Не определяется видеокарта в диспетчере устройств на ноутбуке

Не определяется видеокарта в диспетчере устройств на ноутбуке

За что отвечает драйвер intel management engine interface?

Прежде всего давайте разберемся с назначением данного драйвера. или сокращенно Intel ME представляет собой отдельную подсистему, которая отвечает за работу некоторых системных функций, среди которых контроль скорости вращения системных вентиляторов в зависимости от их температуры, обеспечение работы режимов энергосбережения, переходы в режим сна и многое другое.

Если вентиляторы вашего ноутбука или компьютера вращаются с одной постоянно высокой частотой, то это может быть последствием выхода из строя подсистемы Intel management engine interface , либо некорректной работы ее драйвера.

Данный драйвер является очень важным и обязателен к установке, так же, как и . Если этого не сделать, то в диспетчере устройств будет отображаться значок с восклицательным знаком, свидетельствующий о том, то подсистема Intel ME не функционирует должным образом.

Не установленный драйвер intel management engine interface

Если intel management engine interface не установить, то компьютер или ноутбук работать будут, но вот с некоторыми функциями ОС могут возникнуть проблемы.

Чтобы этого избежать, установите драйвер intel management engine interface с официального сайта производителя вашего ноутбука или материнской платы.


Лучший способ отблагодарить автора статьи- сделать репост к себе на страничку

Introduction

This document contains information on how to get started with Intel® Active Management Technology (Intel® AMT). It provides an overview of the features, as well as information on minimum system requirements, configuration of an Intel AMT client, and the developer tools available to help create applications for Intel AMT.

Intel AMT supports remote applications running on Microsoft Windows* or Linux*. Intel AMT Release 2.0 and higher supports only Windows-based local applications. For a complete list of system requirements see the Intel AMT Implementation and Reference Guide .

Getting Started

In order to manage an Intel AMT client or run the samples from the SDK, use a separate system to remotely manage your Intel AMT device. Refer to the Intel AMT Implementation and Reference Guide located in the Docs folder of the Intel AMT SDK for more details.

What is Intel® Active Management Technology?

Intel AMT is part of the Intel® vPro™ technology offering. Platforms equipped with Intel AMT can be managed remotely, regardless of its power state or if it has a functioning OS or not.

The Intel® Converged Security and Manageability Engine (Intel® CSME) powers the Intel AMT system. As a component of the Intel® vPro™ platform, Intel AMT uses a number of elements in the Intel vPro platform architecture. Figure 1 shows the relationship between these elements.

Figure 1. Intel® Active Management Technology 11 Architecture

Pay attention to the network connection associated with the Intel® Management Engine (Intel® ME). The NIC changes according to which Intel AMT release you are using.

  • The Intel CSME firmware contains the Intel AMT functionality.
  • Flash memory stores the firmware image.
  • Enable the Intel AMT capability by using Intel CSME as implemented by an OEM platform provider. A remote application performs the enterprise setup and configuration.
  • On power-up, the firmware image is copied into the Double Data Rate (DDR) RAM.
  • The firmware executes on the Intel® processor with Intel ME and uses a small portion of the DDR RAM (Slot 0) for storage during execution. RAM slot 0 must be populated and powered on for the firmware to run.

Intel AMT stores the following information in flash (Intel ME data):

  • OEM-configurable parameters:
    • Setup and configuration parameters such as passwords, network configuration, certificates, and access control lists (ACLs)
    • Other configuration information, such as lists of alerts and Intel AMT System Defense policies
    • The hardware configuration captured by the BIOS at startup
  • Details for the 2016 platforms with Intel vPro technology (Release 11.x) are:
    • 14nm process
    • Platform (mobile and desktop): 6th generation Intel® Core™ processor
    • CPU: SkyLake
    • PCH: Sunrise Point

