Matthew Garrett has a new tool to check for AMT on Linux:
If AMT is enabled and provisioned and the AMT version is between 6.0 and 11.2, and you have not upgraded your firmware, you are vulnerable to CVE-2017-5689. Disable AMT in your system firmware.
https://github.com/mjg59/mei-amt-check
A little bird told me some info about Intel AMT and Linux:
* Some BMC/IPMI devices also listen on port 623 because they support the same asf-rmcp protocol. So if you are using nmap to scan networks you may see false positives from these devices.
* The Intel OpenAMT tool can be used on Linux to determine if AMT is enabled. The procedure is something like:
* build with: ./configure;make
* on the system to test, load the mei modules with: modprobe mei-me
* run the src/lms binary (only uses standard libraries, no need to ‘make install’)
* check daemon.log, not enabled should be something like “LMS: Cannot connect to Intel AMT via MEI driver”
* clean up by killing the running lms process, removing the lms binary, and unloading the mei modules: rmmod mei-me mei
https://sourceforge.net/projects/openamt/
* On Linux, blacklisting the mei-me/mei modules will prevent local access to AMT, but doesn’t help if it’s already enabled.
