Official GIGABYTE Forum
Questions about GIGABYTE products => Motherboards with Intel processors => Topic started by: Cantoris on January 06, 2018, 02:57:06 pm
-
Do Gigabyte have any plans to provide firmware for their motherboards to help mitigate the CPU vulnerabilities Meltdown and Spectre?
Thanks.
-
Does Gigabyte have any plans to provide firmware for their motherboards to help mitigate the CPU vulnerabilities Meltdown and Spectre?
Thanks.
Patching for these vulnerabilities will come from Intel, AMD and ARM, not individual motherboard manufacturers. These fixes will then need to be tested by hardware manufacturers before they are made available. Based on what I've read, (subject to change I'm sure) the patching will be cumulative and not a one file fix. I suspect it will take some time (even months) to develop and test the fixes as they are released.
-
Patching for these vulnerabilities will come from Intel, AMD and ARM, not individual motherboard manufacturers. These fixes will then need to be tested by hardware manufacturers before they are made available.
Thanks for the quick response. I'd assumed that the update would be in the form of a BIOS (or similar) update since the material I've read refers to "chipset firmware" from "device OEMs". I was imagining Intel coming up with a reference level fix which motherboard manufacturers would adapt where necessary to their own boards' implementations.
-
I think you are right about that. I believe it will be similar to the Intel ME patching that has occurred. I've patched many systems. Some in the form of BIOS updates, others with a management engine executable in the OS.
My z370 board for example can get the patch different ways.
GIGABYTE Intel ME Critical FW Update Utility - Released 12/21/2017 B17.1218.1, comes in through App Center
BIOS F5 Update intel ME for security vulnerabilities - Released 11/13/2017
Patching for the ME vulnerability happened pretty quickly. I think Intel, AMD and ARM will move quickly on this too. There is nothing we can do. The flaws exist. Hopefully they can be addresses soon.
-
My belief (and I could be wrong) is that it will be similar to the Intel ME patching that has occurred. I've patched many systems. Some in the form of BIOS updates, others with a management engine executable in the OS.
That's the sort of thing I was expecting; originated by Intel but released by the OEM.
Would be nice if Gigabyte had a FAQ page about it somewhere obvious on their main support site.
Thanks again.
-
My belief (and I could be wrong) is that it will be similar to the Intel ME patching that has occurred. I've patched many systems. Some in the form of BIOS updates, others with a management engine executable in the OS.
That's the sort of thing I was expecting; originated by Intel but released by the OEM.
Would be nice if Gigabyte had a FAQ page about it somewhere obvious on their main support site.
Thanks again.
I messaged Gigabyte support regarding a patch the Spectre, Meltdown bug for my motherboard.
They responded very fast to my surprise, however the response left much to be desired.
They told me it was already released and gave me a link to the F22c Bios update released over a month ago that mixes the Intel ME bug.
I don't even know why I even bothered with their support.
-
Asus is already releasing bios with the first microcode update:
http://vip.asus.com/FORUM/view.aspx?id=20180104235637795&board_id=1&model=PRIME+Z370-A&page=1&SLanguage=en-us
Some reviewers also claimed theyve updated their uefis with the microcode for the vulnerability for the benchmarks theyve made.
And here i am still afraid of updating my bios with the last intel ME update due to the several accounts of problems with gigabyte boards, like this another one:
https://www.reddit.com/r/gigabyte/comments/7o4enw/continual_reboot_on_new_z370_after_me_fix/
"This is a known issue with Gigabyte boards".
Or this one:
http://forum.gigabyte.us/thread/3054/critical-update-utility-reporting-incorrect
Seriously.
-
https://www.reddit.com/r/gigabyte/comments/7o4enw/continual_reboot_on_new_z370_after_me_fix/
"This is a known issue with Gigabyte boards".
He most probably meant bootloop.
-
Some news about it, and some motherboard already have the download for it:
https://www.gigabyte.com/MicroSite/481/intel-sa-00088.html
Despite that website linking to the support of my z170 board, theres no newer bios there for it.
-
I am watching and waiting to see where this goes. Horror stories already that users have bricked a brand new system with the official update and plenty of ambiguity over just how serious a threat there is for individual PC owners. If the potential has been around for years and we have not had a confirmed exploitation of the vulnerability then my current vote is to leave my shiny new pc running as is, fat dumb and happy.
-
I very much hope that Gigabyte will release BIOS update for the Meltdown vulnerability for all the motherboard affected (i.e. compatible with the affected CPU) which according to various website can only be fully and truly patched through BIOS update!!
Otherwise, I will certainly remember this for my next purchase and go to ASUS or MSI which seem much faster to deal with the problem!!!
-
You know the funny part about this crap. Has been around on the CPU's for over 20-yrs why the big panic now?
What are Spectre and Meltdown?
Spectre and Meltdown are the names of the flaws found in a number of processors from Intel, ARM and AMD that could allow hackers to access passwords, encryption keys and other private information from open applications.
The flaws, found by a number of people including a member of Google’s Project Zero, are sending shock waves through the IT world. Namely, "it was revealed that they had been present in chip designs for over 20 years," and that they affect a number of companies’ processors, meaning the flaws could be found on a huge number of devices, from PCs to web servers and even smartphones.
Should I be worried about Spectre and Meltdown?
At the moment, you shouldn’t panic too much, because so far it doesn’t look like the Spectre or Meltdown flaws have been used in an attack, and device manufacturers are working with Intel, ARM and AMD to fix these flaws.
