop), then “Product Line” (example: Precision Laptop), then “Product Model” (example: M6600), then confirm your selection. On Dell’s site, the MEI driver package is located under the “Chipset” category, a common name is Intel AMT HECI or AMT 7 Management Interface driver. Specific Driver Packages (2010 Platforms; Intel AT 2.0/Intel AMT 6.0) Lenovo: MEI Driver package http://support.lenovo.com/en_US/downloads/detail.page?LegacyDocID=MIGR-74374 Applies to: T410, T410i, T410s, T410si, T510, T510i, W510, W701, W701ds, X201 , X201i, X201s, X201, Tablet HP: MEI driver package http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=321957&prodSeriesId=4096175&swItem=ob-83267-1&prodNameId=4097219&swEnvOID=4061&swLang=13&taskId=135&mode=4&idx=3 Applies to: HP EliteBook 2540p, HP EliteBook 2740p, HP EliteBook 8440p, HP EliteBook 8440w, HP EliteBook 8540p, HP EliteBook 8540w, HP EliteBook 8740w, HP ProBook 6450b, HP ProBook 6550b Dell : MEI driver package http://support.dell.com/support/downloads/download.aspx?c=us&cs=555&l=en&s=biz&releaseid=R304259&SystemID=LAT_E6410&servicetag=&os=W764&osl=en&deviceid=12177&devlib=0&typecnt=0&vercnt=5&catid=-1&impid=-1&formatcnt=0&libid=27&fileid=458370 Applies to: Latitude E4310, Latitude E6410, Latitude E6410 ATG, Latitude E6510, OptiPlex 980
Posted in Software Tools Tags: api, driver, intel sw partner program, mei driver, Platforms, Security, technology, Tool Comments OffOS Release: Oracle Solaris 11
Oracle has announced the release of Oracle Solaris 11, a UNIX operating system originally developed by Sun Microsystems and known for its scalability and innovative enterprise features: “Oracle today announced availability of Oracle Solaris 11, the first Cloud OS. Oracle Solaris 11 is designed to meet the security,….
Posted in Software Tools Tags: Cloud, microsystems, release, Security, the-first, the-release, today-announced, unix Comments OffMeshcentral.com – New Audit Log
There are many aspects to security, it’s not just about authenticationa and encryption. You sometime need to perform audits and go back in the past to see what happenned. Many good web services and tools offer this feature, it’s sometimes called a log file or an audit log. With Meshcentral.com, I wanted for a while now to offer this feature to users and so today, I added it and just updated Meshcentral.com. The log records what is going on at a very high level, things from connection initiation to power actions and more. It does not record any of the details. Each event is basicaly recorded at a single integer with a few arguments. For example: bob started a remote terminal session on machine x. There are two ways in Meshcentral.com to view this log. In the “Account” tab, click “Audit Log” and you can see what operations your account performed in the past. You can also go to a specific device, in the “General” tab and click the “Log” link at the bottom left. This will display all operations from any user that has been performed on this device, not just operations you performed. It’s not typical, but this is useful if many users have been granted access to the mesh. For people that only have a few machines with themself as only administrator, you will only see operations performed by yourself. By the way, if you want to grant access to a mesh to more people, you need to use the Meshcentral Connector tools available in the downloads section. Ok, this is it for today. Ylian https://meshcentral.com
Posted in Software Tools Tags: Audit, granted-access, log, meshcentral, meshcentral.com, mobility, perform-audits, Security, ylian Comments OffThe Keys to Intel vPro Technology: HECI-MEI-LMS-SOL-UNS
It seems that our Developers are spending a lot of time looking for information about HECI drivers. Wi th vPro being around for many years now (we are on our 7 th revision going on 
I was wondering if this piece of Active Management Technology is still a puzzle to developers. In the spirit of figuring out what vPro Developers need, I went through our blogs and put together a collection of blogs that might be helpful. Note that I added all of Shmuel’s 11 part series below. His blogs range across most of our releases of Intel AMT and so there will be some information that may be dated, but still applicable to the older releases of Intel AMT. If you are looking for information on this topic and the blogs below do not answer your questions, please post a comment and let us know what information you need. First, are you here because you simply want updated Linux drivers? You can download them here (SLED 11). If not, read on. Let us talk about HECI and LMS (Ajay Mungara ) High level overview of why and when Intel AMT requires the HECI/MEI driver and the LMS service. Note that this blog is circa 2007 and Intel AMT has gone through some architectural changes since then but this blogs provides a nice overview of the interaction of the driver and associated service that is required to be running. When the vPro Universe Collides wi th Other People and goes “Fractal” (Gael Hofemeier ) You’ve read all the blogs about why you need the HECI/MEI driver and you get it. Your Intel vPro system has the HECI driver installed but you are getting an error message that makes it sound like your system doesn’t actually have the required software. Here is a handful of Shmuel Gerson’s blogs about Intel AMT focused around the User Notification and the HECI/MEI/LMS/SOL components. The software bundled with Intel AMT: Part 1 Intel AMT SW, part 2: The notification area icon – understanding the pop-up Configuring the notification area icon & app. Intel AMT SW Part 3 More configurations (disabling) of the Intel AMT icon. Part 4 in the Intel AMT software series Part 5: Detailed information to the user with the User Notification Service How the UNS works. Part 6 in the Intel AMT software series. UNS “Failed to subscribe to local Intel AMT” Error Messages and how to fix them (Intel AMT SW, 7th part) Intel AMT SW Part 8: Newfangled Intel Management and Security Status Intel Management and Security Status (IMSS), advanced configurations. Part 9 Intel AMT software: LMS, HECI, MEI… why do I need those? Part 10 in the series Wrapping all Intel AMT software together – AMT SW, part 11
Posted in Software Tools Tags: Developers, driver, heci, intel sw partner program, Management, mei, notification, open source, Security, security-status, sol, technology, universe, user, vpro Comments OffPrivateFirewall 7.0.25.4
PrivateFirewall is a proactive, multi-layered defense solution for Windows desktops and servers. PrivateFirewall detects, blocks and quarantines activity characteristic of known malware, hacking, phishing and other threat types so that personal computer users and IT managers within small, medium or large organizations can more effectively and proactively protect the environments and private data for which they are responsible. An exceptionally simple user interface makes PrivateFirewall a breeze to manage. You´ll realize expanded protection and become educated about the nature of activity – trusted and un-trusted – that occurs on your system. Features: Windows 7, Vista 64 bit support Windows 7, Vista 32 bit support Zero-hour anti-virus protection Zero-hour spyware protection Zero-hour malware protection Behavioral hacker protection Personal Firewall Website/IP filtering Advanced Application Security Basic Application Security Process Security Registry protection System Anomaly Detection Email Anomaly Detection What´s New in version 7.0.25.3: Added Restricted Rights feature which allows rights to be reduced for specific apps on the fly (via Process Detection Alerts) or via Privatefirewall GUI (Processes tab of Advanced Applications Settings). Added log level control: Off, Low, Med, High. Low (only events with red/blue icons are logged, i.e. which are not related to any existing rules), Med (all except restricted IPs, port scans, invalid packet flags, dropped due to SPI), High (all firewall events are logged). Expanded max alert time-out and added user options to control length of time-out period. Added ability to right mouse click event in FW log to add IP to the Blocked or Trusted List. Addressed full-screen game compatibility issues. Homepage : http://www.privacyware.com/ Download : privatefirewall.exe File Size : 7.62MB
Posted in Software Tools Tags: Application, computer-users, interface-makes, invalid-packet, medium-or-large, Security, Windows Comments OffTor for Windows 1.3.27
Tor is a toolset for organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize Web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features. Communications are bounced around a distributed network of servers, called onion routers. Instead of taking a direct route from source to destination, data packets on the Tor network take a random pathway through several servers that cover your tracks so no observer at any single point can tell where the data came from or where it´s going. This makes it hard for recipients, observers, and even the onion routers themselves to figure out who and where you are. Tor´s technology aims to provide Internet users with protection against “traffic analysis,” a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Homepage : https://www.torproject.org/ Download : tor-browser-1.3.27_en-US.exe File Size : 16.59MB Incoming search terms for the article: download tor tor-browser-1 3 27_en-US
Posted in Software Tools Tags: Applications, Article, Data, even-the-onion, Internet, privacy tools, Safety, Search, Security, security & privacy, tagging, terms-tagging, through-several, Windows Comments Off