AMD on Wednesday disclosed a new security vulnerability affecting certain client- and APU processors launched between 2016 and 2019. Called the SMM Callout Privilege Escalation Vulnerability, discovered by Danny Odler, and chronicled under CVE-2020-12890, the vulnerability involves an attacker with elevated system privileges to manipulate the AGESA microcode encapsulated in the platform's UEFI firmware to execute arbitrary code undetected by the operating system. AMD plans to release AGESA updates that mitigate the vulnerability (at no apparent performance impact), to motherboard vendors and OEMs by the end of June 2020. Some of the latest platforms are already immune to the vulnerability.A statement by AMD follows.

MSI confirmed that AMD's "Zen 3" processor support will be added to the company's AMD 400-series chipset motherboards, including the non-MAX SKUs that only have 16 MB EEPROM chips. Marketing Director Eric van Beurden in an MSI Insider video presentation confirmed that with the non-MAX motherboards, "Zen 3" support will be added as AMD planned to go about doing so (i.e. add "Zen 3" support by cutting out support for older processors and slimming down the UEFI setup program down to the GSE Click BIOS program, which may not correspond with your motherboard's original feature-set). On the other hand, the MAX SKUs, with their 32 MB EEPROMs will receive "Zen 3" support painlessly, meaning that the board may retain support for some, if not all, older processor generations, and retain their original feature-rich UEFI setup programs.

AMD formally announced its AGESA ComboAM4 1.0.0.5 microcode. The new microcode is intended to be encapsulated into motherboard UEFI firmware updates and distributed by motherboard- and OEM desktop manufacturers, at their discretion. AGESA 1.0.0.5 improves POST (time) with select Micron Technology DDR4-3200 memory chips. An intermittent virtual memory error with certain Realtek onboard Ethernet PHY chips has been fixed. The microcode also improves PCI-Express bus stability and interoperability, in general. A PCIe lane configuration issue with Ryzen 3 Pro 2100GE has been fixed. Besides these, all other performance- and stability-improvements part of older 1.0.0.4 a/ab/abb/abba microcodes are incorporated into 1.0.0.5. Keep an eye on the BIOS updates section of your socket AM4 motherboard's product page on its company website.

Tails OS the operating system recommended by Edward Snowden, now works on systems with UEFI Secure Boot enabled. Tails OS is built from the ground up to offer maximum security and privacy running of a portable drive and leaving no trace on the host computer. The latest Tails OS 4.5 update added support for this crucial UEFI Secure Boot feature which was already found in most operating systems. Secure Boot uses cryptographic signatures to verify the integrity of firmware files loaded on system boot and insure they have not been tempered with.

Secure Boot has been available as part of the UEFI specification now for over two decades but is rarely used due to compatibility reasons. While not commonly used, the fact that a security focused operating system did not support this security feature was worrying for many as it meant Secure Boot had to be disabled on the host computer before the OS could boot. Work to add the feature has been ongoing over the last 6 years and is now complete and ready for use.

AMD is giving final touches to an AGESA microcode update that fixes the issue of underwhelming Precision Boost behavior on its 3rd generation Ryzen processors. Version ComboAM4 1.0.0.3ABBA is being pushed to motherboard manufacturers to integrate with their UEFI firmware, and one such dispatch to MSI got leaked to the web on ChipHell. Tom's Hardware grabbed the BIOS as it was compatible with the MEG X570 Creator motherboard they have, and tested the Ryzen 9 3900X and Ryzen 7 3700X with it.

In its testing, posted in a mini-review article, Tom's Hardware observed that with AGESA 1.0.0.3ABBA, their 3700X sample was correctly hitting 4.40 GHz across the board at stock settings. With the older 1.0.0.3AB, it would touch 4.375 GHz. The Ryzen 9 3900X behaves slightly differently with this microcode. Tom's Hardware was able to raise its peak boost frequency from 4.575 GHz to 4.625 GHz (above the 4.60 GHz specification), but in certain tests such as POV-Ray and Cinebench, its boost frequency decays down to 4.250 GHz. Overall, the reviewer tabulated improved performance on the chips with the new microcode. The new microcode also apparently changes the processor's thermal thresholds.Update (10/9) AMD posted an elaborate release detailing the AGESA 1.0.0.3ABBA update.

