1 |
On 11/22/2017 12:42 AM, Adam Carter wrote: |
2 |
|
3 |
> I notice that an update for sys-firmware/intel-microcode just come through |
4 |
> on ~amd64, does that address the ME issues? |
5 |
> |
6 |
> http://www.zdnet.com/article/intel-weve-found-severe-bugs-in-secretive-management-engine-affecting-millions/ |
7 |
> |
8 |
> Or will my NUC need a firmware update? |
9 |
> |
10 |
That would be "solved"[1] via a firmware update, microcode update is |
11 |
microcode - only for the cpu. |
12 |
If you don't get one for your hardware due to the vendor saying it is |
13 |
"too old" (to scam you to buy a new motherboard for no reason) you can |
14 |
bisect the BIOS update and add it yourself (ask on the coreboot |
15 |
mailinglist how to do this for more info) not too difficult. |
16 |
|
17 |
Using ME cleaner would also solve the issue and you wouldn't need any |
18 |
more firmware updates when the next "bug" comes around. |
19 |
|
20 |
|
21 |
[1] Intel ME/AMD PSP will always be full of security "bugs" as they are |
22 |
designed to be an uber backdoor for god knows who - one can avoid this |
23 |
via getting either a slightly older x86-64 setup such as |
24 |
KCMA-D8/KGPE-D16 opteron motherboards (RYF libre firmware and a libre |
25 |
bmc firmware is available for them they also don't need microcode updats |
26 |
for series 2 CPU's), a g505S laptop (open source init firmware |
27 |
available) or a TALOS 2 server/workstation (POWER9, very very high |
28 |
performance high end server hardware with the usual price for that level |
29 |
of performance but you get libre firmware AND libre hardware RYF |
30 |
certification pending on release) |