Question AMD Security Vulnerability APU "SMM Callout"

[aigomorla]

Welp told you guys.
Make something popular, give it time, and it will be hacked.
People and AI are too smart these days, that nothing is unhackable, its just either unprofitable, until it becomes profitable.

AMD says it will fix new CPU bugs by the end of June 2020

AMD Accelerated Processing Unit (APU) processors released between 2016 and 2019 impacted by new "SMM Callout" bugs.

www.zdnet.com

The three bugs, which AMD refers to as "SMM Callout," allow attackers to take control over the UEFI firmware of AMD CPUS, and inherently of the entire computer.

I just hope whatever patches come out wont be as bad as spectre as it really hurt nVME performances on Intel's which were affected.

 

[tcsenter]

Don't BIOS passwords get reset when you remove the battery, or use the reset jumpr?

Not for many years now, except perhaps for some rare exceptions. The passwords are double stored in both BIOS/UEFI and backed in a secured area of NVRAM memory within the chipset (with embedded storage controller), the ATA security enabled HDD controller/ASIC, or the storage controller (if add-in card). e.g. ATA Security Feature for locking a HDD to a particular storage controller.

The BIOS/UEFI is your interface to the security feature (enabling, setting the password, entering the password or security keys) but they are resident elsewhere and thus cannot be cleared by resetting/clearing the CMOS or updating the BIOS, unless specifically designed to do so by physical access to the motherboard (e.g. via jumper pack).

 

[Tuna-Fish]

I just hope whatever patches come out wont be as bad as spectre as it really hurt nVME performances on Intel's which were affected.

Since these are SMM bugs, the patches will have no performance impact.