Is Gigabyte only vendor security aware?

AlwaysHope · Dec 2, 2021

Just got wind of this today. Checked for bios updates on my Gigabyte Z590 board & there is a bios update that addresses this among other measures;
...
2. Major vulnerabilities updates, customers are strongly encouraged to update to this release at the earliest.
Credits to "Assaf Carlsbad and Itai Liba from SentinelOne"
...

Quick look through the other range of Z590 boards from Gigabyte reveals the same bios update description.
A check of other Z590 board makers reveals no info on this aspect of UEFI malware potentiality. That is from Asus, MSI & Asrock to date.
I also checked for bios updates on my MSI B450 & X570 boards, but nothing since September as yet. Not sure if this is specific to Z590 boards from Gigabyte or not.

Intel, themselves have even acknowledged this exploit as outlined here

So, either Gigabyte are on the ball with security or the other mobo vendors are still deciding..... :ohwell:

Caring1 · Dec 2, 2021

Wow, those vulnerabilities have been around a while, and only just getting patched now.

MachineLearning · Dec 2, 2021

This post caused me to check my B550 Aorus Pro V2 BIOS support page for updates. The newest version is the same version that I have, their site lists it as release F14e, 10/13/2021, and that release has the exact same text you provided ("Major vulnerabilities updates...").

Interestingly, I did check that page a couple of days after that BIOS was released, updated my mobo with it. But, that text was not present at that time. The release is still F14e. I'm wondering if the vulnerability update was already present in F14e, and they chose to make it public only now for some reason. Otherwise I'd expect it to be F14f or F15.

It's odd to me that they released a BIOS that patched a vulnerability, but did not make public the fact that they included said patch until now (or recently), if that is indeed what has happened.

edited for clarity

RJARRRPCGP · Dec 2, 2021

But no remote code execution to worry about, unlike that 9th-gen-and-earlier CSME fiasco.

AlwaysHope · Dec 2, 2021

Caring1 said:
Wow, those vulnerabilities have been around a while, and only just getting patched now.

Last night, checking for updates from MS, there was an Intel "component software" being installed, no other info on the update tab but a version number.
I'm guessing it has something to do with it? In any case good idea all round to update the bios anyway. This stuff with firmware security can be quite complex.

MachineLearning said:
This post caused me to check my B550 Aorus Pro V2 BIOS support page for updates. The newest version is the same version that I have, their site lists it as release F14e, 10/13/2021, and that release has the exact same text you provided ("Major vulnerabilities updates...").

Interestingly, I did check that page a couple of days after that BIOS was released, updated my mobo with it. But, that text was not present at that time. The release is still F14e. I'm wondering if the vulnerability update was already present in F14e, and they chose to make it public only now for some reason. Otherwise I'd expect it to be F14f or F15.

It's odd to me that they released a BIOS that patched a vulnerability, but did not make public the fact that they included said patch until now (or recently), if that is indeed what has happened.

edited for clarity

The hardware vendors have to be extra careful about releasing info like this into the public domain, for pretty obvious reasons. Everytime you boot the machine up, do you regularly check for updates manually?
I've seen MS update service try & update when I've manually disconnected from net. It will still report it has already updated even though no physical connection....

R-T-B · Dec 2, 2021

Gigabyte is the easiest vendor to bios-mod FWIW, because they don't write-protect the bios at runtime. Unsure I'd call that a great security practice, though.

AlwaysHope · Dec 2, 2021

R-T-B said:
Gigabyte is the easiest vendor to bios-mod FWIW, because they don't write-protect the bios at runtime. Unsure I'd call that a great security practice, though.

Ok, so why would they do that? Is that slackness on their part or what?

cvaldes · Dec 2, 2021

AlwaysHope said:
Ok, so why would they do that? Is that slackness on their part or what?

Ask Gigabyte.

AlwaysHope · Dec 2, 2021

cvaldes said:
Ask Gigabyte.

