08-14-2024 05:57 AM
Hello, I would like to ask when the new BIOS is going to be released for the B550 series.
According to AMD, the new AGESA ComboAM4v2PI 1.2.0.cb will fix this vulnerability.
SinkClose tracked as CVE-2023-31315 and rated of high severity (CVSS score: 7.5)
More info at: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html
Thanks.
08-30-2024 12:31 PM - edited 08-30-2024 06:31 PM
Microsoft was preparing some updates to the Window's Bootloader over months now.
This involved installing new certficates (into the UEFI cert store).
If the UEFI gets updated and the new certs are not included the OS won't boot, I guess.
But I'm not sure if they've forced it yet. (I did it manually already weeks ago)
And if this is actually related to the Secure Boot failure...
However the automatic repair should take care of this, I think....
//edit
Could it be that Gigabyte already removed the old cert and only ships the new certs now?
08-30-2024 12:40 PM
Interesting, thanks for sharing.
It seems to be isolated to Gigabyte, can't find any reports about this regarding MSI boards.
08-30-2024 06:36 PM
I checked the reddit thread you posted and someone posted a workaround...
By exporting the keys/cert from the old bios and importing them in the new bios...
Could just be that:
- Gigabyte messed this up... just missed some keys/certs
- They removed the old Microsft cert already and only shipping the new one...
?
08-31-2024 05:43 AM - edited 08-31-2024 05:44 AM
Could be, based on the workaround, yes.
But I don't have a Gigabyte board here to check.
Secure boot is a awful thing, it can help with security, yes it can, but...
How many problems with it since it begun ?
Linux distros have to pay Microsoft to be able to use it, which as I see it, is a huge problem.
Compromised keys.
Keys that should only be used in testing were released to customers..
It is a complete mess.
09-08-2024 01:42 PM
I haven't called ASUS :(, but their chat responses regarding cve-2023-31315 was really generic/unhelpful?
My Gigabyte AMD aorus wifi pro wasn't impacted by their sinkclose update (but I may not be using secure boot fully).
asus rog X570i gaming
09-10-2024 10:12 AM
Even the b450 series from gigabyte got the update, B450M S2H has a BIOS update with AMD AGESA 1.2.0.Cc for fix Sinkclose Vulnerability of AMD processors (SMM Lock Bypass).
09-11-2024 09:20 AM
Yep. This will definitely impact my next upgrade. Fool me once...