News Posts matching #Firmware

Return to Keyword Browsing

AMI Partners with Samsung to Bring Firmware Security to PCs

AMI, the global leader in Dynamic Firmware for worldwide computing, has partnered with Samsung Electronics, the global leader in consumer technology, to create an enhanced joint security solution available in Samsung's Galaxy Book PCs. Alongside Samsung's multi-layer security platform Samsung Knox, AMI's Tektagon - the industry-leading Platform Root of Trust firmware security solution - is now integrated into Samsung PCs including the Galaxy Book5 Pro 360, Galaxy Book4 Pro, Galaxy Book4 Pro 360, and Galaxy Book4 Ultra.

Through this collaborative partnership, AMI's Tektagon seamlessly integrates with Samsung Knox to ensure that confidential and sensitive data stays safe at every layer of the device through real-time threat detection and collaborative protection, while providing the highest level of security against firmware-injected malware to help prevent ransomware and denial of service attacks.

MSI Releases Firmware with 105W TDP Option for Ryzen 5 9600X and Ryzen 7 9700X

MSI is excited to announce the upcoming release of the AMD AGESA BIOS PI 1.2.0.1 update, designed to enhance power delivery performance for the AMD Ryzen 5 9600X and Ryzen 7 9700X processors on our 600 Series motherboards. This new BIOS will include an option that allows users to increase the original CPU TDP to 105 W on these two Ryzen processors, providing an extra boost in performance.

With this new feature allowing the TDP of the new Ryzen 7 9700X and Ryzen 5 9600X processors to be increased to 105 W, as seen with the picture below, performance actually gain at approximately of 13% compared to the original 65 W TDP.

MSI Releases MPG 271QRX and MPG 321URX QD-OLED Firmware Update, Gives DSC Control

MSI today released firmware updates for its MPG 271QRX QD-OLED and MPG 321URX QD-OLED gaming monitors. The updates are aimed at giving end-users control over DSC (display stream compression), to improve image quality when the display I/O bandwidth permits. This control is in the form of an OSD-level toggle for DSC DLDSR and DSR modes. For the MPG 271QRX QD-OLED, the update also adds a mode switch between HDMI Console and HDMI PC, with the default being Console. The update also packs optimizations to improve input lag and the monitor's share in whole-system latency. The update also includes aspect-ratio selection in the OSD for the MPG 321URX QD-OLED. A white-line artifact on the MPG 271QRX QD-OLED when using 2560 x 1440 @ 360 Hz has been fixed. Visit the support section of the product pages of your monitor for instructions on how to get and install the firmware updates.
The change-log follows.

PlayStation VR2 Firmware Update Enables PC Access

The "iVRy VR" community-backed project has slowly chipped away at unlocking the PlayStation VR2's full potential—Sony's $550 (MSRP) virtual reality headset is locked into the PlayStation 5 ecosystem, but many gamers have requested that it become compatible with PC platforms. iVRy's progress on this front could be surpassed by first-party efforts—a month ago, Sony indicated that it was exploring new avenues: "we're pleased to share that we are currently testing the ability for PS VR2 players to access additional games on PC to offer even more game variety in addition to the PS VR2 titles available through PS5. We hope to make this support available in 2024, so stay tuned for more updates." Reports suggest that Sony's second generation product has not met sales expectations—insiders posit that company leadership has requested a pause of production. An entry into the PC market could boost the PS VR2's popularity, but it will face plenty of competition within an already "niche" segment.

iVRy has monitored Sony's progress with great interest—the former's social media account has disclosed the discovery of a new development milestone: "(their) latest firmware update enables PC access! This means it's no longer necessary to use driver/hardware workarounds to make it work on Windows. Still to be confirmed whether this update enables NVIDIA use, but all indications are that Sony's 'PC games' plans involve direct connection." The iVRy VR project has—so far—managed to (successfully) connect the PS VR2 to AMD GPU-based systems. Sony is expected to produce an official means of hooking up their headset to PCs. iVRy discussed this provision in their follow-up post: "a 'VirtualLink' adapter of some kind is still required due to PS VR2 hardware design. If Sony does intend to make 'official' PC drivers, they would need to provide this adapter to end-users."