What Is new with the Intel® Active Management Technology SDK Release 11.0

  • Intel CSME is the new architecture for Intel AMT 11. Prior to Intel AMT 11 Intel CSME was called Intel® Management Engine BIOS Extension (Intel® MEBx).
  • MOFs and XSL files: The MOFs and XSL files in the \DOCS\WS-Management directory and the class reference in the documentation are at version 11.0.0.1139.
  • New WS-Eventing and PET table argument fields: Additional arguments added to the CILA alerts provide a reason code for the UI connection and the hostname of the device which generates the alert.
  • Updated OpenSSL* version: The OpenSSL version is at v1.0. The redirection library has also been updated.
  • Updated Xerces version: Both Windows and Linux have v3.1.2 of the Xerces library.
  • HTTPS support for WS events: Secure subscription to WS Events is enabled.
  • Remote Secure Erase through Intel AMT boot options: The Intel AMT reboot options has an option to securely erase the primary data storage device.
  • DLL signing with strong name: The following DLLs are now signed with a strong name: CIMFramework.dll, CIMFrameworkUntyped.dll, DotNetWSManClient.dll, IWSManClient.dll, and Intel.Wsman.Scripting.dll
  • Automatic platform reboot triggered by HECI and Agent Presence watchdogs: An option to automatically trigger a reboot whenever a HECI or Agent Presence watchdog reports that its agent has entered an expired state.
  • Replacement of the IDE-R storage redirection protocol: Storage redirection works over the USB-R protocol rather than the IDE-R protocol.
  • Updated SHA: The SHA1 certificates are deprecated, with a series of implemented SHA256 certificates.

Configuring an Intel® Active Management Technology Client

Preparing your Intel® Active Management Technology Client for Use

Figure 2 shows the modes, or stages, that an Intel AMT device passes through before it becomes operational.


Figure 2. Configuration Flow

Before configuring an Intel AMT device from the Setup and Configuration Application (SCA), it must be prepared with initial setup information and placed into Setup Mode. The initial information will be different depending on the available options in the Intel AMT release, and the settings performed by the platform OEM. Table 1 summarizes the methods to perform setup and configuration on the different releases of Intel AMT.

Table 1. Setup Methods According to Intel® Active Management Technology Version

Setup Method Applicable to Intel® Active Management Technology (Intel® AMT) Releases For More Information
Legacy 1.0; Releases 2.x and 3.x in legacy mode Setup and Configuration in Legacy Mode
SMB 2.x, 3.x, 4.x, 5.x Setup and Configuration in SMB Mode
PSK 2.0 Through Intel AMT 10, Deprecated in Intel AMT 11 Setup and Configuration Using PSK
PKI 2.2, 2.6, 3.0 and later Setup and Configuration Using PKI (Remote Configuration)
Manual 6.0 and later Manual Setup and Configuration (from Release 6.0)
CCM, ACM 7.0 and later

Intel® Setup and Configuration Software (Intel® SCS) 11 can provision systems back to Intel AMT 2.x. For more information about Intel SCS and provisioning methods as they pertain to the various Intel AMT releases, visit Download the latest version of Intel® Setup and Configuration Service (Intel® SCS)

Manual Configuration Tips

There are no feature limitations when configuring a platform manually since the 6.0 release, but there are some system behaviors to be noted:

  • API methods will not return a PT_STATUS_INVALID_MODE status because there is only one mode.
  • TLS is disabled by default and must be enabled during configuration. This will always be the case with manual configuration as you cannot set TLS parameters locally.
  • The local platform clock will be used until the network time is remotely set. An automatic configuration will not be successful unless the network time was set (and this can only be done after configuring TLS or Kerberos*). Enabling TLS or Kerberos after the configuration will not work if the network time was not set.
  • The system enables WEB UI by default.
  • The system enables SOL and IDE-R by default.
  • The system disables Redirection listener by default starting in Intel AMT 10.
  • If KVM is enabled locally via Intel CSME, it still will not be enabled until an administrator activates it remotely.

Starting with Intel AMT 10, some devices are shipped without a physical LAN adapter. These devices cannot be configured using the current USB Key solutions provided by Intel SCS 11.

Manual Setup

During power up, the Intel AMT platform displays the BIOS startup screen, then it processes the MEBx. During this process, access to the Intel MEBX can be made; however the method is BIOS vendor-dependent. Some methods are:

  • Most BIOS vendors add entry into Intel CSME via the one-time boot menu. Select the appropriate key (Ctrl+P is typical) and follow the prompts.
  • Some OEM platforms prompt you to press after POST. When you press , control passes to the Intel MEBx (Intel CSME) main menu.
  • Some OEMs integrate the Intel CSME configuration inside the BIOS (uncommon).
  • Some OEMs have an option in the BIOS to show/hide the prompt, so if the prompt is not available in the one-time boot menu check the BIOS to activate the CTRL+P.

