질문과 답변
하드웨어 바이오스 업데이트 내용인데 해석 부탁드립니다.
2016.01.05 23:48
B85M PRO4
새로 올라온 바이오스 업데이트 내용인데
1. Add ME FW version in BIOS Setup.
ME FW 라는게 멀 의미하는지 모르겠네요.
댓글 [4]
-
ee_do 2016.01.05 23:54
-
읍민Kaine 2016.01.06 09:40
본문 중에 ... a Manageability Engine (ME)... 라고 되어 있네요. FW는 Firmware의 약자입니다.
-
야인 2016.01.06 17:31
Intel(R) Manageability Engine Firmware
인텔 펌웨어
드라이버로 컴퓨터 장치에 필요한 프로그램입니다.
알려주신 내용으로 찾아보니 대략 이렇게 나오네요.
ME에 대한 정확한 개념은 모르겠지만 대략 장치 드라이버로 추측됩니다.
-
윈라 2016.01.06 19:57
바이오스나 펌웨어 같은건 굳이 업데이트 안해줘도 무방합니다.괜히 건드렸다가 후회하는수가 있어요.
Intel(R) Manageability Engine Firmware Recovery Agent
The Intel Manageability Firmware Recovery Agent is part of the Intel(R) Active Management Technology driver stack that Intel provides to OEMs. Starting in 2011, it is relevant for any platform that has a Manageability Engine (ME). The confusing part of this is that it no longer strictly pertains to Intel Active Management Technology. There are actually many new Intel technologies that make use of the ME. It can be safe to say that if you purchase any computer with Intel processors from 2011 on, it is likely to have an ME/firmware.
The Intel ME Firmware Recovery Agent is needed for updating firmware when critical security vulnerabilities have been found. While Intel patches the firmware and makes the new releases available to OEMS, not every OEM takes the updates right away, if at all. The agent detects new firmware (for the ME 1.5Mb and ME 5Mb images) and automatically performs the update from Intel servers. This update is done via authentication with secure transfers and requires user opt-in. Unfortunately, many users may have no idea that their system has a Manageability Engine so they have no idea why they are being asked if it is OK to run the update. (Yes, it is OK!)
Regarding the security of the transfer, first, the firmware is signed and validated by the HW before being applied and executed. Since it is not sufficient for the certificate to be valid, the agent checks if the certificate is valid (not expired, etc.) and it checks to ensure the certificate is the one we want. The agent carries a blob taken from the original certifact's subject and it compares this blob with the certificate used to sign the update file. The blob lives in a protected directory in the system and it can't be changed without admin privilidges.
If the agent is disabled (or not provided by the OEM) the only other way to get the new update is if the OEM has provided it on their website and then users can download it and do the firmware update themselves, which sometimes can be tricky.
Hopefully this answers some questions we have seen regarding this agent and what it is for.
치명적 보안 결함이 발견되었을 때 펌웨어 업데이트를 위해 필요한 것이라고 나와있네요