• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Meltdown and Spectre Patched BIOS for X58 Motherboards

Regeneration

NGOHQ.COM
Joined
Oct 26, 2005
Messages
3,131 (0.45/day)
@Spudz76

First generation i7s didn't receive a microcode update from MS or hardware manufacturers.

The MS KBs are for 2nd generation CPUs and above, it must be loaded during boot (before the kernel).

The X58 platform is considered "old", unsupported and out of warranty.

Westmere Xeons deliver good performance, overclock well, and extremely cheap (6C/12T for $50).

The changes made to the BIOSes were minimal to ensure boards won't brick.

BIOS flashing utilities perform integrity and checksum check before writting data to the chip.
 
Last edited:
Joined
Jul 24, 2018
Messages
33 (0.01/day)
@Spudz76
There is currently no official microcode fix from Microsoft for Spectre for any chip prior to Sandy Bridge, so they are still vulnerable without a bios patch at this time.
https://support.microsoft.com/en-us...or-windows-10-version-1803-and-windows-server

Those are some pretty big assumptions you're making about not being targeted. The problem with this kind of exploit is that you wouldn't even know if you had been compromised already or not.

If it's something easy enough to exploit and the system hasn't been patched then there's a chance it's already been compromised, this quite common on the web with so many zero day exploits these days.

Luckily it doesn't seem like Spectre/Meltdown are easy to exploit at this time, but in the future it may be easier as tools are developed, etc. It may be as easy as your browser running some JS on a malicious/compromised site.
 

dorsetknob

"YOUR RMA REQUEST IS CON-REFUSED"
Joined
Mar 17, 2005
Messages
9,107 (1.27/day)
Location
Dorset where else eh? >>> Thats ENGLAND<<<
. I'm just sad nobody bricked a board yet doing these better safe than sorry voodoo rituals on their flash, and losing their warranty in the process.
These X58 Boards are out of warranty and therefor will not receive any Official Support

AND BY THE WAY
Therefore I bet you morons
"NOT COOL TO CALL PEOPLE MORONS"
 

Spudz76

New Member
Joined
Jul 28, 2018
Messages
3 (0.00/day)
Apologies for the 'morons' bit.
But I get real tired of this "afraid of the boogeyman" thing it's identical to terrorism. 0.0001% chance anything is going to happen and we do 101% effort to stop it from happening just in case, just because it feels like the thing to do.
But seriously nothing will happen regardless which route you choose, all you are doing is forming another false bandwagon for people to jump on, paranoia and panic.

It does not need to be loaded prior to kernels, whatsoever. It needs to be loaded prior to multiuser access.
 
Joined
Aug 20, 2007
Messages
21,469 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
Cool waste of time!

Speaking of time, your processor is still """vulnerable""" for about half a second before BIOS loads the microcode. As """vulnerable""" as it would be for the five seconds or so it takes before the OS would have loaded the same microcode into it, if you've installed system updates on any current OS (and most outdated ones too) in the last 3 to 6 months. Thus, risking it and flashing BIOS is only protecting you from exploits in a five second window, where nothing can even happen because you aren't booted into an OS yet. Besides that this bug only matters on large hypervisors really, so if you don't run the servers at Amazon S3 or similar you don't need to patch for this, at all. You might as well get a car alarm for your 1992 Geo Metro, or a full-on armed bank guard service for your piggy bank... nobody is targeting the useless contents of your personal computer, it's far easier to trick idiots with regular worms or fake portal login pages. They want the big high density apartment condos since this lets them see through walls, fiddling with Xray vision in your ranch house where you live alone nets them no cool data.