Considering I got an unusual update via MS service for an Intel product on my Z590 system last night, I think it's more complicated than that.

cvaldes · Dec 2, 2021

Well, it's their product. They are the ones who should understand it the best. After all, they made it.

Of course, whether or not they've staffed their technical support team with people who actually have brains (and basic communication skills) is a completely separate issue. I have zero comment on that since I don't ever recall being a Gigabyte customer.

Best of luck.

R-T-B · Dec 2, 2021

AlwaysHope said:
Ok, so why would they do that? Is that slackness on their part or what?

I really have no idea. It IS convienient for making bios mods but I doubt that is their rationale.

chrcoluk · Dec 2, 2021

AlwaysHope said:
Just got wind of this today. Checked for bios updates on my Gigabyte Z590 board & there is a bios update that addresses this among other measures;
...
2. Major vulnerabilities updates, customers are strongly encouraged to update to this release at the earliest.
Credits to "Assaf Carlsbad and Itai Liba from SentinelOne"
...

Quick look through the other range of Z590 boards from Gigabyte reveals the same bios update description.
A check of other Z590 board makers reveals no info on this aspect of UEFI malware potentiality. That is from Asus, MSI & Asrock to date.
I also checked for bios updates on my MSI B450 & X570 boards, but nothing since September as yet. Not sure if this is specific to Z590 boards from Gigabyte or not.

Intel, themselves have even acknowledged this exploit as outlined here

So, either Gigabyte are on the ball with security or the other mobo vendors are still deciding.....

Its dated 11 Sept, the other vendors may have already patched and its Gigabyte late to the game?

Chomiq · Dec 2, 2021

They're so security aware that they got ransomwared and still can't recover some of their data.

MarsM4N · Dec 2, 2021

Guess it depends on the manufacturer. Isn't it also common that they drop support (or reduce the update cycle) for mainboards after 3-5 years?
That's at least my experience with Asus.

Now on a 6 year old mass produced Lenovo office machine, they still keep pumping out BIOS'ses like nuts. That's a real security benefit.

Chomiq · Dec 2, 2021

Major vulnerabilities updates, customers are strongly encouraged to update to this release at the earliest.
Credits to "Assaf Carlsbad and Itai Liba from SentinelOne"
• Introduce capsule BIOS support starting this version.

Checksum: 7AAB

Update AGESA ComboV2 1.2.0.4 A

Change default status of AMD PSP fTPM to Enabled for addressing basic Windows 11 requirements (https://support.microsoft.com/windows/1fd5a332-360d-4f46-a1e7-ae6b0c90645c)

F36e for X570 Elite was available since 2021/10/14 but that part in bold was added today.

R-T-B · Dec 2, 2021

MarsM4N said:
Guess it depends on the manufacturer. Isn't it also common that they drop support (or reduce the update cycle) for mainboards after 3-5 years?
That's at least my experience with Asus.

I don't mean this rude but that's like industry standard practice.

MarsM4N said:
Now on a 6 year old mass produced Lenovo office machine, they still keep pumping out BIOS'ses like nuts. That's a real security benefit.

Lenovo is good on that front, but they have other issues with their addon packages that keep me away from them.

AlwaysHope · Dec 3, 2021

Chomiq said:
They're so security aware that they got ransomwared and still can't recover some of their data.

That's only the attack you know. Bet other vendors get them but don't publicise it.

Chomiq · Dec 4, 2021

They don't mention this for other updated bioses:

B560M DS3H AC (rev. 1.x) Support | Motherboard - GIGABYTE U.S.A.

Lasting Quality from GIGABYTE.GIGABYTE Ultra Durable™ motherboards bring together a unique blend of features and technologies that offer users the absolute ...

www.gigabyte.com

Introduce capsule BIOS support starting this version.
Customers will NOT be able to reverse to previous BIOS version due to major vulnerabilities concerns.

Bomby569 · Dec 5, 2021

Thanks for the waning. They really should warn people (not exactly sure how) not just update the bios page.