Client Control Mode and Admin Control Mode

At setup completion, Intel AMT 7.0 and later devices go into one of two control modes:

  • Client Control Mode . Intel AMT enters this mode after performing a basic host-based setup (see Host-Based (Local) Setup). It limits some of Intel AMT functionality, reflecting the lower level of trust required to complete a host-based setup.
  • Admin Control Mode . After performing remote configuration, USB configuration, or a manual setup via Intel CSME, Intel AMT enters Admin Control Mode.

There is also a configuration method that performs an Upgrade Client to Admin procedure. This procedure presumes the Intel AMT device is in Client Control Mode, but moves the Intel AMT device to Admin Control mode.

In Admin Control Mode there are no limitations to Intel AMT functionality. This reflects the higher level of trust associated with these setup methods.

Client Control Mode Limitations

When a simple host-based configuration completes, the platform enters Client Control Mode and imposes the following limitations:

  • The System Defense feature is not available.
  • Redirection (IDE-R and KVM) actions (except initiation of an SOL session) and changes in boot options (including boot to SOL) requires advanced consent. This still allows remote IT support to resolve end-user problems using Intel AMT.
  • With a defined Auditor, the Auditor’s permission is not required to perform un-provisioning.
  • A number of functions are blocked to prevent an untrusted user from taking control of the platform.

Manually Configuring an Intel Active Management Technology 11.0 Client

The Intel AMT platform displays the BIOS startup screen during power up, then processes the BIOS Extensions. Entry into the Intel AMT BIOS Extension is BIOS vendor-dependent.

If you are using an Intel AMT reference platform (SDS or SDP), the display screen prompts you to press . Then the control passes to the Intel CSME main menu.

In the case of it being a OEM system It is still easy to use the one-time boot menu, although entry into Intel CSME is usually an included option as part of the one-time boot menu. The exact key sequence varies by OEM, BIOS and Model.

Manual Configuration for Intel® AMT 11.0 Clients with Wi-Fi*-Only Connection

Many systems no longer have a wired LAN connector. You can configure and activate the Intel ME, then via WebUI or some alternate method to push the wireless settings.

  1. Change the default password to a new value (required to proceed). The new value must be a strong password. It should contain at least one uppercase letter, one lowercase letter, one digit, and one special character, and be at least eight characters.
    1. Enter Intel CSME during startup.
    2. Enter the Default Password of “admin”.
    3. Enter and confirm New Password.
  2. Select Network Setup.
  3. Select Intel® ME network Name Settings.
    1. Enter Host Name.
    2. Enter Domain Name.
  4. Select User Consent.
  5. Exit Intel CSME.
  6. Configure Wireless via ProSet Wireless Driver synching, WebUI, or an alternative method.

Manual Configuration for Intel AMT 11.0 Clients with LAN Connection

Enter the Intel CSME default password (“admin”).

Change the default password (required to proceed). The new value must be a strong password. It should contain at least one uppercase letter, one lowercase letter, one digit, and one special character, and be at least eight characters. A management console application can change the Intel AMT password without modifying the Intel CSME password.

  1. Select Intel AMT Configuration.
  2. Select/Verify Manageability Feature Selection is Enabled.
  3. Select Activate Network Access.
  4. Select “Y” to confirm Activating the interface.
  5. Select Network Setup.
  6. Select Intel ME network Name Settings.
    1. Enter Host Name.
    2. Enter Domain Name.
  7. Select User Consent.
    1. By default, this is set for KVM only; can be changed to none or all.
  8. Exit Intel CSME.

Accessing Intel® Active Management Technology via the WebUI Interface

An administrator with user rights can remotely connect to the Intel AMT device via the Web UI by entering the URL of the device. Depending on whether TLS has been activated, the URL will change:

  • Non-TLS - http:// :16992
  • TLS - https:// :16993

You can also use a local connection using the host’s browser for a non TLS connection. Use either localhost or 127.0.0.1 as the IP address. Example: http://127.0.0.1:16992

Intel Active Management Technology Support Requirements

In addition to having the BIOS and Intel CSME configured correctly, the Wireless NIC needs to be Intel AMT Compliant. Specific drivers and services must be present and running in order to use the Intel AMT to manage the host OS.

