Firmware against CPU vulnerabilities?

[Cantoris]

Do Gigabyte have any plans to provide firmware for their motherboards to help mitigate the CPU vulnerabilities Meltdown and Spectre?
Thanks.

[shadowsports]

Does Gigabyte have any plans to provide firmware for their motherboards to help mitigate the CPU vulnerabilities Meltdown and Spectre?
Thanks.

Patching for these vulnerabilities will come from Intel, AMD and ARM, not individual motherboard manufacturers.  These fixes will then need to be tested by hardware manufacturers before they are made available.  Based on what I've read, (subject to change I'm sure) the patching will be cumulative and not a one file fix.  I suspect it will take some time (even months) to develop and test the fixes as they are released.   

[Cantoris]

Patching for these vulnerabilities will come from Intel, AMD and ARM, not individual motherboard manufacturers.  These fixes will then need to be tested by hardware manufacturers before they are made available.

Thanks for the quick response.  I'd assumed that the update would be in the form of a BIOS (or similar) update since the material I've read refers to "chipset firmware" from "device OEMs".  I was imagining Intel coming up with a reference level fix which motherboard manufacturers would adapt where necessary to their own boards' implementations.

[shadowsports]

I think you are right about that.  I believe it will be similar to the Intel ME patching that has occurred.  I've patched many systems.  Some in the form of BIOS updates, others with a management engine executable in the OS. 

My z370 board for example can get the patch different ways. 

GIGABYTE Intel ME Critical FW Update Utility - Released 12/21/2017 B17.1218.1, comes in through App Center

BIOS F5 Update intel ME for security vulnerabilities - Released 11/13/2017

Patching for the ME vulnerability happened pretty quickly.  I think Intel, AMD and ARM will move quickly on this too.  There is nothing we can do.  The flaws exist.  Hopefully they can be addresses soon.

[Cantoris]

My belief (and I could be wrong) is that it will be similar to the Intel ME patching that has occurred.  I've patched many systems.  Some in the form of BIOS updates, others with a management engine executable in the OS.

That's the sort of thing I was expecting; originated by Intel but released by the OEM.
Would be nice if Gigabyte had a FAQ page about it somewhere obvious on their main support site.

Thanks again.

[Jimmy2Times]

My belief (and I could be wrong) is that it will be similar to the Intel ME patching that has occurred.  I've patched many systems.  Some in the form of BIOS updates, others with a management engine executable in the OS.

That's the sort of thing I was expecting; originated by Intel but released by the OEM.
Would be nice if Gigabyte had a FAQ page about it somewhere obvious on their main support site.

Thanks again.

I messaged Gigabyte support regarding a patch the Spectre, Meltdown bug for my motherboard.
They responded very fast to my surprise, however the response left much to be desired.
They told me it was already released and gave me a link to the F22c Bios update released over a month ago that mixes the Intel ME bug.
I don't even know why I even bothered with their support.

 

[wh173]

Asus is already releasing bios with the first microcode update:

http://vip.asus.com/FORUM/view.aspx?id=20180104235637795&board_id=1&model=PRIME+Z370-A&page=1&SLanguage=en-us

Some reviewers also claimed theyve updated their uefis with the microcode for the vulnerability for the benchmarks theyve made.


And here i am still afraid of updating my bios with the last intel ME update due to the several accounts of problems with gigabyte boards, like this another one:

https://www.reddit.com/r/gigabyte/comments/7o4enw/continual_reboot_on_new_z370_after_me_fix/

"This is a known issue with Gigabyte boards".

Or this one:

http://forum.gigabyte.us/thread/3054/critical-update-utility-reporting-incorrect



Seriously.

[anders]

https://www.reddit.com/r/gigabyte/comments/7o4enw/continual_reboot_on_new_z370_after_me_fix/

"This is a known issue with Gigabyte boards".

He most probably meant bootloop.