INSTG8R · Dec 5, 2021

Actually the X570 Aorus Elite got a similar update yet nothing under it including my Pro did..
Edit: I lied they have updated my boards page with the same info I have been on that BIOS since it came out in Beta so I guess I’m already “protected”

Chomiq · Dec 6, 2021

GN covered this in their news episode, here's a presentation linked to the vulnerability:

System Name	Black Box
Processor	Intel Xeon E3-1260L v5
Motherboard	MSI E3 KRAIT Gaming v5
Cooling	Tt tower + 120mm Tt fan
Memory	G.Skill 16GB 3600 C18
Video Card(s)	Asus GTX 970 Mini
Storage	Kingston A2000 512Gb NVME
Display(s)	AOC 24" Freesync 1m.s. 75Hz
Case	Corsair 450D High Air Flow.
Audio Device(s)	No need.
Power Supply	FSP Aurum 650W
Mouse	Yes
Keyboard	Of course
Software	W10 Pro 64 bit

System Name	Personal rig & Folder
Processor	R9 5900X (VRM-B2) @ 180W/160A/140A \| Mfg Wk03/2022
Motherboard	Gigabyte B550 Aorus Pro V2
Cooling	Thermalright PA120 w/ 3x P12, MX-6
Memory	2x16GB Crucial Ballistix 8Gbit Rev.E (DR) @ 3800CL15-18-8-17-34-54-540-1T @ 1.45v, 1900MHz FCLK
Video Card(s)	PowerColor Red Devil 6600XT @ C2800MHz/M2300MHz (Samsung) @ 192W TGP \| MX-6, TP-3
Storage	1x SK hynix Gold P31 1TB (boot), 1x 2TB TeamGroup MP33 Pro, 1x 4TB Seagate Ironwolf HDD 5900RPM
Display(s)	1x Gigabyte M27Q, 1x Dell 2007WFP, 1x Dell E152FPg
Case	Phanteks P500A (non-digital) w/ 4x 140mm Arctic P14 PWM PST CO fans
Audio Device(s)	FiiO E10K-TC (USB) -> beyerdynamic DT770 Pro (80ohm)
Power Supply	Super Flower Leadex III Gold 750W
Mouse	Logitech G203
Keyboard	Kingston HyperX Core RGB
Software	W10 Pro
Benchmark Scores	https://hwbot.org/user/machinelearning/ ~ https://hwbot.org/team/warp9_systems/

System Name	KHR-1
Processor	Ryzen 9 5900X
Motherboard	ASRock B550 PG Velocita (UEFI-BIOS P3.40)
Memory	32 GB G.Skill RipJawsV F4-3200C16D-32GVR
Video Card(s)	Sapphire Nitro+ Radeon RX 6750 XT
Storage	Western Digital Black SN850 1 TB NVMe SSD
Display(s)	Alienware AW3423DWF OLED-ASRock PG27Q15R2A (backup)
Case	Corsair 275R
Audio Device(s)	Technics SA-EX140 receiver with Polk VT60 speakers
Power Supply	eVGA Supernova G3 750W
Mouse	Logitech G Pro (Hero)
Software	Windows 11 Pro x64 23H2

System Name	Pioneer
Processor	Ryzen R9 7950X
Motherboard	GIGABYTE Aorus Elite X670 AX
Cooling	Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory	64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s)	XFX RX 7900 XTX Speedster Merc 310
Storage	2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s)	55" LG 55" B9 OLED 4K Display
Case	Thermaltake Core X31
Audio Device(s)	TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply	FSP Hydro Ti Pro 850W
Mouse	Logitech G305 Lightspeed Wireless
Keyboard	WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software	Gentoo Linux x64

System Name	daily driver Mac mini M2 Pro
Processor	Apple Silicon M2 Pro (6 p-cores, 4 e-cores)
Motherboard	Apple proprietary
Cooling	Apple proprietary
Memory	Apple proprietary 16GB LPDDR5 unified memory
Video Card(s)	Apple Silicon M2 Pro (16-core GPU)
Storage	Apple proprietary 512GB SSD + various external HDDs
Display(s)	LG 27UL850W (4K@60Hz IPS)
Case	Apple proprietary
Audio Device(s)	Apple proprietary
Power Supply	Apple proprietary
Mouse	Apple Magic Trackpad 2
Keyboard	Keychron K1 tenkeyless (Gateron Reds)
Software	macOS Ventura 13.6 (including latest patches)
Benchmark Scores	(My Windows daily driver is a Beelink Mini S12. I'm not interested in benchmarking.)

