Hello... with Spectre and Meltdown requiring Intel and AMD to issue BIOS updates to patch the vulnerabilities in the CPUs cache handling, I am wondering how this will affect people with a modded BIOS. If you download and apply the official BIOS update (once available), I am assuming it doesn't just patch the code necessary, but wipes the entire BIOS, replacing it with a whole new BIOS, thereby eliminating the modded one. Is this correct?
If you download and reflash with an official BIOS, then you will wipe out any SLIC mods, regardless of the reason you update. You would need to apply the same mods to the new BIOS and flash with the modded updated BIOS.
Thanks Threat. That's what I figured. Since I am not able to do that myself and my CPU is old now (i.e. modders won't be working on it) I am thinking I just won't update the BIOS. (I wish I knew how to mod a BIOS myself! Don't like being vulnerable to the Spectre threat [Meltdown isn't an issue with AMD], but...) I can only imagine how many people will be shocked after updating their BIOS to prevent S/M ... forgetting entirely they even HAD a modded BIOS, until their SLIC is no longer matching their cert. I nearly forgot myself.
What motherboard / BIOS version are you running? Most of the time there are simple tools available so end users can mod there own BIOS now.
That would be great. Acer Aspire 4530 w/ Grasmoor (Socket M2/S1G1) MB BIOS = Acer v1.3334 9/18/2008 CPU = AMD Athlon X2 QL-62 EDIT NEXT DAY: BIOS mod won't be required as AMD announced microcode updates instead.
You're not getting any official bios update from Acer anyway - the support for this series has been ended for long.
shocked people?? update bios to prevent Spectre / Meltdown ?? prevent what ?? I don't see people going mad for that this is a 99,9% Marketing bug (for Amd / Intel), so stop shocking about that and continue living as usual
Updates in one form or another are coming for all affected CPUs, and yes, going back to 1995. However they are releasing updates for newer chips first. So those with older machines will be waiting awhile. That said, AMD described the timetable in weeks, not months, and I am no programmer but I imagine microcode will be much easier and faster to deploy than BIOS updates, which might be why they went that route.
It has indeed always looked like this something that will only be used against large companies, and individual users need not really worry. I have not found a single information anywhere that sways otherwise. By the way, what is much more interesting is, that Intel informed China in June, when the bug was detected. US government and industry learned about it in newspapers on Jan 3rd. That is what the Wall Street Journal printed two days ago...
Yes, risking billions of dollars lawsuits, can be considered a "marketing" strategy, especially when there is no perspective on new cpu design for the next years to come
Yeah but come on would YOU trust the US Gov with security bugs that will take months to fix? If China GOV are more trusted than the US Gov then you know just how low the opinion of the trustworthiness US Gov really is. Take note Trump.
I agree that cloud services and corporate networks would be the high targets, especially initially. But to extrapolate that individual users need not worry is, imo, shortsighted. As exploits develop, come of age and morph, there will likely be all manner of scripts and malware easily deployed by anyone who can point and click. Expect spread through spam and high risk sites, and there will always be the rogue infected ad on a legit site that had no idea it was infected until discovered after x number of days. Yes, it will take awhile to get there, but no vulnerability should be knowingly left open. Especially one that can extract sensitive data from cache. These exploits have the potential to capture data like PGP keys... which could mean life or death to a whistleblower in a hostile country. Ramifications are unknown.
They might have been legally obligated as China is their partner, I imagine, in producing the chips or at least the hardware that they go into (almost every computer and phone under the sun). They might have risked a giant lawsuit if they didn't immediately share the info under the bylaws of their contractual agreement. Just a thought.
Intel informed it's Chinese manufacture's. They have no control over what the Chinese govt does when they track Chinese business. What upset the U.S. govt, is that it made the U.S. more susceptible in case there were to be a cyber war to break out and China would have an upper hand