Tiny Corp. Pauses Development of AMD Radeon GPU-based Tinybox AI Cluster

George Hotz and his Tiny Corporation colleagues were pinning their hopes on AMD delivering some good news earlier this month. The development of a "TinyBox" AI compute cluster project hit some major roadblocks a couple of weeks ago—at the time, Radeon RX 7900 XTX GPU firmware was not gelling with Tiny Corp.'s setup. Hotz expressed "70% confidence" in AMD approving open-sourcing certain bits of firmware. At the time of writing this has not transpired—this week the Tiny Corp. social media account has, once again, switched to an "all guns blazing" mode. Hotz and Co. have publicly disclosed that they were dabbling with Intel Arc graphics cards, as of a few weeks ago. NVIDIA hardware is another possible route, according to freshly posted open thoughts.

Yesterday, it was confirmed that the young startup organization had paused its utilization of XFX Speedster MERC310 RX 7900 XTX graphics cards: "the driver is still very unstable, and when it crashes or hangs we have no way of debugging it. We have no way of dumping the state of a GPU. Apparently it isn't just the MES causing these issues, it's also the Command Processor (CP). After seeing how open Tenstorrent is, it's hard to deal with this. With Tenstorrent, I feel confident that if there's an issue, I can debug and fix it. With AMD, I don't." The $15,000 TinyBox system relies on "cheaper" gaming-oriented GPUs, rather than traditional enterprise solutions—this oddball approach has attracted a number of customers, but the latest announcements likely signal another delay. Yesterday's tweet continued to state: "we are exploring Intel, working on adding Level Zero support to tinygrad. We also added a $400 bounty for XMX support. We are also (sadly) exploring a 6x GeForce RTX 4090 GPU box. At least we know the software is good there. We will revisit AMD once we have an open and reproducible build process for the driver and firmware. We are willing to dive really deep into hardware to make it amazing. But without access, we can't."

Razer Kitsune Firmware 2.0 Update Adds "SOCD Cleaning" Feature

When we launched the Razer Kitsune, we promised a device that not only meets the demands of today's fighting game community but also evolves with it. True to our word, I am excited to share something exciting that we've been working on—a significant update that's all about fine-tuning your control in the heat of battle.

What's the Update About?
The heart of this update is a new feature called SOCD Cleaning. Let me break it down: SOCD stands for Simultaneous Opposing Cardinal Directions—which happens when you press opposite directions at the same time on your controller. It's a common scenario, that can change how you fully control your character. If you're eager to update, the Firmware 2.0 Update for the Razer Kitsune is available now over at mysupport.Razer.com. It's a straightforward process, and it ensures your Kitsune is not just up to date but also customized to fit your play style even better.

MSI Readies 6.40 GHz OC Profile for Core i9-14900KS for Select Motherboards

Select MSI motherboards from the MPG and MEG series that support Intel's Extreme Power Profile, feature a UEFI Firmware setup program option called "P-core Beyond 6 GHz+." This is a set of overclocking presets by MSI, designed to work with select Intel KS-series processors. Apparently the BIOS MSI released to support the upcoming Core i9-14900KS, comes with this option along with several settings that can get two of the eight P-cores to boost to 6.40 GHz—200 MHz higher than Intel's maximum boost frequency for the chip.