System Name	Main PC
Processor	13700k
Motherboard	Asrock Z690 Steel Legend D4 - Bios 13.02
Cooling	Noctua NH-D15S
Memory	32 Gig 3200CL14
Video Card(s)	3080 RTX FE 10G
Storage	1TB 980 PRO (OS, games), 2TB SN850X (games), 2TB DC P4600 (work), 2x 3TB WD Red, 2x 4TB WD Red
Display(s)	LG 27GL850
Case	Fractal Define R4
Audio Device(s)	Asus Xonar D2X
Power Supply	Antec HCG 750 Gold
Software	Windows 10 21H2 LTSC

Processor	Ryzen 7 5800X3D
Motherboard	Gigabyte X570 Aorus Elite
Cooling	Thermalright Phantom Spirit 120 SE
Memory	2x16 GB Crucial Ballistix 3600 CL16 Rev E @ 3800 CL16
Video Card(s)	RTX3080 Ti FE
Storage	SX8200 Pro 1 TB, Plextor M6Pro 256 GB, WD Blue 2TB
Display(s)	LG 34GN850P-B
Case	SilverStone Primera PM01 RGB
Audio Device(s)	SoundBlaster G6 \| Fidelio X2 \| Sennheiser 6XX
Power Supply	SeaSonic Focus Plus Gold 750W
Mouse	Endgame Gear XM1R
Keyboard	Wooting Two HE

System Name	✨ Lenovo M700 [Tiny]
Cooling	⚠️ 78,08% N² ⌬ 20,95% O² ⌬ 0,93% Ar ⌬ 0,04% CO²
Audio Device(s)	◐◑ AKG K702 ⌬ FiiO E10K Olympus 2
Mouse	✌️ Corsair M65 RGB Elite [Black] ⌬ Endgame Gear MPC-890 Cordura
Keyboard	⌨ Turtle Beach Impact 500

Processor	Ryzen 5 5700x
Motherboard	B550 Elite
Cooling	Thermalright Perless Assassin 120 SE
Memory	32GB Fury Beast DDR4 3200Mhz
Video Card(s)	Gigabyte 3060 ti gaming oc pro
Storage	Samsung 970 Evo 1TB, WD SN850x 1TB, plus some random HDDs
Display(s)	LG 27gp850 1440p 165Hz 27''
Case	Lian Li Lancool II performance
Power Supply	MSI 750w
Mouse	G502

System Name	Hellbox 5.1(same case new guts)
Processor	Ryzen 7 5800X3D
Motherboard	MSI X570S MAG Torpedo Max
Cooling	TT Kandalf L.C.S.(Water/Air)EK Velocity CPU Block/Noctua EK Quantum DDC Pump/Res
Memory	2x16GB Gskill Trident Neo Z 3600 CL16
Video Card(s)	Powercolor Hellhound 7900XTX
Storage	970 Evo Plus 500GB 2xSamsung 850 Evo 500GB RAID 0 1TB WD Blue Corsair MP600 Core 2TB
Display(s)	Alienware QD-OLED 34” 3440x1440 144hz 10Bit VESA HDR 400
Case	TT Kandalf L.C.S.
Audio Device(s)	Soundblaster ZX/Logitech Z906 5.1
Power Supply	Seasonic TX~’850 Platinum
Mouse	G502 Hero
Keyboard	G19s
VR HMD	Oculus Quest 2
Software	Win 10 Pro x64

Is Gigabyte only vendor security aware?

Vanguard Beta Tester