cancel
Showing results for 
Search instead for 
Did you mean: 

SPECTRE and MELTDOWN: Bug rocks Intel / ARM CPUs

segfaulted
Level 7
Kinda glad I bought AMD this round. For those who don't know there is a new bug affecting just about every SKU from Intel made in the last .. ohh.. _DECADE_ or so. It's actually worse then F00F or FDIV. Only mitigation appears to castrate the CPU upward of 30%! (depending on processes).

Can Asus confirm AMD and more importantly for me, this or any AMD motherboard are not affected? If so, will there be RMAs?

Fun fact, Intel's CEO dumped stock back in November before they started issuing gags on people from even talking about it.

*****ASUS advisory page(may get updated): https://www.asus.com/News/V5urzYAT6myCC1o2 ******
409,906 Views
701 REPLIES 701

Kosmosagamemnon
Level 7
Greetings all.

Given Asus' inability to communicate, I have done some more looking into the issues with respect to Haswell and Broadwell architectures (X99 based Chips). In addition to this I have seen it mentioned elsewhere that Asus apparently plan to provide updates for X99 systems on-wards however, without official word from Asus take that with a rather large shovel of salt.

Be aware that what is listed below specifically relates to Haswell and Broadwell systems. If you are using an older or newer system with the appropriate updates installed please carry on using them. If however you are using a Haswell/Broadwell system or are merely curious please read on.

Intel have already issued code fixes.

To all intents and purposes Intel have already issued Microcode fixes for the Haswell and Broadwell series chips and chipsets. However those fixes ended up breaking more than simply Anti-virus software. Device drivers and other forms of software have ended up being broken by the microcode fixes Intel have produced. This is resulting in blue screening systems and severely impacted VMWare ESXi installations.

Borked Microcode

The end result is that Intel have stopped rolling out the microcode fixes for these chips while they develop a more workable solution. They also have recommended that people revert back to earlier revisions where practicable if they encounter issues on the older Haswell platforms in particular. Presently new fixes are being developed, they will take time. However those of us who work in the Computing sector and in particular virtualised services delivery will tell you that we have no choice but to work with what Intel have provided since the alternative (operating insecure platforms) is unthinkable.

The end result is that this has likely led to a delay in the prospective roll out for fixes for x99 platforms. Intel have **** the bed on this one and they clearly haven't had the opportunity to apply the necessary test rigor to the new microcode prior to deployment to older platforms. That's not to say that the task they face is not either complex, difficult nor insurmountable, merely that in the rush to deliver a solution they may not have had the opportunity to test appropriately. It happens.

What does this mean for us?

For those interested I have found an article that does a reasonable job explaining the issues without getting into the complexities of Kernel mode isolation and Process Context Identification markers... The article is here https://arstechnica.com/gadgets/2018/01/spectre-and-meltdown-patches-causing-trouble-as-realistic-at...

Be under no illusions however for Intel, this is now a race against time. The chances are good that the first live exploits will begin making the rounds before all required patching operations are complete. In the interim make sure any system protection software you have is up to date and capable. If I find out more I will post it to this thread.

FireRx
Level 11
thank you sir:cool:
Intel Core i9 103900KS
Asus Maximus Z790 Extreme [bios 2301]
LG (34U97-s) Monitor 3440 x1440
Nvidia RTX 3090 FE
Windows 11 Pro
64gbz Memory

Jaitsu
Level 7
Because I saw it earlier in the thread, and I think it warrants re-mentioning: for those of you that don't mind taking a bit of a risk (or know how to recover from a bad flash), there *is* a utility (google UEFI BIOS Updater, there's a post on Win-Raid forums, I kinda don't wanna link it or any pre-done BIOS for liability's sake) you can use to update your own microcode. This worked flawlessly for me personally with my G750JM notebook; I can't speak for other/newer boards with the security features they may have in place.

FOR ADVANCED USERS, and I claim no responsibility:

1. Update your BIOS to the latest version if you haven't already, and configure it as you like.

2. Download UBU, and the AMIBIOS and Aptio AMI Firmware Update Utility.

3. Find MMTool v5.0.0.7 and put the EXE in UBU's folder (same folder as ubu.bat) named as MMTool.exe.

4. Use the AFUWin tool appropriate for your system (you may need to try the different tools; older boards likely need Aptio, new likely need AptioV, but it'll tell you if you use the wrong one) to save your current BIOS somewhere.

5. From a command prompt, run "ubu" in UBU's folder and select your BIOS file.

6. Use option 7 (CPU MicroCode) , then option 1 (Update CPU Microcode), then the number of the latest microcode version for your system. If you see any error about problems with your BIOS/UEFI type, or if there is no update option in the second menu, stop here, as this program/guide unfortunately won't work for your board.

7. Exit from the program, and let it rename the modified BIOS file (which will now be in the folder with ubu.bat as well) to mod_whatever.bin so you can be sure that that's the modified file.

!!!!! IF AT ANY POINT YOU HAVE RECEIVED AN ERROR FROM UBU, STOP. IF YOU FLASH IT, YOU'RE LIABLE TO BRICK IT. !!!!!

8. Use the same version of AFUWin that worked for you in option 4 to flash back the modified bios. (If it refuses, your board may have UEFI signature enforcement. The UBU thread has info on that.)

9. Reboot, cross your fingers that you still have a functioning computer, and go use some utility or other (look up Ashampoo's Spectre/Meltdown checker) to see if it worked!