But it's entertaining to watch everyone chase their tails as if doing something positive. I'm just sad nobody bricked a board yet doing these better safe than sorry voodoo rituals on their flash, and losing their warranty in the process. Don't you think if it mattered whatsoever to have current microcode in BIOS, the board manufacturer would slip a new approved version out so it wouldn't void warranty? They didn't, both because it's unimportant to load it that early (unless it breaks boot handoff to the OS / supports a newer CPU), and the OS providers released patches, so you're already running new microcode unless you intentionally blocked the updates or reverted (to keep your performance). Therefore I bet you morons are benchmarking the same microcode and then claiming no degradation - well yeah you've tested apples against apples of course there is no difference. You've just moved when the patched microcode got loaded by a few seconds, both events happen well before you can even login. You would have to ensure the OS is not loading any new microcode, run "before" benchmarks, flash the hacked warranty blaster BIOS from here and then do the "after", to see a real result. It can be tough to trace which MS KB# installed various microcode versions into Windows in order to revert them, to get an accurate test, but you would have to have done that to test real unpatched microcode (or run the before benchmark last year before any paranoid-panic-OS-vendor-patchfest happened).

You might as well wear full body armor on top of bubble wrap to go to the store, you know, good old better safe than sorry. Also, walk, because driving is more risky than leaving this bug unfixed. But don't cross any streets as that is probably more unsafe than driving. Oh and wear a helmet too, so regular people know you're "insane about safety" (they would only suspect regular insanity otherwise).

So you are certain you know better than the engineers who make the microcode?

Cool story bro. Now step aside please, grown up types are talking.

There are X58 hosted machines still running around, hence these patches ARE useful.
 

Spudz76

New Member
Joined
Jul 28, 2018
Messages
3 (0.00/day)
I'm certain the engineers caved to the marketing types and made patched microcode whether it was actually and technically necessary or not, yes.

If the news says "omg new bugz, hackers everywhere, no one is safe!" and then your engineers say "meh, theoretical hole no big deal, we don't need to do anything" your marketing (aka PR) department loses their composure. So even if it were completely pointless the engineers had to do something as a face saver motion against the dumbass half-story/clickbait/alarmist news going around about it.

If they really wanted to secure the microcode, it would just load up and halt the CPU. 100% secure! You know, better safe than sorry.
 
Joined
Jul 29, 2018
Messages
3 (0.00/day)
Anyone have any solid info on which i7s were updated with this? From my research the 106A5 were all Nehalem Xeons and the 206C2 were all Westmere Xeons. The Bloomfield and Gulftown i7s are still not being supported. Great that the Xeons were updated and some are compatible with x58 but for those of us with i7s its a real kick in the nuts from intel.
 

Regeneration

NGOHQ.COM
Joined
Oct 26, 2005
Messages
3,131 (0.45/day)
206c2 = Westmere/Gulftown (Xeons, hexacore i7s)
106a5 = Bloomfield (quadcore i7s stepping D0)
 
Last edited:
Joined
Jun 24, 2010
Messages
278 (0.05/day)
System Name MSI GT72S 6QE
Processor Core i7 6820HK
Motherboard Intel Sunrise Point CM236
Cooling 2 fans
Memory 2x 8 GB SO-DIMM DDR4-RAM (2133 MHz)
Video Card(s) NVIDIA GeForce GTX 980M - 8192 MB
Storage 1 ssd 3 hard drives
Display(s) 17.3 inch 16:9, 1920x1080 pixel, LG Philips LP173WF4-SPF1 (LGD0469), IPS, Full HD
Case ??!!!
Audio Device(s) Realtek ALC899
Power Supply most beautiful brick you have ever seen
I too believe that they are exagerating with these hacks. But more choice is always good, gotta admire Regeneration for his work.
Will maybe patch my laptop once more people beta test it :))
 
Joined
Aug 20, 2007
Messages
21,469 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
I'm certain the engineers caved to the marketing types and made patched microcode whether it was actually and technically necessary or not, yes.

If the news says "omg new bugz, hackers everywhere, no one is safe!" and then your engineers say "meh, theoretical hole no big deal, we don't need to do anything" your marketing (aka PR) department loses their composure. So even if it were completely pointless the engineers had to do something as a face saver motion against the dumbass half-story/clickbait/alarmist news going around about it.

