Skip to content

Check whether AMT is enabled and provisioned under Linux

License

Notifications You must be signed in to change notification settings

mjg59/mei-amt-check

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
 
 
 
 
 
 
 
 

Repository files navigation

AMT status checker for Linux

A simple tool that tells you whether AMT is enabled and provisioned on Linux systems. Requires that the mei_me driver (part of the upstream kernel) be loaded.

Building

Run make

Running

sudo ./mei-amt-check

If run on a system with no AMT, output will look like:

Intel AMT: DISABLED

If AMT is enabled but not provisioned, output will look like:

Intel AMT is present
AMT is unprovisioned

In this state, AMT is not vulnerable to CVE-2017-5689.

If AMT is enabled and provisioned, output will look like:

Intel AMT is present
AMT is provisioned
Flash: 9.5.40
Netstack:	9.5.40
AMTApps:	9.5.40
AMT:	9.5.40
Sku:	8200
VendorID:	8086
Build Number:	1892
Recovery Version:	9.5.40
Recovery Build Num:	1892
Legacy Mode:   False

If AMT is enabled and provisioned and the AMT version is between 6.0 and 11.2, and you have not upgraded your firmware, you are vulnerable to CVE-2017-5689. Disable AMT in your system firmware.

This tool is heavily based on mei-amt-version from samples/mei in the Linux source tree and copyright Intel Corporation.

About

Check whether AMT is enabled and provisioned under Linux

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published