Intel has claimed that the exploits can't corrupt, modify or delete data. While it’s good to see companies set aside their differences to find a fix for these flaws, it has emerged that one flaw, Spectre, may need a processor redesign to fix.
However, this does mean that future processors should be free from the Spectre and Meltdown security flaws. So, don’t be too alarmed, but keep an eye on any updates your device offers, and follow our advice on how to protect against the Meltdown and Spectre CPU security flaws.
How to fix Meltdown and Spectre CPU security flaws on Windows PCs
Windows PCs are likely to be hit hardest by Meltdown and Spectre, regardless if they run on Intel or AMD processors. The good news is that Microsoft seems to be on the case and has said that it has already released a security update on Wednesday for Windows 10, as well as previous versions of Windows.
Windows 10 should download the update automatically, but to be sure, type ‘windows update’ in the search bar of the taskbar, and select ‘Check for updates.’ Download and install any new updates it finds.
-
pretty sure spectre needs a firmware(bios) patch. MS cant patch that. even after i have the MS patch i still get:
(https://i.imgur.com/xveM56W.png)
you can find out if protected by going to here: https://www.grc.com/inspectre.htm (https://www.grc.com/inspectre.htm)
or from MS: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in (https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in)
for MS verification, scroll down to "Verifying that protections are enabled" via powershell.
i have a GA-Z87X-UD4H and a GA-Z77X-UP4 TH that probably won't be getting patches as 2014 and 2012 were the last updates for them, respectively.
-
pretty sure spectre needs a firmware(bios) patch. MS cant patch that.
The OS can update microcode aswell, itll be patched whenever the OS bootsup.
Even Intel says the released microcode are causing bootloops for some people so i gather people should wait a while before rushing into it.
-
"it was revealed that they had been present in chip designs for over 20 years,"
Why the PANIC now??? What I'm going to do about it "0" NOTHING.
If this was something that just showed up maybe yes. But being here for over 20 yrs NO. I have been doing this over 35 yrs and I have seen it all. This is just another PANIC CITY THING.
If this was a big problem why didn't they fix it years ago. But you have this happen and now it is a problem by these people.
"The flaws, found by a number of people including a member of Google’s Project Zero, are sending shock waves through the IT world"
The other thing here we are a waste of time. That any body that has a PC in your home. We are the little guy. They could careless about you. They want the big guys like corp & banks.
-
This why I wouldn't don't do any thing yet!!!!!
Intel says patches can cause reboot problems in old chips
(Reuters) - Intel Corp on Thursday said that recently issued patches for flaws in its chips could cause computers using its older Broadwell and Haswell processors to reboot more often than normal and that Intel may need to issue updates to fix the buggy patches.
In a statement on Intel’s website, Navin Shenoy, general manager of the company’s data center group, said Intel had received reports about the issue and was working directly with data center customers to “discuss” the issue.
“We are working quickly with these customers to understand, diagnose and address this reboot issue,” Shenoy said in the statement. “If this requires a revised firmware update from Intel, we will distribute that update through the normal channels.”
Earlier on Thursday, the Wall Street Journal reported that Intel was asking cloud computing customers to hold off installing patches that address new security flaws that affect nearly all of its processors because the patches have bugs of their own.
Intel has identified three issues in updates released over the past week for “microcode,” or firmware, the newspaper reported, citing a confidential document the company had shared with some customers that it had reviewed.
The world’s largest chipmaker confirmed last week that the security issues reported by researchers in the company’s widely used microprocessors could allow hackers to steal sensitive information from computers, phones and other electronic devices.
-
dmdilks,
Thanks for sharing this helpful information. I second everything he's said and wish to reiterate... there is nothing you can do currently to completely protect yourself from these threats, which have been present and exploitable for decades.
Worrying about it will do nothing. The patches and fixes are coming, but we have to be patient. Life continues.
Anyone who has procrastinated or put off backing up their data or system.... Here are 2 great ways to protect yourself:
http://redobackup.org/ - FREE
https://www.macrium.com/reflectfree - FREE
-
I agree that there is no need to panic and rush action... however shall we wait and act as sitting duck until the bad guys find a way of exploiting these flaws to still your credit card details, passwords to important system (what about healthcare services, etc..), no I do not think so either. As always acting on something is different from rushing and panicking, and while I do not want and won't do the last 2, I certainly want to be proactive and fix the problem!!
-
Yesterday I got call from my buddy that runs a computer shop. Needed some computer parts. I when over we talk about this and he said the same thing I'm doing "O" nothing.
Here is a guy that was in the Army and work on networking & security for them. He runs a server out of his shop and works on other servers in the area. He is network security certificated.
All I can say keep your computer up to date on everything and you should be fine.
-
Intel says Meltdown / Spectre patch causes reboots in computers with newer processors too
http://www.latolue.com/2018/01/intel-says-meltdown-spectre-patch.html
-
But no reports about that so far..
-
But no reports about that so far..
“We recommend that OEMs, cloud service providers, system manufacturers, software vendors, and end users stop deployment of current versions on specific platforms,” Shenoy wrote, “as they may introduce higher than expected reboots and other unpredictable system behavior.”
https://www.theverge.com/2018/1/22/16919426/intel-advises-pause-deployment-of-spectre-patch
-
Something to stop all these vague doubts and fears https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/microcode-update-guidance.pdf
-
ASRock pulled the bioses with the microcode update until Intel released a fixed one.