[wh173]

Some news about it, and some motherboard already have the download for it:

https://www.gigabyte.com/MicroSite/481/intel-sa-00088.html

Despite that website linking to the support of my z170 board, theres no newer bios there for it.

[COMPUTOM]

I am watching and waiting to see where this goes. Horror stories already that users have bricked a brand new system with the official update and plenty of ambiguity over just how serious a threat there is for individual PC owners. If the potential has been around for years and we have not had a confirmed exploitation of the vulnerability then my current vote is to leave my shiny new pc running as is, fat dumb and happy.     

[rvboutin]

I very much hope that Gigabyte will release BIOS update for the Meltdown vulnerability for all the motherboard affected (i.e. compatible with the affected CPU) which according to various website can only be fully and truly patched through BIOS update!!
Otherwise, I will certainly remember this for my next purchase and go to ASUS or MSI which seem much faster to deal with the problem!!!

[dmdilks]

You know the funny part about this crap. Has been around on the CPU's for over 20-yrs why the big panic now?

What are Spectre and Meltdown?

Spectre and Meltdown are the names of the flaws found in a number of processors from Intel, ARM and AMD that could allow hackers to access passwords, encryption keys and other private information from open applications.

The flaws, found by a number of people including a member of Google’s Project Zero, are sending shock waves through the IT world. Namely, "it was revealed that they had been present in chip designs for over 20 years," and that they affect a number of companies’ processors, meaning the flaws could be found on a huge number of devices, from PCs to web servers and even smartphones.

Should I be worried about Spectre and Meltdown?

At the moment, you shouldn’t panic too much, because so far it doesn’t look like the Spectre or Meltdown flaws have been used in an attack, and device manufacturers are working with Intel, ARM and AMD to fix these flaws.

Intel has claimed that the exploits can't corrupt, modify or delete data. While it’s good to see companies set aside their differences to find a fix for these flaws, it has emerged that one flaw, Spectre, may need a processor redesign to fix.

However, this does mean that future processors should be free from the Spectre and Meltdown security flaws. So, don’t be too alarmed, but keep an eye on any updates your device offers, and follow our advice on how to protect against the Meltdown and Spectre CPU security flaws.

How to fix Meltdown and Spectre CPU security flaws on Windows PCs

Windows PCs are likely to be hit hardest by Meltdown and Spectre, regardless if they run on Intel or AMD processors. The good news is that Microsoft seems to be on the case and has said that it has already released a security update on Wednesday for Windows 10, as well as previous versions of Windows.

Windows 10 should download the update automatically, but to be sure, type ‘windows update’ in the search bar of the taskbar, and select ‘Check for updates.’ Download and install any new updates it finds.

[madLyfe]

pretty sure spectre needs a firmware(bios) patch. MS cant patch that. even after i have the MS patch i still get:



you can find out if protected by going to here: https://www.grc.com/inspectre.htm

or from MS: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

for MS verification, scroll down to "Verifying that protections are enabled" via powershell.

i have a GA-Z87X-UD4H and a GA-Z77X-UP4 TH that probably won't be getting patches as 2014 and 2012 were the last updates for them, respectively.

[wh173]

pretty sure spectre needs a firmware(bios) patch. MS cant patch that.

The OS can update microcode aswell, itll be patched whenever the OS bootsup.

Even Intel says the released microcode are causing bootloops for some people so i gather people should wait a while before rushing into it.

[dmdilks]

"it was revealed that they had been present in chip designs for over 20 years,"

Why the PANIC now??? What I'm going to do about it "0" NOTHING.

If this was something that just showed up maybe yes. But being here for over 20 yrs NO. I have been doing this over 35 yrs and I have seen it all. This is just another PANIC CITY THING.   

If this was a big problem why didn't they fix it years ago. But you have this happen and now it is a problem by these people.

"The flaws, found by a number of people including a member of Google’s Project Zero, are sending shock waves through the IT world"

The other thing here we are a waste of time. That any body that has a PC in your home. We are the little guy. They could careless about you. They want the big guys like corp & banks.