Even if you don't have more than one operating system installed, your PC has a boot-loader, a software component first executed by the system BIOS, which decides which operating system to boot with. This also lets users toggle between different run-levels or configurations of the same OS. The GRUB2 boot-loader is deployed across billions of computers, servers, and pretty much any device that uses a Unix-like operating system. Cybersecurity researchers with Oregon-based firm Eclypsium, discovered a critical vulnerability with GRUB2 that can compromise a device's operating system. They named the vulnerability BootHole. This is the same firm behind last year's discovery of the Screwed Drivers vulnerability. It affects any device that uses the GRUB2 boot-loader, including when combined with Secure Boot technology.

BootHole exploits a design flaw with two of the key components of GRUB2, bison, a parser generator, and flex, a lexical analyzer. Eclypsium discovered that these two can have "mismatched design assumptions" that can lead to buffer overflow. This buffer overflow can be exploited to execute arbitrary code. Devices with modern UEFI and Secure Boot enabled typically wall off even administrative privileged users off from tampering with boot processes, however, in case of BootHole, the boot-loader parses a configuration file located in the EFI partition of the boot device, which can be modified by any user (or malicious process) that has admin privileges. Thankfully, patched versions of GRUB2 are already out, and the likes of SUSE have started distributing it for all versions of SUSE Linux. Expect practically every other *nix vendor, server manufacturer, to release patches to their end-users. Find a technical run-down of the vulnerability in this PDF by Eclypsium.

A performance review of the Intel Core i5-L16G7 "Lakefield" Hybrid processor (powering a Samsung Galaxy S notebook) was recently published by Golem.de, which provides an in-depth look at Intel's ambitious new processor design that sets in motion the two new philosophies Intel will build its future processors on - packaging modularity provided by innovative new chip packaging technologies such as Foveros; and Hybrid processing, where there are two sets of CPU cores with vastly different microarchitectures and significantly different performance/Watt curves that let the processor respond to different kinds of workloads while keeping power-draw low. This concept was commercially proliferated first by Arm, with its big.LITTLE topology that took to the market around 2013. The "Lakefield" i5-L16G7 combines a high-performance "Sunny Cove" CPU core with four smaller "Tremont" cores, and Gen11 iGPU.

The Golem.de report reveals that Windows 10 thread scheduler is aware of the hybrid multi-core topology of "Lakefield," and that it is able to classify workloads at a very advanced level so the right kind of core is in use at any given time. The "Sunny Cove" core is called upon when interactive vast serial processing loads are in demand. This could even be something like launching applications, new tabs in a multi-process web-browser, or less-parallelized media encoding. The four "Tremont" cores keep the machine "cruising," handling much of the operational workload of an application, and is also better tuned to cope with highly parallelized workloads. This is similar to a hybrid automobile, where the combustion engine provides tractive effort from 0 kph, while the electric motor sustains a cruising speed.

Microsoft has announced an extension to the Windows Defender System Guard which will allow it to also verify and guarantee integryity of systems at a UEFI BIOS level. Citing an increase in hardware and firmware-level attacks over the years, the extended protection functionality aims to guarantee protection across the entire hierarchy of a device, from firmware up through to cloud processing.

The UEFI scanner is a new component of the built-in antivirus solution on Windows 10 and gives Microsoft Defender ATP the unique ability to scan inside of the firmware filesystem and perform security assessment. Working in conjunction with your systems' chipset, the UEFI scanner features a three-pronged solution to firmware security: UEFI anti-rootkit, which reaches the firmware through Serial Peripheral Interface (SPI); Full filesystem scanner, which analyzes content inside the firmware; and a Detection engine, which identifies exploits and malicious behaviors.

AMD on Wednesday disclosed a new security vulnerability affecting certain client- and APU processors launched between 2016 and 2019. Called the SMM Callout Privilege Escalation Vulnerability, discovered by Danny Odler, and chronicled under CVE-2020-12890, the vulnerability involves an attacker with elevated system privileges to manipulate the AGESA microcode encapsulated in the platform's UEFI firmware to execute arbitrary code undetected by the operating system. AMD plans to release AGESA updates that mitigate the vulnerability (at no apparent performance impact), to motherboard vendors and OEMs by the end of June 2020. Some of the latest platforms are already immune to the vulnerability.A statement by AMD follows.