That's really not how it works. But believe what you want.

@Regeneration, any chance of getting support for Intel boards like the DX58SO2?
 

Regeneration

NGOHQ.COM
Joined
Oct 26, 2005
Messages
3,131 (0.45/day)
Intel X58 motherboards use a variety of checksum checks since earlier boards were targeted for businesses. But I'm working on a solution.
 
Joined
Feb 4, 2014
Messages
351 (0.09/day)
Location
Oztralia down under
System Name K9
Processor i9 9900K @ 5.1Ghz and 32deg C - delid + Grizzly Conductonaught LM
Motherboard Gigabyte Aorus Z390 Gaming X
Cooling Custom water cooling loop - GPU + mobo (+VRM's) + CPU
Memory G Skill - Trident Z RGB DDR4 - 3866Mhz x 32Gb @ 3800Mhz
Video Card(s) Gigabyte Aorus 11Gb GTX 1080 Ti Waterforce Extreme @ 2250Mhz
Storage Samsung 500Gb M2 970 EVO + Samsung 850 Pro SSD + ADATA 512Gb SSD + Samsung 1Tb & 3T + WD 1Tb + 3Tb
Display(s) ASUS 27" ROG Swift 1440p @ 165Hz & BenQ 27" LED
Case Thermaltake Core P7 - Open frame
Audio Device(s) Logitech Z906 - 5.1ch
Power Supply EVGA 1200W
Mouse Roccat LeadR + Razer Nagar V2 Pro
Keyboard Corsair K70 LUX with Cherry Red switches
Software Win 10 Pro 64bit
Benchmark Scores v/fast
Intel X58 motherboards use a variety of checksum checks since earlier boards were targeted for businesses. But I'm working on a solution.

hi Regeneration,

Keep up the excellent work m8.

It's a shame that some people don't appreciate the work that people like you do for others, on a voluntary basis.

I've been in the IT industry since 1985 - the old 8086 IBM XT pc days an know how complicated things can be - so it's hats off to people like you.

regards
 
Joined
Aug 20, 2007
Messages
21,469 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
Intel X58 motherboards use a variety of checksum checks since earlier boards were targeted for businesses. But I'm working on a solution.

I'm aware, tried updating it myself but failed. Was hoping you had some magic skills I missed... lol.

Really good of you to do this. As a fellow bios modder I can say this stuff is thankless, and pretty hard to recover from when you screw something up. Everyone should view him doing this as a community service.
 
Joined
Jul 30, 2018
Messages
3 (0.00/day)
System Name Yesterday
Processor Intel i7 920 D0
Motherboard Gigabyte X58A-UD3R rev 2.0
Cooling Corsair H45
Memory Corsair Dominator 2GBx3 @1600
Video Card(s) MSI GTX 660 Ti OC 2GB
Storage Samsung 840 Evo 120GB
Display(s) Dell U2410
Case CaseLabs Magnum TH10B
Audio Device(s) X-Fi Xtreme Music 0460
Power Supply Corsair HX850W
Mouse Logitech G500 / Logitech G602 + SteelSeries QcK Mass
Keyboard Ducky Zero Blue Switch
Software Windows 10 Pro 1803 x64
Joined
Feb 4, 2014
Messages
351 (0.09/day)
Location
Oztralia down under
System Name K9
Processor i9 9900K @ 5.1Ghz and 32deg C - delid + Grizzly Conductonaught LM
Motherboard Gigabyte Aorus Z390 Gaming X
Cooling Custom water cooling loop - GPU + mobo (+VRM's) + CPU
Memory G Skill - Trident Z RGB DDR4 - 3866Mhz x 32Gb @ 3800Mhz
Video Card(s) Gigabyte Aorus 11Gb GTX 1080 Ti Waterforce Extreme @ 2250Mhz
Storage Samsung 500Gb M2 970 EVO + Samsung 850 Pro SSD + ADATA 512Gb SSD + Samsung 1Tb & 3T + WD 1Tb + 3Tb
Display(s) ASUS 27" ROG Swift 1440p @ 165Hz & BenQ 27" LED
Case Thermaltake Core P7 - Open frame
Audio Device(s) Logitech Z906 - 5.1ch
Power Supply EVGA 1200W
Mouse Roccat LeadR + Razer Nagar V2 Pro
Keyboard Corsair K70 LUX with Cherry Red switches
Software Win 10 Pro 64bit
Benchmark Scores v/fast
Joined
Jul 24, 2018
Messages
33 (0.01/day)
Had a few hiccups but all seems fine on my Z8NA-D6C with x5670's. Thanks for the help Regeneration!