Jaitsu wrote:
Because I saw it earlier in the thread, and I think it warrants re-mentioning: for those of you that don't mind taking a bit of a risk (or know how to recover from a bad flash), there *is* a utility (google UEFI BIOS Updater, there's a post on Win-Raid forums, I kinda don't wanna link it or any pre-done BIOS for liability's sake) you can use to update your own microcode. This worked flawlessly for me personally with my G750JM notebook; I can't speak for other/newer boards with the security features they may have in place.

FOR ADVANCED USERS, and I claim no responsibility:

1. Update your BIOS to the latest version if you haven't already, and configure it as you like.

2. Download UBU, and the AMIBIOS and Aptio AMI Firmware Update Utility.

3. Find MMTool v5.0.0.7 and put the EXE in UBU's folder (same folder as ubu.bat) named as MMTool.exe.

4. Use the AFUWin tool appropriate for your system (you may need to try the different tools; older boards likely need Aptio, new likely need AptioV, but it'll tell you if you use the wrong one) to save your current BIOS somewhere.

5. From a command prompt, run "ubu" in UBU's folder and select your BIOS file.

6. Use option 7, then option 1, then the number of the latest microcode version for your system.

7. Exit from the program, and let it rename the modified BIOS file (which will now be in the folder with ubu.bat as well) to mod_whatever.bin so you can be sure that that's the modified file.

!!!!! IF AT ANY POINT YOU HAVE RECEIVED AN ERROR FROM UBU, STOP. IF YOU FLASH IT, YOU'RE LIABLE TO BRICK IT. !!!!!

8. Use the same version of AFUWin that worked for you in option 4 to flash back the modified bios. (If it refuses, your board may have UEFI signature enforcement. The UBU thread has info on that.)

9. Reboot, cross your fingers that you still have a functioning computer, and go use some utility or other (look up Ashampoo's Spectre/Meltdown checker) to see if it worked!


Note this won't work on x299 boards, the AMI tool can't read the BIOS, we need a newer AMI tool.

Chris123NT wrote:
Note this won't work on x299 boards, the AMI tool can't read the BIOS, we need a newer AMI tool.


I'd trying many tools to do that for RAMPAGE VI EXTREME. The BIOS was locked. We can't do anything only wait for NO ETA issue from them.
Look like ME firmware also flash descriptor locked. No anyway to do , only waiting. for SA-00086 we'd wait since november 2017. SA-00088
spectre debut on January 2018. In the worse case maybe BIOS 1102 that ASUS claimed release end of 2018.:p

https://www.youtube.com/watch?v=JbhKUjPRk5Q&t=876s
After watching this clip on 2:47 timeline you'll see how did new generation ASUS mobos update their ME firmware and microcode process.

So many tools from Win-RAID for X299 are useless when deal with ASUS X299 mobos. That why I'd asking for new RVIE BIOS everyday.
W11 25H2 27758.1000 Core i9 7980XE 02007108 MCE ME 11.12.96.2535 R6E Modified BIOS 4001 SAMSUNG OG9 FW 1020.0 SSD 970 EVO PLUS 1 TB x 3 NVIDIA RTX 4090 GAME READY 566.36 64GB GSKILL DDR4 3200MHz JBL 9.1 Sound Bar DTS-X

Chris123NT wrote:
Note this won't work on x299 boards, the AMI tool can't read the BIOS, we need a newer AMI tool.


No? That's a shame. Not even the AptioV version? In any case, I downloaded a fresh copy of the bios and ran it through UBU, and UBU evidently doesn't like Aptio 5 either (won't update the microcode). That's... Problematic. Sorry, guys, though hopefully that guide at least helps other people with previous-gen laptops like my G750JM.

Margus
Level 7
i did my bios edit week ago for my z97 does work ok even better then before i not expect fast response from asus to fix it because i not want wait and ubu was fastest solution to me.
Most asus boards have usb flashback is so foolproof solution to edit downloaded bios from asus site mod it make better and flash it.

Hard way flasing hardware chip flash in external way if really goes something wrong but with usb flashback nothing can go wrong because chip go to recovery mode and restore previous if file is bad its not flash it. You can always restore with flashback. So no harm made.

Brighttail
Level 11
I updated to 1102 on my Asus Rampage 6 Extreme. This BIOS is an Asus release on their product page. The patch took but it still shows that I'm vulnerable, not sure why. It also comes with a pretty significant performance hit, especially to SSDs. You can see my post here:

https://rog.asus.com/forum/showthread.php?99264-Bios-1102-Rampage-VI-Extreme
Panteks Enthoo Elite / Asus x299 Rampage VI Extreme / Intel I9-7900X / Corsair Dominator RGB 3200MHz

MSI GTX 1080 TI / 2x Intel 900p / Samsung 970 Pro 512GB

Samsung 850 PRO 512GB / Western Digital Gold 8TB HD

Corsair AX 1200i / Corsair Platinum K95 / Asus Chakram

Acer XB321HK 4k, IPS, G-sync Monitor / Water Cooled / Asus G571JT Laptop

Nate152
Moderator
I'm using the Maximus IX Code (z270).

All I did was update to the latest bios (1203) and update to the windows 10 fall creators update and it says I'm protected.

Was actually quite easy.

70673

sblantipodi
Level 9
70674

this is on my X99 Deluxe. shame on Asus.