MSI confirmed that AMD's "Zen 3" processor support will be added to the company's AMD 400-series chipset motherboards, including the non-MAX SKUs that only have 16 MB EEPROM chips. Marketing Director Eric van Beurden in an MSI Insider video presentation confirmed that with the non-MAX motherboards, "Zen 3" support will be added as AMD planned to go about doing so (i.e. add "Zen 3" support by cutting out support for older processors and slimming down the UEFI setup program down to the GSE Click BIOS program, which may not correspond with your motherboard's original feature-set). On the other hand, the MAX SKUs, with their 32 MB EEPROMs will receive "Zen 3" support painlessly, meaning that the board may retain support for some, if not all, older processor generations, and retain their original feature-rich UEFI setup programs.

AMD formally announced its AGESA ComboAM4 1.0.0.5 microcode. The new microcode is intended to be encapsulated into motherboard UEFI firmware updates and distributed by motherboard- and OEM desktop manufacturers, at their discretion. AGESA 1.0.0.5 improves POST (time) with select Micron Technology DDR4-3200 memory chips. An intermittent virtual memory error with certain Realtek onboard Ethernet PHY chips has been fixed. The microcode also improves PCI-Express bus stability and interoperability, in general. A PCIe lane configuration issue with Ryzen 3 Pro 2100GE has been fixed. Besides these, all other performance- and stability-improvements part of older 1.0.0.4 a/ab/abb/abba microcodes are incorporated into 1.0.0.5. Keep an eye on the BIOS updates section of your socket AM4 motherboard's product page on its company website.

Tails OS the operating system recommended by Edward Snowden, now works on systems with UEFI Secure Boot enabled. Tails OS is built from the ground up to offer maximum security and privacy running of a portable drive and leaving no trace on the host computer. The latest Tails OS 4.5 update added support for this crucial UEFI Secure Boot feature which was already found in most operating systems. Secure Boot uses cryptographic signatures to verify the integrity of firmware files loaded on system boot and insure they have not been tempered with.

Secure Boot has been available as part of the UEFI specification now for over two decades but is rarely used due to compatibility reasons. While not commonly used, the fact that a security focused operating system did not support this security feature was worrying for many as it meant Secure Boot had to be disabled on the host computer before the OS could boot. Work to add the feature has been ongoing over the last 6 years and is now complete and ready for use.

AMD is giving final touches to an AGESA microcode update that fixes the issue of underwhelming Precision Boost behavior on its 3rd generation Ryzen processors. Version ComboAM4 1.0.0.3ABBA is being pushed to motherboard manufacturers to integrate with their UEFI firmware, and one such dispatch to MSI got leaked to the web on ChipHell. Tom's Hardware grabbed the BIOS as it was compatible with the MEG X570 Creator motherboard they have, and tested the Ryzen 9 3900X and Ryzen 7 3700X with it.

In its testing, posted in a mini-review article, Tom's Hardware observed that with AGESA 1.0.0.3ABBA, their 3700X sample was correctly hitting 4.40 GHz across the board at stock settings. With the older 1.0.0.3AB, it would touch 4.375 GHz. The Ryzen 9 3900X behaves slightly differently with this microcode. Tom's Hardware was able to raise its peak boost frequency from 4.575 GHz to 4.625 GHz (above the 4.60 GHz specification), but in certain tests such as POV-Ray and Cinebench, its boost frequency decays down to 4.250 GHz. Overall, the reviewer tabulated improved performance on the chips with the new microcode. The new microcode also apparently changes the processor's thermal thresholds.Update (10/9) AMD posted an elaborate release detailing the AGESA 1.0.0.3ABBA update.

MSI is among the motherboard manufacturers who had to significantly modify their UEFI firmware packages to cram in AGESA ComboAM4 1.0.0.3ab microcode on their AMD 300-series and 400-series chipset motherboards, due to firmware ROM size limitations. Most older MSI AM4 motherboards have 128 Mbit (16 MB) SPI flash ROM chips, which proved insufficient to integrate the latest AGESA microcode alongside its feature-rich ClickBIOS 5 UEFI setup program. MSI addressed the issue on two fronts. For its existing motherboards that have 128 Mb flash chips, it released BIOS updates that have AGESA 1.0.0.3ab, but shed some bulk on the setup program, by replacing ClickBIOS 5 with the "GSE-lite" setup program. The company is also releasing newer revisions of many of its AMD B450 chipset motherboards anticipating demand from the section of 3rd gen Ryzen buyers who don't want to spend at least $170 on an AMD X570 motherboard.

