4

Intel Active Management Technology (AMT) is the subject for a lot of controversy lately. Essentially, it's a separate chip that runs with privileged access (colloquially ring -3) to system resources including network stack (wireless too if it has power), and providing at least three separate apis (some of which are remote). It runs when the CPU is in powered-off state, and can do all kinds of frightening things like install operating systems and such.

My question is simple, how do I find out if it's enabled on my CPU?

Reading this I see it's available on numerous Lenovo laptops, so I assume it's there on mine. Can I get the version of Intel AMT that I'm running? That doc says it's versioned.

Evan Carroll
  • 30,763
  • 48
  • 183
  • 315

1 Answers1

6

You can use Matthew Garrett’s AMT status checker. It will tell you whether

  • AMT is supported
  • AMT is provisioned

and if AMT is supported and provisioned, it will list the versions of the various components involved.

There’s an Intel tool available too. On a Lenovo x230 with Core i5, it'll show something like this

INTEL-SA-00075-Discovery-Tool -- Release 0.8
Copyright (C) 2003-2012, 2017 Intel Corporation.  All rights reserved


------------------Firmware Information--------------------

Intel(R) AMT: ENABLED
Flash:  8.1.30
Netstack:   8.1.30
AMTApps:    8.1.30
AMT:    8.1.30
Sku:    90112
VendorID:   8086
Build Number:   1350
Recovery Version:   8.1.30
Recovery Build Num: 1350
Legacy Mode:    False

-----------------SKU Information-----------------
         Intel(R) Small Business Technology
         Corporate SKU
         Intel(R) Anti-Theft Technology (Intel(R) AT)
-------------------------------------------------

Error: IOCTL_MEI_CONNECT_CLIENT receive message. err=-1

------------------Vulnerability Status--------------------
Based on the version of the Intel(R) MEI, the System is Vulnerable.
If Vulnerable, contact your OEM for support and remediation of this system.
For more information, refer to CVE-2017-5689 at:
https://nvd.nist.gov/vuln/detail/CVE-2017-5689 or the Intel security advisory
Intel-SA-00075 at:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
----------------------------------------------------------

You can also check your system’s firmware setup.

See How to detect and mitigate the Intel escalation of privilege vulnerability on a Linux system (CVE-2017-5689)? for more on the related vulnerability (the first one...).

Evan Carroll
  • 30,763
  • 48
  • 183
  • 315
Stephen Kitt
  • 434,908