MSI is among the motherboard manufacturers who had to significantly modify their UEFI firmware packages to cram in AGESA ComboAM4 1.0.0.3ab microcode on their AMD 300-series and 400-series chipset motherboards, due to firmware ROM size limitations. Most older MSI AM4 motherboards have 128 Mbit (16 MB) SPI flash ROM chips, which proved insufficient to integrate the latest AGESA microcode alongside its feature-rich ClickBIOS 5 UEFI setup program. MSI addressed the issue on two fronts. For its existing motherboards that have 128 Mb flash chips, it released BIOS updates that have AGESA 1.0.0.3ab, but shed some bulk on the setup program, by replacing ClickBIOS 5 with the "GSE-lite" setup program. The company is also releasing newer revisions of many of its AMD B450 chipset motherboards anticipating demand from the section of 3rd gen Ryzen buyers who don't want to spend at least $170 on an AMD X570 motherboard.

These revised motherboards feature "MAX" in the name, and come with 256 Mb (32-megabyte) SPI flash ROM chips, enabling MSI to combine AGESA ComboAM4 1.0.0.3ab with ClickBIOS 5, and not compromising on any of the motherboard's BIOS-level feature-set. These motherboards also come with out-of-the-box support for all of the 3rd generation Ryzen processors launched so far, as indicated on the box. The boards also retain support for A-series "Bristol Ridge" and "Raven Ridge" Athlon APUs that had faced the axe with the latest BIOS updates. The B450 Tomahawk MAX and Mortar MAX are characterized by matte-black heatsinks replacing silver; while the B450-A PRO MAX has the "MAX" logo clearly printed on the VRM heatsink. Pricing of these boards are expected to be on par with the models they're replacing.

Our Monday story chronicled how MSI inadvertently erred in giving many of its AMD 400-series chipset motherboards 128 Mbit (16-megabyte) SPI flash ROM chips instead of larger 256 Mbit (32-megabyte) ones, which nearly jeopardized the company's "Zen 2" support deployment, forcing it to greatly thin its motherboard firmware feature-set, and break SATA RAID support on many of its boards. To be fair to MSI, the company may not have anticipated the AGESA microcode growing tremendously in size with its latest ComboAM4 1.0.0.3-series. We are now hearing from Polish tech publication PurePC that MSI has scrambled to remedy this by re-releasing many of its AMD 400-series chipset motherboards with larger 256 Mbit SPI flash ROM chips.

The PurePC report states that MSI will brand the revised motherboards "MAX" in the product name (eg: B450 Gaming Pro Carbon AC MAX, B450M Bazooka MAX, etc.), although we don't know if the new model names will have the company's latest MEG/MPG/MAG prefixes. The 256 Mbit SPI flash ROM chip allows MSI to cram in AGESA 1.0.0.3a, which lets you use 3rd generation Ryzen processors to their full capabilities (barring PCIe gen 4.0 on these motherboards of course). More importantly, the larger ROM chip allows MSI to have AGESA 1.0.0.3a without sacrificing on its feature-rich Click BIOS 5 UEFI setup program, SATA RAID module, or losing support for any of the socket AM4 processors.

Intel released CPU microcode updates to address four new security vulnerabilities disclosed by the company on May 14, 2019. These microcode updates can be encapsulated as motherboard UEFI firmware updates, and for some processors even distributed through Windows Update. In its Microcode Revision Guidance document put out on Tuesday, Intel revealed that all Core and Xeon processors going as far as the 2nd generation Core "Sandy Bridge" architecture are eligible for microcode updates.

2nd generation Core is roughly the time when motherboard vendors were forced to adopt UEFI (unrelated to these vulnerabilities). A number of low-power microarchitectures, such as "Gemini Lake," "Cherry View," "Apollo Lake," and "Amber Lake," which are basically all low-power processors released after 2012-13, also receive these updates. Until you wait for your motherboard vendor or PC/notebook OEM to pass on these microcode updates, Intel advises you to disable HyperThreading if your processor is older than 8th gen "Coffee Lake," and seek out the latest software updates.Additional slides follow.