These revised motherboards feature "MAX" in the name, and come with 256 Mb (32-megabyte) SPI flash ROM chips, enabling MSI to combine AGESA ComboAM4 1.0.0.3ab with ClickBIOS 5, and not compromising on any of the motherboard's BIOS-level feature-set. These motherboards also come with out-of-the-box support for all of the 3rd generation Ryzen processors launched so far, as indicated on the box. The boards also retain support for A-series "Bristol Ridge" and "Raven Ridge" Athlon APUs that had faced the axe with the latest BIOS updates. The B450 Tomahawk MAX and Mortar MAX are characterized by matte-black heatsinks replacing silver; while the B450-A PRO MAX has the "MAX" logo clearly printed on the VRM heatsink. Pricing of these boards are expected to be on par with the models they're replacing.

Our Monday story chronicled how MSI inadvertently erred in giving many of its AMD 400-series chipset motherboards 128 Mbit (16-megabyte) SPI flash ROM chips instead of larger 256 Mbit (32-megabyte) ones, which nearly jeopardized the company's "Zen 2" support deployment, forcing it to greatly thin its motherboard firmware feature-set, and break SATA RAID support on many of its boards. To be fair to MSI, the company may not have anticipated the AGESA microcode growing tremendously in size with its latest ComboAM4 1.0.0.3-series. We are now hearing from Polish tech publication PurePC that MSI has scrambled to remedy this by re-releasing many of its AMD 400-series chipset motherboards with larger 256 Mbit SPI flash ROM chips.

The PurePC report states that MSI will brand the revised motherboards "MAX" in the product name (eg: B450 Gaming Pro Carbon AC MAX, B450M Bazooka MAX, etc.), although we don't know if the new model names will have the company's latest MEG/MPG/MAG prefixes. The 256 Mbit SPI flash ROM chip allows MSI to cram in AGESA 1.0.0.3a, which lets you use 3rd generation Ryzen processors to their full capabilities (barring PCIe gen 4.0 on these motherboards of course). More importantly, the larger ROM chip allows MSI to have AGESA 1.0.0.3a without sacrificing on its feature-rich Click BIOS 5 UEFI setup program, SATA RAID module, or losing support for any of the socket AM4 processors.

Intel released CPU microcode updates to address four new security vulnerabilities disclosed by the company on May 14, 2019. These microcode updates can be encapsulated as motherboard UEFI firmware updates, and for some processors even distributed through Windows Update. In its Microcode Revision Guidance document put out on Tuesday, Intel revealed that all Core and Xeon processors going as far as the 2nd generation Core "Sandy Bridge" architecture are eligible for microcode updates.

2nd generation Core is roughly the time when motherboard vendors were forced to adopt UEFI (unrelated to these vulnerabilities). A number of low-power microarchitectures, such as "Gemini Lake," "Cherry View," "Apollo Lake," and "Amber Lake," which are basically all low-power processors released after 2012-13, also receive these updates. Until you wait for your motherboard vendor or PC/notebook OEM to pass on these microcode updates, Intel advises you to disable HyperThreading if your processor is older than 8th gen "Coffee Lake," and seek out the latest software updates.Additional slides follow.

As a follow-up to our story from Monday about AMD missing out UEFI BIOS support for its Radeon VII graphics cards, AMD has come out with a quick response. The company in a statement said that it is ready with a UEFI-ready video BIOS for the Radeon VII, and has released the BIOS to its partners. This explains ASRock's timely release of its BIOS update. The company also assured those unwilling to manually update their video BIOS that it will have one-click automatic BIOS updates posted on the AMD website very soon. AMD reiterated that the older BIOS and the new one with UEFI GOP support won't have any performance differences. The new BIOS will make your machine start up faster, since your motherboard will no longer need to load CSM. AMD's full statement follows.