To verify that the Intel AMT drivers and services are loaded correctly, look for them in the Device Manger and Services in the host OS. Frequently check the OEM’s download site for upgraded versions of the BIOS, firmware, and drivers.

Here are the drivers and services that should appear in the host OS:

  • Intel® Ethernet Network Connection i218-LM #
  • Intel® Dual Band Wireless-AC 8260 or similar #
  • Intel® Management Engine Interface (Intel® MEI) driver
  • Serial-Over-LAN (SOL) driver
  • Intel® Management and Security Status (Intel® MSS) Application Local Management Service**
  • Intel® AMT Management and Security Status application**
  • HID mouse and keyboard drivers***

* Network controller and wireless interface versions will vary depending on the generation of the Intel vPro platform.

** Part of the complete Intel MEI (Chipset) Driver package

*** HID Drivers are needed when connecting via Intel AMT KVM. These default drivers are not normally an issue; however, we have seen issues on stripped-down custom OS installs. If a connection is made to a device without the HID drivers, the OS tries to auto-download the drivers. Once the install is done, reconnect the KVM connection.

Note: The version level of the drivers must match the version level of the firmware and BIOS. If non-compatible versions are installed, Intel AMT will not work with the features that require those interfaces.

Physical Device - Wireless Ethernet Connection

By default, any wireless Intel vPro platform will have an Intel AMT enabled wireless card installed, such as an Intel Dual Band Wireless-AC 8260. Any wireless card other than one from Intel will not have wireless Intel AMT capabilities. If you have a card other than the Intel Dual Band Wireless-AC 8260 you can use ark.intel.com to verify whether the wireless card is Intel AMT compliant.

Windows OS Required Software

Device drivers are not necessary for remote management; however, they are essential for local communication to the firmware. Functions like discovery or configuration via the OS will require the Intel MEI driver, SOL driver, LMS service and Intel® Management and Security Status (Intel® MSS).

Device Drivers - Intel® Management Engine Interface

Intel MEI is required to communicate to the firmware. The Windows automatic update installs the Intel MEI driver by default. The Intel MEI driver should stay in version step with the Intel MEBX version.

The Intel MEI driver is in the Device Manager under “System devices” as “Intel® Management Engine Interface.”

Device Drivers - Serial-Over-LAN Driver

The SOL driver used during redirection operation where a remote CD drive is mounted during a IDE redirection operation.

The SOL driver is in the Device Manager under “Ports” as “Intel® Active Management Technology – SOL (COM3).”


Figure 3. Serial-Over-LAN Driver.

Service - Intel Active Management Technology LMS Service

The Local Manageability Service (LMS) runs locally in an Intel AMT device and enables local management applications to send requests and receive responses. The LMS responds to the requests directed at the Intel AMT local host and routes them to the Intel® ME via the Intel® MEI driver. This service installer is packaged with the Intel MEI drivers on the OEM websites.

Please note that when installing the Windows OS, the Windows Automatic Update service installs the Intel MEI driver only. IMSS and the LMS Service are not installed. The LMS service communicates from an OS application to the Intel MEI driver. If the LMS service is not installed, go to the OEM website and download the Intel MEI driver, which is usually under the Chipset Driver category.


Figure 4. Intel® Management Engine Interface Driver.

The LMS is a Windows service installed on the host platform that has Intel AMT Release 9.0 or greater. Prior to this, the LMS was known as the User Notification Service (UNS) starting from Intel AMT Release 2.5 to 8.1.

The LMS receives a set of alerts from the Intel AMT device. LMS logs the alert in the Windows Application event log. To view the alerts, right-click My Computer , and then select Manage>System Tools>Event Viewer>Application .

Tool - Intel® Management and Security Status Tool

The Intel MSS tool can be accessed by the blue-key icon in the Windows tray.


Figure 5. Sys Tray Intel® Management and Security Status Icon.

General Tab

The General tab of the Intel MSS tool shows the status of Intel vPro features available on the platform and an event history. Each tab has additional details.


