Announcement

Collapse
No announcement yet.

AMI Is The Latest Vendor Joining The Linux Vendor Firmware Service

Collapse
X
Collapse
 
  • Page of 4
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 template Next
  • #11
    Originally posted by tomtomme View Post
    Asrock shares the same tech. Its nice yes. But I wonder how secure the code is...
    Security of a built-in BIOS updating tool is largely irrelevant on modern boards. The utilities are way too low level and hardware-specific to easily be manipulated from an OS. The ones that can download updates by themselves are going to a fixed URL, which is pretty hard to hack. If someone somehow managed to intercept the path to that URL and redirected to a working-but-malicious BIOS update (where seriously, what are the odds of that ever happening?) then you have much worse things to worry about. If you were aware that you are using a faulty/malicious BIOS, you can just simply pop out the CMOS battery or revert to the backup ROM. If you were to download the update manually (outside of the built-in tool) and it happens to be malicious then it doesn't matter whether you use the built-in utility or run one from the OS.
    • Likes 1

    Comment

    • #12
      Does this apply to any motherboard using AMI firmware, or do they make their own mb's nowadays?
      • Likes 2

      Comment

      • #13
        Originally posted by uid313 View Post
        Here is the vendor list.
        Maybe coreboot can join?
        Useless, most Coreboot is updated throuhgh ChromeOS updates or manually after the user has recompiled his own custom build.

        Comment

        • #14
          Pigs are officially flying. Good stuff.

          Comment

          • #15
            Originally posted by debianxfce View Post

            Gnome software is buggy as hell and then you have unbootable system with a corrupted bios. It is idiotic to trust gnome developers when updating your bios. Your gnome Linux can hang, crash etc during flashing.
            Sure, but that's why you can use fwupd without GNOME Software as well. And other, less buggy software centers can also integrate fwupd.
            • Likes 3

            Comment

            • #16
              Well, I prefer either BIOS-internal flashers (AZ-flash, Q-flash and whatyoumaycallit) or classic flashrom (so I actually knowingly do the update procedure). The first usually needs just the downloaded BIOS/UEFI image on some attached VFAT media and there you go, flashrom might be trickier but still. I am somewhat reluctant when it comes to such "core" actions like FW updates by half-automated daemons an the likes. (There are enough stories of W10 flashing the wrong FW, or otherwise bricking the machine and next boot the user starts crying in front of the box.)

              Anyway, it is good to see firmware vendors cooperating. Maybe this will also edge some UEFI bugs out. (Still Coreboot/Libre* would be better but it might take a while to convince folks like mainboard vendors and AMI to start making Coreboot images for these boards.)
              Stop TCPA, stupid software patents and corrupt politicians!

              Comment

              • #17
                Originally posted by uid313 View Post
                Here is the vendor list.
                Maybe coreboot can join?
                coreboot is not a vendor. However, the various distros could, where it makes sense (eg. MrChromebox, libreboot)

                Comment

                • #18
                  Originally posted by schwarzman View Post

                  My bet is on HP. It is the only one of the "big three" (Dell, Lenovo, HP) currently missing.
                  This would be great as I really don't know how to update my HP Envy x360 15-bq102ng without that.
                  • Likes 2

                  Comment

                  • #19
                    Originally posted by schmidtbag View Post
                    Security of a built-in BIOS updating tool is largely irrelevant on modern boards. The utilities are way too low level and hardware-specific to easily be manipulated from an OS. The ones that can download updates by themselves are going to a fixed URL, which is pretty hard to hack. If someone somehow managed to intercept the path to that URL and redirected to a working-but-malicious BIOS update (where seriously, what are the odds of that ever happening?) then you have much worse things to worry about. If you were aware that you are using a faulty/malicious BIOS, you can just simply pop out the CMOS battery or revert to the backup ROM. If you were to download the update manually (outside of the built-in tool) and it happens to be malicious then it doesn't matter whether you use the built-in utility or run one from the OS.
                    One hypothetical for you.

                    Businesses tend to standardise on a few models. You could in theory poison their DNS and have them go the the same url on a box you control for their updates.

                    but, these are very long odds of actually working

                    Comment

                    • #20
                      Originally posted by R41N3R View Post

                      This would be great as I really don't know how to update my HP Envy x360 15-bq102ng without that.
                      Have you tried to create USB recovery bios?

                      Comment

                      Previous 1 2 3 4 template Next
                      Working...
                      X