Announcement

Collapse
No announcement yet.

Fwupd 1.8.8 Released For New Hardware, BIOS Rollback Protection For Dell & Lenovo

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Fwupd 1.8.8 Released For New Hardware, BIOS Rollback Protection For Dell & Lenovo

    Phoronix: Fwupd 1.8.8 Released For New Hardware, BIOS Rollback Protection For Dell & Lenovo

    Fwupd 1.8.8 is available today as the newest update to this excellent solution for allowing system and device/peripheral firmware updates to happen under Linux and other platforms when paired with the Linux Vendor Firmware Service (LVFS)...

    https://www.phoronix.com/news/Fwupd-1.8.8-Released

  • #2
    Still waiting for desktop motherboard makers to submit updates on LVFS...

    Comment


    • #3
      Originally posted by tildearrow View Post
      Still waiting for desktop motherboard makers to submit updates on LVFS...
      I want it too!

      Comment


      • #4
        WTF is rollback protection?
        Who is protecting and for what?

        Because it sounds to me that they want to block me from going back to a previous BIOS version, which is bullshit.

        Comment


        • #5
          Originally posted by Danny3 View Post
          WTF is rollback protection?
          Who is protecting and for what?

          Because it sounds to me that they want to block me from going back to a previous BIOS version, which is bullshit.
          rollback protection is essential for security, if a firmware has a vulnerability, vulnerability gets patched, you update firmware, if an attacker can willynilly roll back the firmware, well that becomes a big issue.

          Comment


          • #6
            Originally posted by Quackdoc View Post

            rollback protection is essential for security, if a firmware has a vulnerability, vulnerability gets patched, you update firmware, if an attacker can willynilly roll back the firmware, well that becomes a big issue.
            So long as it can be over-ridden with the appropriate level of control. I've had several systems where moving to a newer BIOS has given me new problems... and sometimes not even fixed the issue it was updated for in the process (funnily enough, two Lenovo laptops were the worst culprits there...).

            I'm all for making it hard to do bad things by software... but making it impossible to choose to go to a "least bad" state is not an improvement. At least give me a jumper to change so I can take control... because if someone malicious has physical access you're screwed anyway.

            Comment


            • #7
              Originally posted by Paradigm Shifter View Post

              So long as it can be over-ridden with the appropriate level of control. I've had several systems where moving to a newer BIOS has given me new problems... and sometimes not even fixed the issue it was updated for in the process (funnily enough, two Lenovo laptops were the worst culprits there...).

              I'm all for making it hard to do bad things by software... but making it impossible to choose to go to a "least bad" state is not an improvement. At least give me a jumper to change so I can take control... because if someone malicious has physical access you're screwed anyway.
              this is typically used for servers and IOT devices, Im sure some companies use it to screw folk over, but the tech itself is pretty much indispensable for security

              Comment


              • #8
                Do any other Unix-like support Fwupd? I thought it was Linux specific but the wording in the article made me think that maybe a BSD has picked it up too?

                Comment


                • #9
                  I wonder if they can add support for my PSP? I'm still stuck on 2.71 and the latest is 6.61, but Sony's servers are unreliable.

                  Comment


                  • #10
                    Originally posted by Paradigm Shifter View Post

                    So long as it can be over-ridden with the appropriate level of control. I've had several systems where moving to a newer BIOS has given me new problems... and sometimes not even fixed the issue it was updated for in the process (funnily enough, two Lenovo laptops were the worst culprits there...).

                    I'm all for making it hard to do bad things by software... but making it impossible to choose to go to a "least bad" state is not an improvement. At least give me a jumper to change so I can take control... because if someone malicious has physical access you're screwed anyway.
                    Not strictly true. It depends entirely what your end goal is. This is why it's extremely important to do a rational survey of your or your organization's threat actors and design realistic plans to protect against them, including those actors that obtain physical access. Otherwise, exactly why would you bother setting up full disk encryption if your statement were always true? (hint: It's not.) Security is about layers, including physical security, software and firmware security, credential and identity security, and the privacy of data. All of those individual categories require multilayered defenses in each case. There is a reason why governments are up in arms about default full device encryption with enforced wipes. They usually can't break it, and the rare cases when they can it's not without extraordinary measures that only an organization with extreme resources can command.

                    Comment

                    Working...
                    X