The other presets presented by this MSI BIOS option includes five choices—"6.3/5.9 GHz," "6.4/5.9 GHz," "6.2/5.8 GHz," "6.3/5.8 GHz," and the ultimate "6.4/5.8 GHz." Here, the first frequency mentioned in the setting is the maximum that the P-cores will hit using the Thermal Velocity Boost algorithm, for its two best performing cores, provided the cooling is optimal. The second frequency in the setting label is the maximum the P-cores will reach using the Turbo Boost Max 3.0 algorithm. Each of the five presets have been tested by MSI on the i9-14900KS under a cooling setup that permits the processor to achieve the top-rated speed using Thermal Velocity Boost. If the Core i9-13900KS is anything to go by, the i9-14900KS may require you to be ready with the best possible cooling setup to run the processor even at its stock speeds.

Logitech G Pro X Superlight 2 Gets 4 kHz Response Rate Upgrade

Logitech's G PRO X SUPERLIGHT 2 wireless gaming mouse arrived last September with an MSRP of $159—at the time, cutting-edge peripheral enthusiasts were expecting a mighty upgrade over the ultra popular 2020 iteration. TPU's resident mouse guru—pzogel—had a "hard time making a case for the Pro X Superlight 2," when comparing it to the preceding model. Additionally, the Superlight 2's closest rival—Razer's Viper V2 Pro when combined with their 4K HyperPolling Wireless Dongle—was deemed technologically superior. A November 2023 leak revealed that Logitech was readying an intriguing firmware update—the Superlight 2 was set to be upgraded with a 4 kHz report rate mode.

The launch specification of 2 kHz (maximum) was a disappointing aspect, considering that many cheaper alternatives had already rolled out with higher polling rates (via external dongles). Logitech's latest G HUB software update brings good news for PRO X Superlight 2 users: "we are excited to share a new firmware update for your mouse that will increase your report rate to 4 kHz for free. Once you update the firmware, you'll be able to access the higher report rate in G HUB using your existing wireless dongle. For more information, visit our YouTube channel for an update from Chris Pate." In TPU's late October review, pzogel noted that the 2000 Hz rate: "comes at a price, which is reduced battery life." We hope to see a revisit with the newly implemented 4000 Hz mode tested out.

Tiny Corp. CEO Expresses "70% Confidence" in AMD Open-Sourcing Certain GPU Firmware

Lately Tiny Corp. CEO—George Hotz—has used his company's social media account to publicly criticize AMD Radeon RX 7900 XTX GPU firmware. The creator of Tinybox, a pre-orderable $15,000 AI compute cluster, has not selected "traditional" hardware for his systems—it is possible that AMD's Instinct MI300X accelerator is quite difficult to acquire, especially for a young startup operation. The decision to utilize gaming-oriented XFX-branded RDNA 3.0 GPUs instead of purpose-built CDNA 3.0 platforms—for local model training and AI inference—is certainly a peculiar one. Hotz and his colleagues have encountered roadblocks in the development of their Tinybox system—recently, public attention was drawn to an "LLVM spilling bug." AMD President/CEO/Chair, Dr. Lisa Su, swiftly stepped in and promised a "good solution." Earlier in the week, Tiny Corp. reported satisfaction with a delivery of fixes—courtesy of Team Red's software engineering department. They also disclosed that they would be discussing matters with AMD directly, regarding the possibility of open-sourcing Radeon GPU MES firmware.

Subsequently, Hotz documented his interactions with Team Red representatives—he expressed 70% confidence in AMD approving open-sourcing certain bits of firmware in a week's time: "Call went pretty well. We are gating the commitment to 6x Radeon RX 7900 XTX on a public release of a roadmap to get the firmware open source. (and obviously the MLPerf training bug being fixed). We aren't open source purists, it doesn't matter to us if the HDCP stuff is open for example. But we need the scheduler and the memory hierarchy management to be open. This is what it takes to push the performance of neural networks. The Groq 500 T/s mixtral demo should be possible on a tinybox, but it requires god tier software and deep integration with the scheduler. We also advised that the build process for amdgpu-dkms should be more open. While the driver itself is open, we haven't found it easy to rebuild and install. Easy REPL cycle is a key driver for community open source. We want the firmware to be easy to rebuild and install also." Prior to this week's co-operations, Tiny Corp. hinted that it could move on from utilizing Radeon RX 7900 XTX, in favor of Intel Alchemist graphics hardware—if AMD's decision making does not favor them, Hotz & Co. could pivot to builds including Acer Predator BiFrost Arc A770 16 GB OC cards.