As a follow-up to our story from Monday about AMD missing out UEFI BIOS support for its Radeon VII graphics cards, AMD has come out with a quick response. The company in a statement said that it is ready with a UEFI-ready video BIOS for the Radeon VII, and has released the BIOS to its partners. This explains ASRock's timely release of its BIOS update. The company also assured those unwilling to manually update their video BIOS that it will have one-click automatic BIOS updates posted on the AMD website very soon. AMD reiterated that the older BIOS and the new one with UEFI GOP support won't have any performance differences. The new BIOS will make your machine start up faster, since your motherboard will no longer need to load CSM. AMD's full statement follows.

AMD has released a BIOS for the Radeon VII with UEFI GOP included for our AIB partners. We will also make a one click installable BIOS available to end users via AMD.com. We do not expect gaming performance differences between the non UEFI BIOS and the UEFI GOP included BIOS, although the non UEFI BIOS may experience slower boot times from cold boot.

Update: The AMD BIOS Updater is located here: www.amd.com/en/support/radeonvii-vbios-eula

In what is turning out to be a massive QA oversight by AMD, people who bought retail Radeon VII graphics cards report that their cards don't support UEFI, and that installing the card in their machines causes their motherboard to engage CSM (compatibility support module), a key component of UEFI firmware that's needed to boot the machine with UEFI-unaware hardware (such as old storage devices, graphics cards, NICs, etc.,).

To verify this claim, we put the stock video BIOS of our Radeon VII sample in a hex editor, and what we found out startled us. The BIOS completely lacks UEFI support, including a GOP (graphics output protocol) driver. A GOP driver is a wafer-thin display driver that runs basic display functions on your GPU during the pre-boot environment. Without UEFI support for the graphics card (i.e. with CSM running), Windows 10 cannot engage Secure Boot. Since UEFI Secure Boot is a requirement for Microsoft Windows 10 Logo certification, we are having doubts whether AMD can really claim "Windows 10 compatible" for Radeon VII, at least until a BIOS update is available.

ASUS today announced that its Z390 motherboards will support a maximum DRAM capacity of 128GB via a UEFI BIOS update that's being rolled out from today on the ASUS support site. ASUS will bring this increased memory support to all Z390 motherboards via additional BIOS updates that will be available soon.

Previously, support for 128GB of DRAM was available only on high-end desktop (HEDT) motherboards with eight DIMM slots, such as the Intel X299 platform. Intel recently updated its memory reference code (MRC), enabling the memory controller in 9th Gen Intel Core processors to increase the supported capacity of each DIMM from 16GB to 32GB, resulting in a total system memory capacity of 128GB when populated with two DIMMs per channel (2DPC) on both memory channels. This increased memory support gives users more flexibility for running memory-intensive applications and tasks.

The new MacBook Air with Retina display is overall a nice upgrade from the old versions of these laptops. There's one caveat, though: the new T2 chip that manages Touch ID's Secure Enclave, APFS storage encryption or UEFI Secure Boot validation will make it impossible to boot with a Linux distribution. Apple's T2 documentation (PDF) explicitly covers how the support for booting Linux is not available: the Microsoft Corporation UEFI CA 2011 certificate used also by Linux distributions isn't trusted at this moment, so the T2 chip will make it impossible to boot from Linux distributions. Only Windows is allowed to boot via Boot Camp at the moment.

Apple's Secure Boot support page shows how the new 'Startup Security Utility' can be used to disable Secure Boot, but some people have tried to boot Linux through this method and even with that change it's impossible to boot Linux. The problem extends to the rest of machines including the T2 Security Chip, like the Mac mini, the iMac Pro or the MacBook Pro 2018, for example. Apple hasn't made any comments on the issue.

During testing for our Intel Core i9-9900K review we found out that new ASUS Z390 motherboards automatically install software and drivers to your Windows 10 System, without the need for network access, and without any user knowledge or confirmation. This process happens in complete network-isolation (i.e. the machine has no Internet or LAN access). Our Windows 10 image is based on Windows 10 April 2018 Update and lacks in-built drivers for the integrated network controllers.