Figure 6. Intel® Management and Security Status General Tab.

Intel AMT Tab

This interface allows the local user to terminate KVM and Media Redirection operations, perform a Fast Call for Help, and see the System Defense state.


Figure 7. Intel® Management and Security Status Intel AMT tab

Advanced Tab

The Advanced tab of the Intel MSS tool shows more detailed information on the configuration of Intel AMT and its features. The screenshot in Figure 8 verifies that Intel AMT has been configured on this system.


Figure 8. Intel® Management and Security Status Advanced Tab

Intel Active Management Technology Software Development Kit (SDK)

As illustrated by the screenshot in Figure 9 of the Intel® AMT Implementation and Reference Guide, you can get more information on system requirements and how to build the sample code by reading the Using the Intel® AMT SDK section. The documentation is available on the Intel® Software Network here: Intel® AMT SDK (Latest Release)

Third-Party Data Storage X X X Deprecated Deprecated Built-in Web Server X X X X X Web Application Hosting X X Flash Protection X X X X X Firmware Update X X X X X HTTP Digest/ TLS X X X X X Static and Dynamic IP X X X X X System Defense X X X X X Agent Presence X X X X X Power Policies X X X X X Feature AMT 8 AMT 9 AMT 10 AMT 11 AMT 12 Mutual Authentication X X X X X Kerberos* X X X X X TLS-PSK X X X Deprecated Deprecated Privacy Icon X X X X X Intel® Management Engine Wake-on-LAN X X X X X Remote Configuration X X X X X Wireless Configuration X X X X X Endpoint Access Control (EAC) 802.1 X X X X X Power Packages X X X X X Environment Detection X X X X X Event Log Reader Realm X X X X X System Defense Heuristics X X X X X WS-MAN Interface X X X X X Network Interfaces X X X X X TLS 1.0 X X X X TLS 1.1 X X X X TLS 1.2 X Feature AMT 8 AMT 9 AMT 10 AMT 11 AMT 12 Fast Call For Help (CIRA) X X X X X Access Monitor X X X X X Microsoft NAP* Support X X X X X Virtualization Support for Agent Presence X X X X X PC Alarm Clock X X X X X KVM Remote Control X X X X X Wireless Profile Synchronization X X X X X Support for Internet Protocol Version 6 X X X X X Host-Based Provisioning X X X X X Graceful Shutdown X X X X X WS-Management API X X X X X SOAP Commands X Deprecated Deprecated Deprecated Deprecated InstantGo Support X X Remote Secure Erase X X

Intel Management Engine - привычный для большинства пользователей ПК набор слов. Привычен он тем, что при установке операционной системы последняя требует драйверы для этого самого Intel Management Engine (IME).

Данная подсистема появилась более 10 лет назад и сейчас является неотъемлемой частью практически любого ПК с процессором Intel. Однако достаточно любопытным является тот факт, что информации о данной подсистеме крайне мало. По каким-то причинам Intel не раскрывает практически никаких подробностей.

Известно, что это отдельный микропроцессор, который на данный момент интегрируется в чипсеты. Известно, что он ответственен за работу многих процессов. К примеру, удалённого администрирования. Также известно, что данный микропроцессор запускает собственную операционную систему, которая работает отдельно от основной. Эта ОС называется Minix. Точнее, это закрытая версия ОС Minix.

Intel Management Engine, предположительно, имеет доступ ко многим или даже ко всем интегрированным устройствам ПК и может обращаться к оперативной памяти. Всё это, учитывая закрытость данной системы, долгое время настораживало специалистов по безопасности. И оказалось, что не зря.

Российская компания Positive Technologies обнаружила дыру в безопасности Intel Management Engine и смогла использовать её для заражения ПК. Благодаря уязвимости вредоносный код можно запустить практически на любом ПК с Intel Management Engine. То есть, на большинстве компьютеров в мире, хотя сторонние источники говорят, что способ пока работает лишь для CPU поколения Skylake и новее. Для атаки специалисты использовали порты отладки JTAG.

В последних поколениях устройств от Intel, кроме стандартного набора драйверов для видеокарты, звуковой карты и других элементов, необходимо установить ПО - Intel Management Engine Interface. О том, что это такое и для чего нужно - в ответе ниже.