| 1 |
On 11/22/2017 12:42 AM, Adam Carter wrote: |
| 2 |
|
| 3 |
> I notice that an update for sys-firmware/intel-microcode just come through |
| 4 |
> on ~amd64, does that address the ME issues? |
| 5 |
> |
| 6 |
> http://www.zdnet.com/article/intel-weve-found-severe-bugs-in-secretive-management-engine-affecting-millions/ |
| 7 |
> |
| 8 |
> Or will my NUC need a firmware update? |
| 9 |
> |
| 10 |
That would be "solved"[1] via a firmware update, microcode update is |
| 11 |
microcode - only for the cpu. |
| 12 |
If you don't get one for your hardware due to the vendor saying it is |
| 13 |
"too old" (to scam you to buy a new motherboard for no reason) you can |
| 14 |
bisect the BIOS update and add it yourself (ask on the coreboot |
| 15 |
mailinglist how to do this for more info) not too difficult. |
| 16 |
|
| 17 |
Using ME cleaner would also solve the issue and you wouldn't need any |
| 18 |
more firmware updates when the next "bug" comes around. |
| 19 |
|
| 20 |
|
| 21 |
[1] Intel ME/AMD PSP will always be full of security "bugs" as they are |
| 22 |
designed to be an uber backdoor for god knows who - one can avoid this |
| 23 |
via getting either a slightly older x86-64 setup such as |
| 24 |
KCMA-D8/KGPE-D16 opteron motherboards (RYF libre firmware and a libre |
| 25 |
bmc firmware is available for them they also don't need microcode updats |
| 26 |
for series 2 CPU's), a g505S laptop (open source init firmware |
| 27 |
available) or a TALOS 2 server/workstation (POWER9, very very high |
| 28 |
performance high end server hardware with the usual price for that level |
| 29 |
of performance but you get libre firmware AND libre hardware RYF |
| 30 |
certification pending on release) |
Archives