Upon first boot, with the machine having no LAN or Internet connectivity, we were greeted by an ASUS-specific window in the bottom right corner of our screen, asking whether we'd like to install the network drivers and download "Armoury Crate". This got us curious and we scanned the system for any files that aren't part of the standard MS Windows installation. We discovered three ASUS-signed files in our Windows 10 System32 folder, which, so it seems, magically appeared on our harddrive out of thin air. Upon further investigation we also found a new, already running, system service called "AsusUpdateCheck."

Current AMD AM4 motherboards basically support four platforms at the moment: the new Ryzen 2000 processors, Ryzen 2000 G APUs with integrated graphics, 1st generation Ryzen and Bristol Ridge. Bristol Ridge was AMD's last processor generation before Ryzen was released. Bristol Ridge introduced Socket AM4, which according to AMD has a lifespan beyond 2020. According to Anandtech, several motherboard manufacturers are now reporting that they might drop support for Bristol Ridge in their future motherboard releases. The underlying reason is that in addition to the setup interface, and UEFI with its driver and network stack, the BIOS has to support all processors by including microcode for them.

Supporting so many CPU models bloats the size of the BIOS beyond 128 megabits (16 MB), which would exceed the capacity of the BIOS flash chips used by most vendors and force them to use higher capacity models, ie 256 megabits. As always in this industry, the issue here comes down to pricing.

A new Intel platform vulnerability emerged, chronicled by the company under CVE-2017-5703, dated April 3, which could let malware erase your motherboard UEFI BIOS, or render the EEPROM chip storing it "read-only" forever, preventing future BIOS updates, exploiting vulnerabilities in Intel's implementation of the SPI (serial peripheral interface) on its platforms. The vulnerability affects all Intel processors dating all the way back to 5th generation "Broadwell." The company quietly passed on fixes to its OEM partners to release as BIOS updates.

The vulnerability came to light in the public as Lenovo, Intel's largest OEM partner, deployed BIOS updates for its vulnerable products, while detailing it. Lenovo describes the vulnerability as "the configuration of the system firmware device (SPI flash) could allow an attacker to block BIOS/UEFI updates, or to selectively erase or corrupt portions of the firmware." It goes on to add that "this would most likely result in a visible malfunction, but could in rare circumstances result in arbitrary code execution." Intel said it discovered the vulnerability internally and hasn't noticed any exploits in the wild that take advantage of it. "Issue is root-caused, and the mitigation is known and available," the company said in a security advisory. "To Intel's knowledge, the issue has not been seen externally."

One of the greatest complaints enthusiasts had with Intel's 8th generation Core "Coffee Lake" processors and their companion 300-series chipsets is their lack of compatibility with older 200-series and 100-series chipset motherboards, despite sharing an identical LGA1151 socket. Tinfoil hatters attributed this to Intel's synthetic platform-gating to ensure people buy new motherboards every two CPU generations; while Intel itself maintained that "Coffee Lake" chips have special electrical requirements that come with the increased core-counts, without explaining how that shouldn't exempt quad-core SKUs such as the Core i3-8100 and the i3-8350K from functioning on older platforms.

It turns out that "Coffee Lake" is pin-compatible with older LGA1151 motherboards based on 200-series and 100-series chipsets after all, as modders got some of these chips to work on the older platforms. Intel is using software to prevent Coffee Lake from working on older motherboards. This software comes in the form of the CPU's microcode, the iGPU's UEFI GOP driver, and certain Management Engine bootstraps on the side of the motherboard BIOS that lets it recognize the new chips. With the safe transplanting of these pieces of software, Overclock.net modders rootuser123, LittleHill, dsanke, elisw, Mov AX, and 0xDEAD; succeeding in not only getting the chips to work on older platforms, but also found ways to iron out several stability and compatibility issues. They've published a guide at this page.

EVGA introduces you to the ultimate in raw performance for the next-gen Intel Extreme lineup, the EVGA X299 Dark. The Dark is crafted from the ground up to be the performance apex with everything you need to make a record-breaking benching run or a 24/7 number cruncher, and nothing you don't - a board that is as reliable as it is fast.