AMD has released a BIOS for the Radeon VII with UEFI GOP included for our AIB partners. We will also make a one click installable BIOS available to end users via AMD.com. We do not expect gaming performance differences between the non UEFI BIOS and the UEFI GOP included BIOS, although the non UEFI BIOS may experience slower boot times from cold boot.

Update: The AMD BIOS Updater is located here: www.amd.com/en/support/radeonvii-vbios-eula

In what is turning out to be a massive QA oversight by AMD, people who bought retail Radeon VII graphics cards report that their cards don't support UEFI, and that installing the card in their machines causes their motherboard to engage CSM (compatibility support module), a key component of UEFI firmware that's needed to boot the machine with UEFI-unaware hardware (such as old storage devices, graphics cards, NICs, etc.,).

To verify this claim, we put the stock video BIOS of our Radeon VII sample in a hex editor, and what we found out startled us. The BIOS completely lacks UEFI support, including a GOP (graphics output protocol) driver. A GOP driver is a wafer-thin display driver that runs basic display functions on your GPU during the pre-boot environment. Without UEFI support for the graphics card (i.e. with CSM running), Windows 10 cannot engage Secure Boot. Since UEFI Secure Boot is a requirement for Microsoft Windows 10 Logo certification, we are having doubts whether AMD can really claim "Windows 10 compatible" for Radeon VII, at least until a BIOS update is available.

ASUS today announced that its Z390 motherboards will support a maximum DRAM capacity of 128GB via a UEFI BIOS update that's being rolled out from today on the ASUS support site. ASUS will bring this increased memory support to all Z390 motherboards via additional BIOS updates that will be available soon.

Previously, support for 128GB of DRAM was available only on high-end desktop (HEDT) motherboards with eight DIMM slots, such as the Intel X299 platform. Intel recently updated its memory reference code (MRC), enabling the memory controller in 9th Gen Intel Core processors to increase the supported capacity of each DIMM from 16GB to 32GB, resulting in a total system memory capacity of 128GB when populated with two DIMMs per channel (2DPC) on both memory channels. This increased memory support gives users more flexibility for running memory-intensive applications and tasks.

The new MacBook Air with Retina display is overall a nice upgrade from the old versions of these laptops. There's one caveat, though: the new T2 chip that manages Touch ID's Secure Enclave, APFS storage encryption or UEFI Secure Boot validation will make it impossible to boot with a Linux distribution. Apple's T2 documentation (PDF) explicitly covers how the support for booting Linux is not available: the Microsoft Corporation UEFI CA 2011 certificate used also by Linux distributions isn't trusted at this moment, so the T2 chip will make it impossible to boot from Linux distributions. Only Windows is allowed to boot via Boot Camp at the moment.

Apple's Secure Boot support page shows how the new 'Startup Security Utility' can be used to disable Secure Boot, but some people have tried to boot Linux through this method and even with that change it's impossible to boot Linux. The problem extends to the rest of machines including the T2 Security Chip, like the Mac mini, the iMac Pro or the MacBook Pro 2018, for example. Apple hasn't made any comments on the issue.

During testing for our Intel Core i9-9900K review we found out that new ASUS Z390 motherboards automatically install software and drivers to your Windows 10 System, without the need for network access, and without any user knowledge or confirmation. This process happens in complete network-isolation (i.e. the machine has no Internet or LAN access). Our Windows 10 image is based on Windows 10 April 2018 Update and lacks in-built drivers for the integrated network controllers.

Upon first boot, with the machine having no LAN or Internet connectivity, we were greeted by an ASUS-specific window in the bottom right corner of our screen, asking whether we'd like to install the network drivers and download "Armoury Crate". This got us curious and we scanned the system for any files that aren't part of the standard MS Windows installation. We discovered three ASUS-signed files in our Windows 10 System32 folder, which, so it seems, magically appeared on our harddrive out of thin air. Upon further investigation we also found a new, already running, system service called "AsusUpdateCheck."

