Ah great. Another deep hack to create a bootkit.
While I do want to stress this requires serious prior infection… Its still a bad infection.
So what are Linux users supposed to do? Even windows AV will struggle to detect this stuff. What can an average user, windows or Linux, do to prevent this exploit or make sure they are safe? Or is every privacy person now expected to purge their AMD computers and buy a new one?
No, just make sure you apply OS patches and don’t worry too much about it as there isn’t really anything more you can do. The only thing it does highlight is both Intel and AMD are going to be and are focusing on things which allow for persistent malware.
Isn’t this vuln patched with a bios update ?
Also, 3000 series Ryzen or older are affected but have a “no fix planned” which is really scummy.
afaict today’s real-ucode update includes these fixes for the following cpuids:
- 00860F01
- 00870F10
- 00A00F10
- 00A00F11
- 00A00F12
- 00A10F11
- 00A10F12
- 00A10F81
- 00A20F12
- 00A50F00
- 00A60F12
- 00A70F52
- 00A70F80
- 00AA0F02
- 00B20F40
- 00B40F00
- 00B40F40
It appears that these fixed microcodes were made back in February and largely released for Epyc in May, but the consumer Ryzen microcodes have been added over the past week thanks to user @westlake from the winraid forum.
This is again useful because none of my boards have had EFI updates for this issue yet for example.
AMD CPUs dating as far back as 2006 are affected. Inititally, Ryzen 3000 series was given the status of “no fix planned”. They have reconsidered that decision and it got patched after all.
Seems like AMD dropped security support for zen and zen+, even though all ryzen desktop processors are listed as “in scope” in their security support policy.
The AMD products listed below are considered in-scope for Security Support:
Hardware products:
[…]
AMD Ryzen™ processors