Intel is guiding its motherboard partners to remove legacy BIOS support from their UEFI firmware by 2020. The company's client- and enterprise-platforms that come out in 2020 will lack CSM (compatibility support module), a component which lets UEFI-unaware operating systems and bootable devices run on newer machines with UEFI. Devices featuring this CSM-devoid runtime will be graded "UEFI Class 3," as the runtime only exposes UEFI or UEFI PI interfaces.

This practically marks the end of 32-bit operating systems on the newer machines, as 32-bit Windows and desktop Linux distributions require CSM. You'll still be able to use 32-bit software running on 64-bit Windows through WoW64 translation layers. The lack of CSM will also affect devices with 16-bit OpROM, such as older network adapters, and older RAID HBAs. You'll have to depend on OS-based programs to configure those devices. Newer versions of Windows Secure Boot will require UEFI Class 3 devices to function. This also affects booting with your main display plugged into graphics cards older than 4 years (launched roughly before 2013), which lack UEFI-ready video BIOS.

A critical flaw was discovered in the way Intel implemented its simultaneous multi-threading technology, HyperThreading, on "Skylake" and "Kaby Lake" processors. Being a micro-architecture specific flaw, this could affect all implementations, from low-power mobile chips, to mainstream desktop, high-end desktop, and perhaps even enterprise-segment Xeon processors. At this time, there are no security implications of this flaw.

Intel chronicled this flaw in its micro-architecture errata "SKZ7/SKW144/SKL150/SKX150/SKZ7/KBL095/KBW095," and described it as follows: "Under complex micro-architectural conditions, short loops of less than 64 instructions that use AH, BH, CH or DH registers as well as their corresponding wider register (e.g. RAX, EAX or AX for AH) may cause unpredictable system behavior. This can only happen when both logical processors on the same physical processor are active." As an implication, Intel goes on to note that Due to this erratum, the system may experience unpredictable system behavior."

The "Game Boost" overclock automation feature the UEFI setup program of MSI Z270 motherboards, apparently is successful in overclocking Core i7-7700K processors to 5.20 GHz with liquid CPU cooling. Most motherboard vendors include some degree of automated overclocking with their motherboards, which let overclocking novices squeeze a little bit of extra performance out of their CPU and memory without having to tinker with settings they know nothing about. These technologies use automated trial-and-error overclocking and stability testing over multiple reboots, to achieve a somewhat high overclock setting that takes system stability and temperatures into account.

The highest automated overclock setting of MSI "Game Boost" within its UEFI setup program of the company's Z270 XPower Gaming Titanium motherboard is having success in getting the CPU to run at 5.20 GHz. The program presents the user with 11 grades of overclock. At its highest grade, the program pushes the CPU all the way to 5.20 GHz, with 52x 100 MHz multiplier/base-clock setting, a vCore voltage of 1.507V, vDIMM of 1.2V, and disabled C-states. Keeping this overclock stable, however, took AIO liquid CPU cooling.

ASUS today announced its complete 2017 lineup of Z270 motherboards designed to maximize the potential of 7th Generation Intel Core processors. The new range includes the highly-anticipated next-generation Republic of Gamers (ROG) Maximus IX gaming motherboards - with Maximus IX Apex having already secured its place in history by claiming eight world records and 13 global first places in some of the world's toughest benchmarks.

Also included in the lineup are the latest ROG Strix gaming motherboards for style-conscious enthusiast, the all-new ASUS Prime series for everyday customization and tuning, and the latest ASUS TUF boards with 24/7 stability and newly-added overclocking abilities. The ASUS workstation motherboard series has also been updated for the Z270 revolution - and all boards are loaded with exclusive technologies to enable users to extract every ounce of performance from Intel's latest CPUs.

The picture of a bare PCB of an upcoming GIGABYTE AX370-Gaming series socket AM4 motherboard is doing rounds on the web. The picture reveals the bare PCB of the motherboard with all its traces and printed markings, but at a stage before surface-mount components can be soldered onto it. One can still make out quite a bit about the board. AMD X370 is the company's upcoming high-end desktop chipset, which will be launched alongside the company's Ryzen 8-core processor, some time in February, 2017.