Current AMD AM4 motherboards basically support four platforms at the moment: the new Ryzen 2000 processors, Ryzen 2000 G APUs with integrated graphics, 1st generation Ryzen and Bristol Ridge. Bristol Ridge was AMD's last processor generation before Ryzen was released. Bristol Ridge introduced Socket AM4, which according to AMD has a lifespan beyond 2020. According to Anandtech, several motherboard manufacturers are now reporting that they might drop support for Bristol Ridge in their future motherboard releases. The underlying reason is that in addition to the setup interface, and UEFI with its driver and network stack, the BIOS has to support all processors by including microcode for them.

Supporting so many CPU models bloats the size of the BIOS beyond 128 megabits (16 MB), which would exceed the capacity of the BIOS flash chips used by most vendors and force them to use higher capacity models, ie 256 megabits. As always in this industry, the issue here comes down to pricing.

A new Intel platform vulnerability emerged, chronicled by the company under CVE-2017-5703, dated April 3, which could let malware erase your motherboard UEFI BIOS, or render the EEPROM chip storing it "read-only" forever, preventing future BIOS updates, exploiting vulnerabilities in Intel's implementation of the SPI (serial peripheral interface) on its platforms. The vulnerability affects all Intel processors dating all the way back to 5th generation "Broadwell." The company quietly passed on fixes to its OEM partners to release as BIOS updates.

The vulnerability came to light in the public as Lenovo, Intel's largest OEM partner, deployed BIOS updates for its vulnerable products, while detailing it. Lenovo describes the vulnerability as "the configuration of the system firmware device (SPI flash) could allow an attacker to block BIOS/UEFI updates, or to selectively erase or corrupt portions of the firmware." It goes on to add that "this would most likely result in a visible malfunction, but could in rare circumstances result in arbitrary code execution." Intel said it discovered the vulnerability internally and hasn't noticed any exploits in the wild that take advantage of it. "Issue is root-caused, and the mitigation is known and available," the company said in a security advisory. "To Intel's knowledge, the issue has not been seen externally."

One of the greatest complaints enthusiasts had with Intel's 8th generation Core "Coffee Lake" processors and their companion 300-series chipsets is their lack of compatibility with older 200-series and 100-series chipset motherboards, despite sharing an identical LGA1151 socket. Tinfoil hatters attributed this to Intel's synthetic platform-gating to ensure people buy new motherboards every two CPU generations; while Intel itself maintained that "Coffee Lake" chips have special electrical requirements that come with the increased core-counts, without explaining how that shouldn't exempt quad-core SKUs such as the Core i3-8100 and the i3-8350K from functioning on older platforms.

It turns out that "Coffee Lake" is pin-compatible with older LGA1151 motherboards based on 200-series and 100-series chipsets after all, as modders got some of these chips to work on the older platforms. Intel is using software to prevent Coffee Lake from working on older motherboards. This software comes in the form of the CPU's microcode, the iGPU's UEFI GOP driver, and certain Management Engine bootstraps on the side of the motherboard BIOS that lets it recognize the new chips. With the safe transplanting of these pieces of software, Overclock.net modders rootuser123, LittleHill, dsanke, elisw, Mov AX, and 0xDEAD; succeeding in not only getting the chips to work on older platforms, but also found ways to iron out several stability and compatibility issues. They've published a guide at this page.

EVGA introduces you to the ultimate in raw performance for the next-gen Intel Extreme lineup, the EVGA X299 Dark. The Dark is crafted from the ground up to be the performance apex with everything you need to make a record-breaking benching run or a 24/7 number cruncher, and nothing you don't - a board that is as reliable as it is fast.

Intel is guiding its motherboard partners to remove legacy BIOS support from their UEFI firmware by 2020. The company's client- and enterprise-platforms that come out in 2020 will lack CSM (compatibility support module), a component which lets UEFI-unaware operating systems and bootable devices run on newer machines with UEFI. Devices featuring this CSM-devoid runtime will be graded "UEFI Class 3," as the runtime only exposes UEFI or UEFI PI interfaces.

This practically marks the end of 32-bit operating systems on the newer machines, as 32-bit Windows and desktop Linux distributions require CSM. You'll still be able to use 32-bit software running on 64-bit Windows through WoW64 translation layers. The lack of CSM will also affect devices with 16-bit OpROM, such as older network adapters, and older RAID HBAs. You'll have to depend on OS-based programs to configure those devices. Newer versions of Windows Secure Boot will require UEFI Class 3 devices to function. This also affects booting with your main display plugged into graphics cards older than 4 years (launched roughly before 2013), which lack UEFI-ready video BIOS.