MSI Confirms Lack of Firmware Updates for Incoming MAG QD-OLED Monitors

MSI is preparing to launch its new generation of MPG and MAG series QD-OLED gaming monitors—early 2024 promotional activity included a couple of pre-launch initiatives. The company's marketing division is attempting to get into good graces with the gaming community—we have already witnessed the introduction of a 3-year warranty for OLED panel product, and permanent price cuts planned for launch day. It is highly probable that MSI is trying to attract customers away from ASUS ROG—the MPG 321URX ($949.99, formerly $1199) will be going up against the Swift OLED PG32UCDM ($1299).

The "MSI_Darutohne" Reddit account reached out to potential (and well heeled) customers on a popular premium gaming monitor discussion community: "Hello r/OLED_Gaming! Our QD-OLED monitors are finally rolling out, and we'd love to clarify any misconceptions and make sure everyone here is making an informed purchase! Let's get started with the Six NEW QD-OLED monitors. You may find them all listed here." Many members thanked MSI for the comprehensive product rundowns and answering of questions/queries, but one participant—Mars0813—took issue with the MAG 321UPX model's apparent inability to receive software/firmware updates. MSI_Darutohne responded and confirmed: "You are correct. The MAG 321UPX QD-OLED will NOT support software updates." Subsequent repliers stated that they would cancel their pre-orders, or request refunds. Jamartty45 stated: "Appreciate you for clarifying, but I purchased this yesterday and it will be returned as soon as it gets to my door. A $900 monitor that doesn't support software updates is absurd." The more expensive MPG tier appears to be the best route for gamers who enjoy a little bit of future-proofing and bug fixing.

BIOSTAR Outs Ryzen 8000G Series Socket AM5 Motherboard Firmware Updates

BIOSTAR, a leading manufacturer of motherboards, graphics cards, and storage devices today, announces a new BIOS update for its AMD AM5-based motherboards, specifically tailored to ensure flawless compatibility with the newly released AMD Ryzen 8000 series processors, designed to optimize system performance and reliability, allowing users to fully harness the advanced capabilities of AMD's latest Ryzen processors. Consisting of Ryzen 7 8700G, Ryzen 5 8600G, Ryzen 5 8500G, and the Ryzen 3 8300G, AMD's latest processors bring unrivaled performance at affordable price points. These cutting-edge APUs, grounded in the robust Zen 4 architecture, seamlessly blend high performance with versatility.

Moreover, these processors are equipped with an RDNA 3 GPU, offering superior graphics performance for gaming and content creation. Additionally, Ryzen 7 8700G and Ryzen 5 8600G feature an innovative XDNA Neural Processing Unit (NPU), a significant advancement that directly boosts artificial intelligence processing capabilities at the hardware level. This integration positions these APUs as a formidable choice for users seeking a blend of performance, AI-enhanced capabilities, and affordability.

ASUS Rolls Out AGESA 1.1.0.1 Firmware Updates for Socket AM5 Motherboards that Support Upcoming Phoenix APUs

ASUS began rolling out beta UEFI firmware updates for its Socket AM5 motherboards that contain the latest AMD AGESA 1.1.0.1 microcode. If you recall, ASRock had recently released its own firmware updates last month that feature AGESA 1.1.0.0. This would be the first widely released firmware from ASUS to support the upcoming Ryzen 8000G "Phoenix" and "Phoenix 2" desktop APUs; and the 4th AGESA release to do so. Version ComboAM5PI 1.1.0.1 contains a newer version of the system management unit (SMU) for "Phoenix" and "Phoenix 2," with SMU version 76.75.0, compared to version 76.72.0 with the older ComboAM5PI 1.1.0.0 that ASRock released in November.

