BIOS Updates for Spectre/Meltdown and Modded BIOS?

Discussion in 'Windows 7' started by Zepp, Jan 31, 2018.

  1. Zepp

    Zepp MDL Member

    Mar 7, 2010
    105
    4
    10
    Hello... with Spectre and Meltdown requiring Intel and AMD to issue BIOS updates to patch the vulnerabilities in the CPUs cache handling, I am wondering how this will affect people with a modded BIOS. If you download and apply the official BIOS update (once available), I am assuming it doesn't just patch the code necessary, but wipes the entire BIOS, replacing it with a whole new BIOS, thereby eliminating the modded one. Is this correct?
     
  2. Threat

    Threat Lord of the Files

    Feb 23, 2014
    1,063
    871
    60
    If you download and reflash with an official BIOS, then you will wipe out any SLIC mods, regardless of the reason you update.

    You would need to apply the same mods to the new BIOS and flash with the modded updated BIOS.
     
  3. Zepp

    Zepp MDL Member

    Mar 7, 2010
    105
    4
    10
    Thanks Threat. That's what I figured. Since I am not able to do that myself and my CPU is old now (i.e. modders won't be working on it) I am thinking I just won't update the BIOS. (I wish I knew how to mod a BIOS myself! Don't like being vulnerable to the Spectre threat [Meltdown isn't an issue with AMD], but...)

    I can only imagine how many people will be shocked after updating their BIOS to prevent S/M ... forgetting entirely they even HAD a modded BIOS, until their SLIC is no longer matching their cert. I nearly forgot myself.
     
  4. Threat

    Threat Lord of the Files

    Feb 23, 2014
    1,063
    871
    60
    What motherboard / BIOS version are you running?

    Most of the time there are simple tools available so end users can mod there own BIOS now.
     
  5. Zepp

    Zepp MDL Member

    Mar 7, 2010
    105
    4
    10
    #5 Zepp, Feb 1, 2018
    Last edited: Feb 1, 2018
    (OP)
    That would be great.
    Acer Aspire 4530 w/ Grasmoor (Socket M2/S1G1) MB
    BIOS = Acer v1.3334 9/18/2008
    CPU = AMD Athlon X2 QL-62

    EDIT NEXT DAY: BIOS mod won't be required as AMD announced microcode updates instead.
     
  6. Tito

    Tito Super Mod / Adviser
    Staff Member

    Nov 30, 2009
    18,682
    18,581
    340
    You're not getting any official bios update from Acer anyway - the support for this series has been ended for long.
     
  7. aquarius84

    aquarius84 MDL Member

    Oct 3, 2012
    202
    61
    10
    shocked people?? update bios to prevent Spectre / Meltdown ?? prevent what ??
    I don't see people going mad for that
    this is a 99,9% Marketing bug (for Amd / Intel), so stop shocking about that and continue living as usual
     
  8. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    47,027
    93,871
    450
    Really?
     
  9. shhnedo

    shhnedo MDL Expert

    Mar 20, 2011
    1,662
    2,217
    60
    Interesting definition of Spectre/Meltdown...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. Zepp

    Zepp MDL Member

    Mar 7, 2010
    105
    4
    10
    Updates in one form or another are coming for all affected CPUs, and yes, going back to 1995. However they are releasing updates for newer chips first. So those with older machines will be waiting awhile. That said, AMD described the timetable in weeks, not months, and I am no programmer but I imagine microcode will be much easier and faster to deploy than BIOS updates, which might be why they went that route.
     
  11. ThomasMann

    ThomasMann MDL Expert

    Dec 31, 2015
    1,770
    295
    60
    It has indeed always looked like this something that will only be used against large companies, and individual users need not really worry. I have not found a single information anywhere that sways otherwise.

    By the way, what is much more interesting is, that Intel informed China in June, when the bug was detected. US government and industry learned about it in newspapers on Jan 3rd. That is what the Wall Street Journal printed two days ago...
     
  12. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    47,027
    93,871
    450
    Yes, risking billions of dollars lawsuits, can be considered a "marketing" strategy, especially when there is no perspective on new cpu design for the next years to come :rolleyes::rolleyes:
     
  13. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    3,522
    2,093
    120
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. Threat

    Threat Lord of the Files

    Feb 23, 2014
    1,063
    871
    60
    Yeah but come on would YOU trust the US Gov with security bugs that will take months to fix?

    If China GOV are more trusted than the US Gov then you know just how low the opinion of the trustworthiness US Gov really is. Take note Trump.
     
  15. Zepp

    Zepp MDL Member

    Mar 7, 2010
    105
    4
    10
    #16 Zepp, Feb 1, 2018
    Last edited: Feb 2, 2018
    (OP)
    I agree that cloud services and corporate networks would be the high targets, especially initially. But to extrapolate that individual users need not worry is, imo, shortsighted. As exploits develop, come of age and morph, there will likely be all manner of scripts and malware easily deployed by anyone who can point and click. Expect spread through spam and high risk sites, and there will always be the rogue infected ad on a legit site that had no idea it was infected until discovered after x number of days. Yes, it will take awhile to get there, but no vulnerability should be knowingly left open. Especially one that can extract sensitive data from cache. These exploits have the potential to capture data like PGP keys... which could mean life or death to a whistleblower in a hostile country. Ramifications are unknown.
     
  16. Zepp

    Zepp MDL Member

    Mar 7, 2010
    105
    4
    10
    They might have been legally obligated as China is their partner, I imagine, in producing the chips or at least the hardware that they go into (almost every computer and phone under the sun). They might have risked a giant lawsuit if they didn't immediately share the info under the bylaws of their contractual agreement. Just a thought.
     
  17. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    3,522
    2,093
    120
    Intel informed it's Chinese manufacture's. They have no control over what the Chinese govt does when they track Chinese business. What upset the U.S. govt, is that it made the U.S. more susceptible in case there were to be a cyber war to break out and China would have an upper hand
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. Zepp

    Zepp MDL Member

    Mar 7, 2010
    105
    4
    10