Originally posted by tomtomme
View Post
Announcement
Collapse
No announcement yet.
AMI Is The Latest Vendor Joining The Linux Vendor Firmware Service
Collapse
X
-
- Likes 1
-
Originally posted by uid313 View Post
Comment
-
Originally posted by debianxfce View Post
Gnome software is buggy as hell and then you have unbootable system with a corrupted bios. It is idiotic to trust gnome developers when updating your bios. Your gnome Linux can hang, crash etc during flashing.
- Likes 3
Comment
-
Well, I prefer either BIOS-internal flashers (AZ-flash, Q-flash and whatyoumaycallit) or classic flashrom (so I actually knowingly do the update procedure). The first usually needs just the downloaded BIOS/UEFI image on some attached VFAT media and there you go, flashrom might be trickier but still. I am somewhat reluctant when it comes to such "core" actions like FW updates by half-automated daemons an the likes. (There are enough stories of W10 flashing the wrong FW, or otherwise bricking the machine and next boot the user starts crying in front of the box.)
Anyway, it is good to see firmware vendors cooperating. Maybe this will also edge some UEFI bugs out. (Still Coreboot/Libre* would be better but it might take a while to convince folks like mainboard vendors and AMI to start making Coreboot images for these boards.)Stop TCPA, stupid software patents and corrupt politicians!
Comment
-
Originally posted by schmidtbag View PostSecurity of a built-in BIOS updating tool is largely irrelevant on modern boards. The utilities are way too low level and hardware-specific to easily be manipulated from an OS. The ones that can download updates by themselves are going to a fixed URL, which is pretty hard to hack. If someone somehow managed to intercept the path to that URL and redirected to a working-but-malicious BIOS update (where seriously, what are the odds of that ever happening?) then you have much worse things to worry about. If you were aware that you are using a faulty/malicious BIOS, you can just simply pop out the CMOS battery or revert to the backup ROM. If you were to download the update manually (outside of the built-in tool) and it happens to be malicious then it doesn't matter whether you use the built-in utility or run one from the OS.
Businesses tend to standardise on a few models. You could in theory poison their DNS and have them go the the same url on a box you control for their updates.
but, these are very long odds of actually working
Comment
Comment