The UEFI firmware updates by ASUS containing AGESA ComboAM5PI 1.1.0.1 are only being released for AMD B650/E and X670/E chipset motherboards, and only spanning the company's ROG, ROG Strix, TUF Gaming, and ProArt product lines, we haven't come across one for the Prime series, yet. It's important to reiterate here, that these are beta updates, and those with Ryzen 7000 "Raphael" processors don't stand to benefit from them, as the SMU for "Raphael" hasn't changed since ComboAM5PI 1.0.8.0. Check for the firmware updates in the Support section of the product pages of your motherboard on the ASUS website.

AMI to Enable Arm Ecosystem with Arm SystemReady SR-SIE Certified UEFI and BMC Firmware on the NVIDIA GH200

AMI is pleased to announce that it has become one of the first Independent Firmware Vendors (IFV) to receive the Arm SystemReady SR v2.4 with Security Interface Extension (SIE) v1.2 certificate for the NVIDIA GH200 P4352 Reference Platform with AMI's Aptio V System Firmware solution. This marks another noteworthy achievement for AMI's solutions as they continue to enable Arm SystemReady SR certificates on NVIDIA GH200-based platforms. "The certification allows them to bet on a wide range of software applications, infrastructure solutions, firmware, and even entire operating systems with drivers that may have never been run before on our latest silicon before with the confidence that it "just works," says Ian Finder, Principal Product Lead, Grace at NVIDIA.

As the leading UEFI and BMC firmware provider for the Arm and x86 ecosystem, AMI recognizes the significance of the Arm SystemReady certification program, ensuring that Arm-based systems and solutions "just work" out of the box with standard operating systems, hypervisors, and software. AMI is focused on delivering interoperable, scalable, and secure foundational firmware solutions to the Arm ecosystem to reduce development and maintenance costs while enhancing reliability and hardware support.

ASRock Begins Rolling Out AGESA 1.1.0.0 Firmware with Phoenix APU Support

ASRock began rolling out UEFI firmware updates for its Socket AM5 motherboards that encapsulate AMD AGESA 1.1.0.0 ComboAM5PI microcode. This would be the second release of AGESA to support AMD's upcoming Ryzen 7000G "Phoenix" and "Phoenix 2" desktop APUs that the company reportedly plans to launch later this year. The AGESA 1.1.0.0 microcode comes with the SMU version 76.72.0 for "Phoenix" and "Phoenix 2," and continues with version 84.79.223 for "Raphael" and "Raphael-X" processors.

Unlike several past generations of Ryzen branded desktop APUs that only had 2-3 processor models in the retail channel, AMD is reportedly planning a slightly bigger lineup of APUs for the Socket AM5 platform, consisting of Ryzen 3, Ryzen 5, and possibly Ryzen 7 processor models, and their Ryzen PRO variants. The Ryzen 3 and Ryzen 5 models are expected to be based on the "Phoenix 2" silicon that has a combination of two "Zen 4" and four "Zen 4c" CPU cores and an iGPU with 4 compute units; while it is rumored that at least one Ryzen 5 and Ryzen 7 processor model will be built on "Phoenix," which has up to eight "Zen 4" cores, and a large iGPU with up to 12 compute units. So far we haven't seen reports of AMD bringing Ryzen AI to the desktop platform.

Intel Resumes Shipments of Xeon Sapphire Rapids MCC SKUs, Following Firmware Fixes

Intel's Xeon Sapphire Rapids CPU series has had a bumpy ride so far, with the discovery of bugs resulting in delays pushing proceedings back by more than two years. Units have been shipping out for the past couple of months, but Team Blue ran into more issues in late June—a subset of fourth Generation Intel Xeon Medium Core Count Processors (SPR-MCC) could interrupt normal system operation under certain conditions. Intel confirmed to Tom's Hardware that they were actively investigating the latest bugs, and had paused shipment of affected MCC die-based models (featuring up to 32 cores).

