Thursday, June 1st 2023

GIGABYTE Fortifies System Security with Latest BIOS Updates and Enhanced Verification

Press Release by
GFreeman
 Discuss (19 Comments)
GIGABYTE Technology, one of the leading global manufacturers of motherboards, graphics cards, and hardware solutions, has always prioritized cybersecurity and information security. GIGABYTE remains committed to fostering close collaboration with relevant units and implementing robust security measures to safeguard its users. GIGABYTE engineers have already mitigated potential risks and uploaded the Intel 700/600 and AMD 500/400 series Beta BIOS to the official website after conducting thorough testing and validation of the new BIOS on GIGABYTE motherboards.

To fortify system security, GIGABYTE has implemented stricter security checks during the operating system boot process. These measures are designed to detect and prevent any possible malicious activities, providing users with enhanced protection:
  • 1. Signature Verification: GIGABYTE has bolstered the validation process for files downloaded from remote servers. This enhanced verification ensures the integrity and legitimacy of the contents, thwarting any attempts by attackers to insert malicious code.
  • 2. Privilege Access Limitations: GIGABYTE has enabled standard cryptographic verification of remote server certificates. This guarantees that files are exclusively downloaded from servers with valid and trusted certificates, ensuring an added layer of protection.
BIOS updates for the Intel 500/400 and AMD 600 series chipset motherboards will also be released on the GIGABYTE official website later today, along with updates for previously released motherboards. GIGABYTE recommends that users regularly visit the official GIGABYTE website for future BIOS updates.
Source: GIGABYTE

Related News

Add your own comment

19 Comments on GIGABYTE Fortifies System Security with Latest BIOS Updates and Enhanced Verification

#1
ZoneDymo
GIGABYTE Technology, has always prioritized cybersecurity and information security.

What they dont prioritize is the physical safety of your PC, that can blow up / burn down for all they care, but hey, at least your data wont fall in the wrong hands...or in anyone's hands for that matter, right?
Posted on Reply
#2
zmeul
just remove the bloody thing from the BIOS
also ASUS, MSI and whomever else has it
Posted on Reply
#3
katzi
zmeuljust remove the bloody thing from the BIOS
also ASUS, MSI and whomever else has it
Asus does this, MSI hasn't to my knowledge (My last MSI board was a B550 Unify)
Posted on Reply
#6
P4-630
GFreemanTo fortify system security, GIGABYTE has implemented stricter security checks during the operating system boot process. These measures are designed to detect and prevent any possible malicious activities, providing users with enhanced protection:
  • 1. Signature Verification: GIGABYTE has bolstered the validation process for files downloaded from remote servers. This enhanced verification ensures the integrity and legitimacy of the contents, thwarting any attempts by attackers to insert malicious code.
  • 2. Privilege Access Limitations: GIGABYTE has enabled standard cryptographic verification of remote server certificates. This guarantees that files are exclusively downloaded from servers with valid and trusted certificates, ensuring an added layer of protection.
Now if they only thought about actually doing that 10 years ago....
Posted on Reply
#7
Tomorrow
Ironic that my X570 board does not have this "feature" present in older B450 and newer AM5/Z790 boards.
X570S refresh is affected tho.
Posted on Reply
#8
BatRastard
What's weird is this news broke just days after a few users in the MSI Gaming subreddit reported that a new option in their BIOS automatically downloads and executes a full screen version of MSI Center after logging into Windows and it starts executing BIOS updates and driver updates with no clear way to stop or close the app. This behavior is basically a rootkit designed to brick boards so they can sell replacements. Wash. Rinse. Repeat. It boggles the mind that a sysadmin would let this insanity escape the asylum.
Posted on Reply
#9
MarsM4N
BIOS backdoor fixed, for 271 models of Gigabyte motherboards! :eek: NSA staff not going to be very amused.


Tbh. automated BIOS updates are just a dumb idea. Not only for safety reasons, but also for system reliability. It's just better to wait a week before updating. A popup update notice would be way better.
Posted on Reply
#10
trparky
The bad part is, according to the SMU checker, all new BIOS versions have AMD AGESA 1.0.0.7A as part of it. According to a lot of users, 1.0.0.7A is not even close to being stable yet. So much so that I think the letter "A" in the version stands for Alpha, as in that it's an Alpha version and not even Beta.

I don't have any of the Gigabyte software installed on my system and it's going to stay that way.
Posted on Reply
#11
BatRastard
There's been reports that AGESA 120A for some MSI AM4 boards are corrupting the full screen logo at boot to the point that it's either garbled or missing completely.
Posted on Reply
#13
Minus Infinity
Yeah my old X370 wasn't affected. Pay's to be trailing edge sometimes.
Posted on Reply
#14
chrcoluk
Not sure why they obsessed with keeping this rubbish in the bios, the people who want the software will seek it out and download it, the ones who dont, dont force it on them.

They could gain PR by admitting they got it wrong and saying they taking a security stance now of removing the functionality.
Posted on Reply
#16
tpa-pr
Well, I have turned the feature off and the beta BIOS with the fix is out for my board. I'll be waiting for the non-beta BIOS but I guess I have to give Gigabyte credit for fixing it so quickly? Ideally they wouldn't have included the feature in the first place but I'll take whatever win I can get.
Posted on Reply
#17
Tropick
Wow, my B550 AORUS Elite V2 narrowly escaped this crap solely on the virtue of it being the 1.0 revision. Looks like rev 1.2 and up are all affected as they include the stupid feature.
ZoneDymoGIGABYTE Technology, has always prioritized cybersecurity and information security.

What they dont prioritize is the physical safety of your PC, that can blow up / burn down for all they care, but hey, at least your data wont fall in the wrong hands...or in anyone's hands for that matter, right?
Can't leak the keys if your TPM chip is melted
Posted on Reply
#18
zlobby
Mid of 2023 and some vendors start imlementing basic blob validation...
Posted on Reply
#19
Dragokar
I also would love to get a AGESA 1.2.0.A for my X570S and B550 Aorus Pro somehow someday dear Gigabyte ;)
Posted on Reply
Add your own comment
May 21st, 2024 05:16 EDT change timezone

Latest GPU Drivers

New Forum Posts

Popular Reviews

Controversial News Posts