V5BbP6C.png
 
Joined
Jul 30, 2018
Messages
3 (0.00/day)
System Name Yesterday
Processor Intel i7 920 D0
Motherboard Gigabyte X58A-UD3R rev 2.0
Cooling Corsair H45
Memory Corsair Dominator 2GBx3 @1600
Video Card(s) MSI GTX 660 Ti OC 2GB
Storage Samsung 840 Evo 120GB
Display(s) Dell U2410
Case CaseLabs Magnum TH10B
Audio Device(s) X-Fi Xtreme Music 0460
Power Supply Corsair HX850W
Mouse Logitech G500 / Logitech G602 + SteelSeries QcK Mass
Keyboard Ducky Zero Blue Switch
Software Windows 10 Pro 1803 x64
i7 920 D0 + Gigabyte X58A-UD3R rev 2.0

Capture.JPG
 
Joined
Jul 29, 2018
Messages
3 (0.00/day)
i7 920 D0 + Gigabyte X58A-UD3R rev 2.0

View attachment 104861
Did you do anything special to get this working?

I've been having issues with the update working on a D0 i7-930 and an EVGA X58 SLI. It loads the bios fine but, InSpectre is stating no spectre protection even with the latest microcode installed and all windows updates, trying to figure out what is going on or what I'm doing wrong.
 
Joined
Jul 24, 2018
Messages
33 (0.01/day)
The official release includes outdated microcode from January 2018.
Typical ASUS...

Did you do anything special to get this working?

I've been having issues with the update working on a D0 i7-930 and an EVGA X58 SLI. It loads the bios fine but, InSpectre is stating no spectre protection even with the latest microcode installed and all windows updates, trying to figure out what is going on or what I'm doing wrong.

I had the same issue where after updating the bios InSpectre still showed vulnerable to Spectre.

To fix it I clicked the "Disable Meltdown Protection" button and restarted. After restart I clicked it again, and restarted again, then everything showed protected.

Sounds strange but it worked for me, this is after I had already flashed the bios a few times.
 
Joined
Aug 20, 2007
Messages
21,469 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
Did you do anything special to get this working?

I've been having issues with the update working on a D0 i7-930 and an EVGA X58 SLI. It loads the bios fine but, InSpectre is stating no spectre protection even with the latest microcode installed and all windows updates, trying to figure out what is going on or what I'm doing wrong.

i7 930 is bloomfield. Updates only go so far back as Gulftown/Westmere (6-cores). You are basically out of luck, sorry.
 
Joined
Jul 24, 2018
Messages
33 (0.01/day)
i7 930 is bloomfield. Updates only go so far back as Gulftown/Westmere (6-cores). You are basically out of luck, sorry.

Yeah, that is a little strange that the 930 is showing protected. Maybe InSpectre isn't detecting things correctly.
 

Regeneration

NGOHQ.COM
Joined
Oct 26, 2005
Messages
3,131 (0.45/day)
i7 9xx series stepping D0 (Bloomfield, 106A5) is fully supported and protected.
 
Last edited:
Top