The publication has very recently received an update from their contact at Intel. A company spokesperson stated: "Last week, we informed you (Tom's Hardware) of an issue on a subset of 4th Generation Intel Xeon Medium Core Count Processors (SPR-MCC) that could interrupt system operation under certain conditions. Out of an abundance of caution, we temporarily paused some SPR-MCC shipments while we thoroughly evaluated a firmware mitigation. We are now confident the firmware mitigation addresses the issue. We have resumed shipping all versions of SPR-MCC and are working with customers to deploy the firmware as needed." Specifics about the latest mitigations efforts have not been divulged, but Intel is confident that these fixes will not impact processor performance.

ASUS Issues Router Product Security Advisory

If you own one of several recent ASUS router models, then you're being urged by ASUS to upgrade your firmware to the latest release as soon as possible, due to a few serious security flaws. The two most severe being CVE-2022-26376 and CVE-2018-1160, both of which are rated 9.8 on a scale of 10 in terms of severity. However, if you're running the third party Asuswrt-Merlin firmware, you're apparently safe, as the author of the third party firmware has already patched all the known security issues that ASUS has announced patches for.

The affected models are the GT6, GT-AXE16000, GT-AX11000 PRO, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400. That's 18 different models in total, all of which should be built around Broadcom hardware. It's unclear if more models are affected or not, but these are the ones ASUS has issued updates for. The security flaws in question could allow someone to take over an unpatched router and make it a part of a botnet or similar. ASUS has suggested turning off features like DDNS and VPN servers, as well as more obvious things like WAN access, port forwarding, port triggers and DMZ until the firmware has been updated on the affected models.

WD Blocking My Cloud Access for Devices Running on Old Firmware

News reports about Western Digital's implementation of new security measures started appearing online last week—My Cloud product owners were puzzled upon discovering that their access to cloud services had been blocked. Devices not updated with the latest firmware - version 5.26.202 (My Cloud) and 9.4.1-101 (My Cloud Home, SanDisk ibi) - were and continue to be barred from the start date effective June 15. This relatively new measure has been implemented in order to prevent further exploits of security vulnerabilities. WD is likely shoring up its online defenses following a major cyber attack on its My Cloud back in March, a hacker group demanded a hefty ransom fee for the return of private customer data. WD restored My Cloud services by mid-May, and released several software updates and security fixes.

According to a company security bulletin (issued last week): "Devices on firmware below 5.26.202 will not be able to connect to Western Digital cloud services starting June 15, 2023, and users will not be able to access data on their device through mycloud.com and the My Cloud OS 5 mobile app until they update the device to the latest firmware...Users can continue to access their data via Local Access." The latest fixes should protect customers from unauthorized access and ransomware attacks, but WD has not provided any further news about any ongoing negotiations with the hacker group behind the Spring data breach.

ASUS & AsRock Motherboards Updated with BIOS Support for Intel 14th Gen Core

Momomo_us posted on Twitter about their finding of a BIOS firmware update for an Intel chipset motherboard from AsRock, others soon pointed out that ASUS had quietly revised a higher-end model as well. Both boards share the same socket platform - LGA 1700 - and currently support Team Blue's 13th Gen Raptor Lake CPU series, but new details presented on pages for the ROG Maximus Z790 APEX and B760M PG Sonic WiFi suggests that these models are pre-prepared for the (still heavily rumored) launch of Raptor Lake Refresh. The changelogs for their respective BIOS updates mention "compatibility for the next-gen" and "support for next-generation" processors. TPU community member, Nater, has pointed out that his ASUS ProArt Z790-CREATOR WIFI board is also eligible for 14th gen support.