To begin with, the AX370-Gaming K3 is built in the ATX form-factor. Its AM4 socket supports both Ryzen "Summit Ridge" CPUs and 7th generation A-series "Bristol Ridge" APUs. The board draws power from 24-pin ATX and 8-pin EPS power connectors, and conditions it for the CPU with a 7-phase VRM. The AM4 socket is wired to four DDR4 DIMM slots. Expansion slots include one PCI-Express 3.0 x16, a second gen 3.0 x16 slot that's electrical x4, and three other gen 3.0 x1 slots. Storage connectivity appears to include at least eight SATA 6 Gb/s ports, and one 32 Gb/s M.2 slot. 8-channel HD audio, gigabit Ethernet, USB 3.1 (including type-C) ports, appear to make for the rest of the connectivity. GIGABYTE's signature Dual-UEFI is featured.Many Thanks to TheLostSwede and Tomas H. for the tips!

ASUS today announced that all 100-series motherboards will now support next-generation Intel Core processors. A quick and easy UEFI BIOS update unleashes the full potential of the next-generation high-performance CPUs for socket LGA 1151, reaffirming ASUS as the BEST leading motherboard brand - Best Selling, Easy to Use, Stable and Trusted. Owners of ASUS Republic of Gamers (ROG), Pro Gaming, Signature and TUF Z170, H170, B150 and H110 motherboards are able to take advantage of the easy upgrade to the award-winning ASUS UEFI BIOS, which is available today via the relevant ASUS Support web page.

All ASUS 100-series motherboards that include the ASUS USB BIOS Flashback feature allow users to apply UEFI BIOS updates with ease. For other ASUS 100-series motherboards the necessary UEFI BIOS update takes just one click in an easy-to-use Windows-based BIOS updater application, ASUS EZ Update, which is available to download from the ASUS website.

In addition to the X99A-SLI, MSI today unveiled the 970A Gaming Pro Carbon socket AM3+ motherboard. The board is based on AMD 970 + SB950 chipset, and is based on a new PCB design. It draws power from a combination of 24-pin ATX and 8-pin EPS power connectors, conditioning it for the CPU with an 8-phase VRM. Expansion slots include two PCI-Express 2.0 x16 (x8/x8 when both are populated), three PCI-Express 2.0 x1, and one legacy PCI. The x16 slots feature metal reinforcement braces. The board features chunkier heatsinks over the VRM and the AMD 970 northbridge, than what we're used to seeing on older boards by MSI on this platform.

The 970A Gaming Pro Carbon gets its name from RGB LED lighting on the SB950 southbridge heatsink, and the PCB ground-layer isolation trace that separates the onboard audio area from the rest of the PCB. Storage connectivity includes a 20 Gb/s M.2 slot, and six SATA 6 Gb/s ports. Modern connectivity includes two USB 3.1 ports (both type-A), four USB 3.0 ports, gigabit Ethernet, and a high-grade onboard audio solution that includes a 115 dBA SNR CODEC, ground-layer isolation, heasdet OPAMP, and audio-grade capacitors. The board is driven by UEFI BIOS, and supports NVMe booting.

Microsoft inadvertently bricked a vast number of PCs running Windows 7, by changing the priority of an erroneous software update. Earlier this month, Microsoft changed the priority of an obscure-sounding security update for Windows 7 from "Optional" to "Recommended," (which by default gets automatically downloaded and installed). This update, KB3133977, bricks machines running ASUS motherboards, in the UEFI mode.

Windows 7 inherently does not support Secure Boot, a feature introduced with Windows 8, which takes advantage of UEFI to provide users with a layer of system integrity throughout the boot process. With KB3133977 installed on Windows 7 machines that use UEFI boot, the motherboard senses a Secure Boot violation, and invalidates the boot device (refuses to boot from it). ASUS recommended a BIOS setting with which you can deactivate Secure Boot while making your motherboard continuing to boot in UEFI mode.