You can now run software like EFIgy or my EFIver.py to see if you are using the latest EFI update from Apple, but that doesn’t necessarily mean that you are using the latest and greatest from Intel. Not for the following models:
File : IM144_0183_B00.scap (iMac14,4) ME version: 188.8.131.526 Latest : No File : IM151_0211_B00.scap (iMac15,1) ME version: 184.108.40.2062 Latest : No File : IM162_0212_B00.fd (iMac16,2) ME version: 220.127.116.110 Latest : No File : IM171_0110_B00.fd (iMac17,1) ME version: 18.104.22.1680 Latest : No File : IM181_0151_B00.fd (iMac18,1) ME version: 22.214.171.1249 Latest : No File : IM183_0151_B00.fd (iMac18,x) ME version: 126.96.36.1999 Latest : No File : MBP114_0177_B00.fd (MacBookPro11,4) ME version: 188.8.131.525 Latest : No File : MP61_0120_B00.scap (MacPro6,1) ME version: 184.108.40.2061 Latest : No
This shows us a limitation of EFIgy and my very own EFIver.py script. One that I would like to address soon. Speaking of which, the latest beta (v3.2) now also runs with Python3 – required for Windows and Linux – but you’ll need PyObjc.
And while I don’t really know if this opens un-patched attack vectors, or if this is Apple’s fault (but Intel?) but I like to keep my Mac safe. As much as I can, and then something like this isn’t really helping me.
Thanks to Plato Mavropoulos for his ME Analyzer!
ME as in the Management Engine horror? I was rather hoping Macs didn’t have that – at least I’ve never heard of a way to interact with it on a Mac.
To be really safe you could always disable ME (or parts of it?), as e.g. the intelligence agencies do, by setting the NSA’s “reserve_hap” to 1: http://blog.ptsecurity.com/2017/08/disabling-intel-me.html … don’t know if macOS will boot with such a setup. But if this is possible, I’m thinking about doing this myself.
ME could be disabled successfully using me cleaner but it has been tested only with sandy/ivybridge.
Hi Pike! IF you could unpack and repack after modification of latest ME driver, you could use one tool like iHEX or UEFITool to integrate latest ME FW update which you can find over win-raid.com.
Im talking about scap firmware file which obviously contains ME firmware inside, so we could find a way to unpack, replace ME firmware using uefitool than repack as scap?