Leaks suggest that the Intel 14th Gen Core lineup is expected to launch around October time this year. Raptor Lake Refresh is likely going to serve as a sort of interim release, since insiders think that desktop Meteor Lake-S SKUs are no longer on the menu, and a full-fledged next-gen upgrade - Arrow Lake-S - is not due until Q4 2024 or Q1 2025. Not much is known about how much more performant the RPL refresh will be when compared to the existing range, but more leaks are expected in the coming months. Mobile Meteor Lake examples have been spotted in the wild recently, in official and less official capacities, so keep your eyes peeled.

Seagate Releases DirectStorage Firmware for the FireCuda 530 SSD

Seagate has released a new firmware update for its FireCuda 530 series of NVMe SSDs that adds DirectStorage support. Seagate is to our knowledge only the second company to release a firmware with DirectStorage support for its SSDs, but we're expecting more to follow. The FireCuda 530 is based on Phison's E18 controller, which is commonly found in a range of NVMe M.2 SSDs from several major and minor SSD brands, with Sabrent being the first company to have announced a DirectStorage firmware update for its drives based on the same controller.

To update to the new firmware, you need the serial number of your FireCuda 530 drive, which you then have to enter on Segate's support site to be able to download the update. The company didn't specify how the firmware update is done, but it seems to be a standalone installer, rather than using some kind of SSD tool, which most SSD makers provide for their drives these days. The new firmware is said to be "reducing CPU overhead and I/O latency, load times and asset streaming are streamlined—allowing for improved multitasking and optimized PC gaming with DirectStorage compatible games." The list of games that support DirectStorage is quite short at the moment, but hopefully we'll see more games implementing support now that there is supported hardware out there.

Phoenix Technologies Launches FirmGuard to Protect Against Firmware Vulnerabilities

Phoenix Technologies, a leading independent firmware supplier for PCs and computing devices, has launched FirmGuard, a cyber security product to address firmware vulnerability. Firmware is the software that connects a device's microchips to the operating system.

Phoenix Technologies is the first UEFI (Unified Extensible Firmware Interface) vendor to offer an enterprise cyber security product. FirmGuard is a cloud-based service, which has been initially targeted at managed service providers (MSPs). It will also be offered to large enterprise and government organizations.

About 300 MSI Motherboard Models Have a Faulty Secure Boot Implementation with Certain UEFI Firmware Versions

The UEFI Secure Boot feature is designed to prevent malicious code from executing during the system boot process, and has been a cybersecurity staple since the late-2000s, when software support was introduced with Windows 8. Dawid Potocki, a New Zealand-based IT student and cybersecurity researcher, discovered that as many as 300 motherboard models by MSI have a faulty Secure Boot implementation with certain versions of their UEFI firmware, which allows just about any boot image to load. This is, however, localized to only certain UEFI firmware versions, that are released as beta versions.

Potocki stumbled upon this when he found that his PRO Z790-A WiFi motherboard failed to verify the cryptographic signature boot-time binaries at the time of system boot. "I have found that my firmware was… accepting every OS image I gave it, no matter if it was trusted or not." He then began examining other motherboard models, and discovered close to 300 MSI motherboard models with a broken Secure Boot implementation. He clarified that MSI laptops aren't affected, and only their desktop motherboards are. Potocki says that affected MSI motherboards have an "always execute" policy set for Secure Boot, which makes the mechanism worthless, and theorized a possible reason. "I suspect this is because they probably knew that Microsoft wouldn't approve of it and/or that they get less tickets about Secure Boot causing issues for their users."

RTX 4090 has Issues with Need for Speed Unbound that can Only be Fixed with a VBIOS Update

Need for Speed Unbound (NFS Unbound), the latest entry to the popular genre-defining race sim by EA that launched today, unearthed a problem with the NVIDIA GeForce RTX 4090 "Ada" graphics card that cannot be fixed by simply updating the drivers or the game. This is a world-first—never before has a game required a VBIOS update to work around problems.

