fwupd/plugins/amt
Richard Hughes e87fc05ab9 Speed up the daemon startup by ~2% by doing dlsym much less
We were calling g_module_symbol() 2703 times, which is actually more
expensive than you'd think.

It also means the plugins are actually what we tell people they are:
A set of vfuncs that get run. The reality before that they were dlsym'd
functions that get called at pretty random times.
2021-11-09 12:02:07 +00:00
..
fu-plugin-amt.c Speed up the daemon startup by ~2% by doing dlsym much less 2021-11-09 12:02:07 +00:00
meson.build Move the plugin build logic to the plugins themselves 2021-02-18 14:46:20 +00:00
README.md trivial: update markdown for pre-commit style 2021-07-18 14:42:47 -05:00

Intel Management Engine

Introduction

This plugin is used to get the version number on the Intel Management Engine.

If AMT is enabled and provisioned and the AMT version is between 6.0 and 11.2, and you have not upgraded your firmware, you are vulnerable to CVE-2017-5689 and you should disable AMT in your system firmware.

This code is inspired by 'AMT status checker for Linux' by Matthew Garrett which can be found here: https://github.com/mjg59/mei-amt-check

That tool in turn is heavily based on mei-amt-version from samples/mei in the Linux source tree and copyright Intel Corporation.

GUID Generation

These devices use the existing GUID provided by the AMT host interface.

Vendor ID Security

The device is not upgradable and thus requires no vendor ID set.

External Interface Access

This plugin requires read only access to /dev/mei0.