A critical flaw was discovered in the way Intel implemented its simultaneous multi-threading technology, HyperThreading, on "Skylake" and "Kaby Lake" processors. Being a micro-architecture specific flaw, this could affect all implementations, from low-power mobile chips, to mainstream desktop, high-end desktop, and perhaps even enterprise-segment Xeon processors. At this time, there are no security implications of this flaw.

Intel chronicled this flaw in its micro-architecture errata "SKZ7/SKW144/SKL150/SKX150/SKZ7/KBL095/KBW095," and described it as follows: "Under complex micro-architectural conditions, short loops of less than 64 instructions that use AH, BH, CH or DH registers as well as their corresponding wider register (e.g. RAX, EAX or AX for AH) may cause unpredictable system behavior. This can only happen when both logical processors on the same physical processor are active." As an implication, Intel goes on to note that Due to this erratum, the system may experience unpredictable system behavior."

The "Game Boost" overclock automation feature the UEFI setup program of MSI Z270 motherboards, apparently is successful in overclocking Core i7-7700K processors to 5.20 GHz with liquid CPU cooling. Most motherboard vendors include some degree of automated overclocking with their motherboards, which let overclocking novices squeeze a little bit of extra performance out of their CPU and memory without having to tinker with settings they know nothing about. These technologies use automated trial-and-error overclocking and stability testing over multiple reboots, to achieve a somewhat high overclock setting that takes system stability and temperatures into account.

The highest automated overclock setting of MSI "Game Boost" within its UEFI setup program of the company's Z270 XPower Gaming Titanium motherboard is having success in getting the CPU to run at 5.20 GHz. The program presents the user with 11 grades of overclock. At its highest grade, the program pushes the CPU all the way to 5.20 GHz, with 52x 100 MHz multiplier/base-clock setting, a vCore voltage of 1.507V, vDIMM of 1.2V, and disabled C-states. Keeping this overclock stable, however, took AIO liquid CPU cooling.

ASUS today announced its complete 2017 lineup of Z270 motherboards designed to maximize the potential of 7th Generation Intel Core processors. The new range includes the highly-anticipated next-generation Republic of Gamers (ROG) Maximus IX gaming motherboards - with Maximus IX Apex having already secured its place in history by claiming eight world records and 13 global first places in some of the world's toughest benchmarks.

Also included in the lineup are the latest ROG Strix gaming motherboards for style-conscious enthusiast, the all-new ASUS Prime series for everyday customization and tuning, and the latest ASUS TUF boards with 24/7 stability and newly-added overclocking abilities. The ASUS workstation motherboard series has also been updated for the Z270 revolution - and all boards are loaded with exclusive technologies to enable users to extract every ounce of performance from Intel's latest CPUs.

The picture of a bare PCB of an upcoming GIGABYTE AX370-Gaming series socket AM4 motherboard is doing rounds on the web. The picture reveals the bare PCB of the motherboard with all its traces and printed markings, but at a stage before surface-mount components can be soldered onto it. One can still make out quite a bit about the board. AMD X370 is the company's upcoming high-end desktop chipset, which will be launched alongside the company's Ryzen 8-core processor, some time in February, 2017.

To begin with, the AX370-Gaming K3 is built in the ATX form-factor. Its AM4 socket supports both Ryzen "Summit Ridge" CPUs and 7th generation A-series "Bristol Ridge" APUs. The board draws power from 24-pin ATX and 8-pin EPS power connectors, and conditions it for the CPU with a 7-phase VRM. The AM4 socket is wired to four DDR4 DIMM slots. Expansion slots include one PCI-Express 3.0 x16, a second gen 3.0 x16 slot that's electrical x4, and three other gen 3.0 x1 slots. Storage connectivity appears to include at least eight SATA 6 Gb/s ports, and one 32 Gb/s M.2 slot. 8-channel HD audio, gigabit Ethernet, USB 3.1 (including type-C) ports, appear to make for the rest of the connectivity. GIGABYTE's signature Dual-UEFI is featured.Many Thanks to TheLostSwede and Tomas H. for the tips!