According to EA, the title exhibits a display flashing/blinking issue on machines powered by the RTX 4090, which requires a firmware update (i.e. video BIOS update). Luckily, this doesn't involve putting your RTX 4090 through a nerve-racking NVFlash manual BIOS update process (not that there's any risk with most RTX 4090 cards shipping with dual-BIOS). NVIDIA has released a fully-automated Firmware Update Tool that can be run from within Windows, which easily updates the video BIOS of the RTX 4090. We confirmed that it is in fact the video BIOS that is being updated (by comparing the VBIOS dumps before and after using the tool).
Update Dec 3rd: EA Support has just updated their support recommendation from graphics card VBIOS update to a motherboard BIOS update. "After testing, we've found a solution is to upgrade the motherboard BIOS. Please refer to your motherboard manufacturer's support page to obtain the latest system BIOS," the updated recommendation reads.

UEFI Forum Releases the UEFI 2.10 Specification and the ACPI 6.5 Specification

The UEFI Forum today announced the release of the Unified Extensible Firmware Interface (UEFI) 2.10 specification and Advanced Configuration and Power Interface (ACPI) 6.5 specification. The new specification versions expand support for new processor types, memory interfaces and platform types, while allowing for crypto agility in post-quantum system security.

"We are excited to share the new Conformance Profiles feature, responsive to community pull for a way to make the UEFI Forum's work useful," said Mark Doran, UEFI Forum President. "The Conformance Profiles feature will expand the platform types UEFI can support to an ever wider range of platform types like IoT, embedded and automotive spaces - beyond general purpose computers."

Hackers Threaten to Release NVIDIA GPU Drivers Code, Firmware, and Hash Rate Limiter Bypass

A few days ago, we found out that NVIDIA corporation has been hacked and that attackers managed to steal around 1 TB of sensitive data from the company. This includes various kinds of files like GPU driver and GPU firmware source codes and something a bit more interesting. The LAPSUS$ hacking group responsible for the attack is now threatening to "help mining and gaming community" by releasing a bypass solution for the Lite Hash Rate (LHR) GPU hash rate limiter. As the group notes, the full LHR V2 workaround for anything between GA102-GA104 is on sale and is ready for further spreading.

Additionally, the hacking group is making blackmailing claims that the company should remove the LHR from its software or share details of the "hw folder," presumably a hardware folder with various confidential schematics and hardware information. NVIDIA did not respond to these claims and had no official statement regarding the situation other than acknowledging that they are investigating an incident.

Update 01:01 UTC: The hackers have released part of their files to the public. It's a 18.8 GB RAR file, which uncompresses to over 400,000 (!) files occupying 75 GB, it's mostly source code.

Intel Prepares Seamless Updating of Firmware Without a Need for Reboot

Intel has been working on a technology that will improve the lives of all users that have an Intel-based processor in their system. According to the recent round of patches for the Linux kernel, Intel's engineers have been working on a feature called Intel Seamless Update, which promises to bring updating of system firmware without a need to reboot. First of all, it is important to note that firmware upgrades have been stuck at requiring reboot in order to apply patches. This has caused many systems to be down and to slow down the infrastructure by a wide margin, as these updates can last up to several minutes, where the system is rebooting and can not be used.

Intel has presented an idea of creating a technology that will update system firmware, such as UEFI, in the run time. That means that the system will be able to apply firmware patches, without ever needing a reboot, minimizing downtime. This is especially valuable for customers with very high service level agreements (SLAs) around downtime, meaning that almost 100% uptime (not possible to be 100% generally speaking) is required for these systems. An example of this would be medical server infrastructure, which has to constantly be available for access. Using this technology, systems such as these could update their firmware and be online non-stop, without maybe ever needing to reboot. The said feature is supposed to arrive in time for the launch alongside Intel "Sapphire Rapids" Xeon processors.
Return to Keyword Browsing
Nov 18th, 2024 01:23 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts