1 2 3 Previous Next 44 Replies Latest reply on Apr 15, 2018 9:29 PM by N.Scott.Pearson Go to original post
      • 30. Re: Spectre and meltdown attacks affected cpus
        N.Scott.Pearson

        I answered this before. If you go to this page: INTEL-SA-00088 Schedule for Intel Desktop Boards, while it is true that they have not published a schedule as yet, if you click on the See All in the Find support for related products section, you will see what I interpret to be the full list of Intel Desktop Board products that they intend to release updates for. As you can see, this encompasses practically all of the 5 through 8 Series Intel Desktop Boards (coinciding with the 1st through 4th Generation Intel Core processors).

         

        As the original and Feb. 20th update for the INTEL-SA-00088 Advisory has detailed, Intel's highest priority is to deliver updates for the processors produced over the past five years. Work on older processors will not begin until this goal has been met. Once this work is begun and schedules for the delivery of the microcode updates for these older processors have been established, they will then be able to assess when the updates can be delivered for the Desktop Boards.

         

        Sorry I can't do any better than this. It is what it is.

        ...S

        • 31. Re: Spectre and meltdown attacks affected cpus
          puppy

          Update on Spectre and Meltdown security updates for Windows devices - Windows Experience BlogWindows Experience Blog

           

          We will offer additional microcode updates from Intel as they become available to Microsoft.

           

          So yes, Microsoft will deliver CPU microcode updates if hw vendors are not interested for older devices.

          • 32. Re: Spectre and meltdown attacks affected cpus
            Trilogy

            My PC's CPU has Core 2 Duo E 6600 (Conroe) and Core 2 Quad Q 6700 (Kentsfield), is it influenced by Specter?

             

            Yesterday, the CPU of 10 years ago had an announcement to cancel the correspondence, but even if I looked at the list, these CPUs were not mentioned.

            • 33. Re: Spectre and meltdown attacks affected cpus
              rondi

              I posted in #8, 1/6/2018 asking about the ME firmware for my Desktop Board DQ77MK with a Gen 3--- i7-3770 @3.4ghz running W7 Pro. Numerous replies since then with dates that keep slipping.

               

              The info I have came from here: https://www.intel.com/content/www/us/en/support/articles/000026630/boards-and-kits/desktop-boards.html  dated 3/30/2018.


              I have never updated Bios--unless MS Update service did unknown to me. The table lists a version required table. I read the contents of version 154 ( just to see what they look like) and it does not list a required installed prerequisite, So does this mean--if I have original Bios from the factory, which I have, I don't need to install another version, assuming the version for my board does not either?

              • 34. Re: Spectre and meltdown attacks affected cpus
                N.Scott.Pearson

                Normally, it is necessary to install multiple BIOS releases along the way; too big a jump and problems can occur. At specific points in time, BIOS releases will contain security fixes or updates to the ME firmware and it is recommended that you properly update through these releases. I do not know what BIOS your board came with (different build batches came with different BIOS versions installed), so I do not know where you fall within this list, but this is the set of BIOS updates that need to be installed (in order): 39, 48, 52, 56, 66, 71, 72. If your board came with BIOS 56 installed, for example, than you would need to upgrade to BIOS 66 then 71 and then 72 (and then, of course, to the new version containing the updated microcode, whenever it appears). If your board has an earlier BIOS, then you may have more BIOS releases to work through.

                 

                There is an alternative to this. You can jump all the way to the latest version if you are willing to use the BIOS Recovery method (documented here: Intel Desktop Boards Recovery BIOS Update Instructions) to install the latest BIOS. If you wish to attempt this, here is my recommended process:

                 

                1. Insert a USB 2.0 flash disk (do not use USB 3.0 flash disks) into a Windows-based PC (do not use Linux- or MACOS-based PCs) and reformat this flash disk, using the FAT32 file system and with the Quick option disabled.
                2. Place the downloaded .BIO file (in your case, it should be MK0072.BIO) onto this flash disk.
                3. Properly eject this flash disk from the PC using either the Eject capability provided in Windows File Manager or using the Safely Remove Hardware and Eject Media ICON in the Windows System Tray.
                4. If not already, power off the PC containing the MK board.
                5. Remove the yellow BIOS Configuration jumper from the board.
                6. Insert the USB 2.0 flash disk into one of the black USB 2.0 ports on the back panel of the board (do not use blue USB 3.0 ports and do not use front panel USB ports).
                7. Power on the PC containing the MK board. The BIOS should then automatically perform the BIOS Recovery operation, displaying its progress onscreen.
                8. WARNING: It you do not see any onscreen progress messages, do not power off or reboot the PC for at least 10 minutes. While unlikely, it is possible that the BIOS Recovery operation could proceed without an onscreen display. If you interrupt this process, you will likely corrupt your BIOS flash and permanently brick the board.
                9. When the BIOS Recovery is completed, you will receive an onscreen message indicating so. When you see this message, power off the PC.
                10. Restore the yellow BIOS Configuration jumper to pins 1-2 of the header (i.e. same pins it was on before you removed it).
                11. Remove the USB 2.0 flash disk.
                12. Power on the PC.
                13. When the BIOS Splash screen is displayed, use the F2 key to enter BIOS Setup.
                14. Verify that the BIOS present is the correct version (i.e. that the BIOS Recovery completed properly). If it is not, go back to step 4 and repeat the process.
                15. Press the F9 key (followed by the Y key) to clear the BIOS Configuration.
                16. Press the F10 key (followed by the Y key) to save the configuration change and reboot the PC.
                17. When the BIOS Splash Screen is displayed, again use the F2 key to enter BIOS Setup.
                18. Make any changes to the BIOS Configuration that you absolutely require (BIOS Boot Order, etc.).
                19. Press the F10 key (followed by the Y key) to save the configuration change and reboot the PC.

                 

                My final recommendation is that you upgrade to BIOS 72 now and then upgrade to the new BIOS when it is released. BIOS 72 contains updated ME firmware that contains fixes for the ME vulnerabilities described in the INTEL-SA-00075 Advisory.

                 

                Hope this helps,

                ...S

                • 35. Re: Spectre and meltdown attacks affected cpus
                  rondi

                  Scott--thanks very much for the detailed reply.

                  I have 0054 installed so my next one is 56. You have a much shorter list ( ie, you jump from 56 to 66) --perhaps because it is an example, but maybe you have a  reason???

                  EDIT--I think I see your reasoning--In the Release Notes/ Fixed issues there are security issues fixed in your list--the other ones do not security issues. Is that correct?

                   

                  If I use your short list--I'll install the versions individually It's only 4, IF I gotta install all of them--I may use the Recovery method.

                  The board download lists 17 versions to get to 72. Download BIOS Update [MKQ7710H.86A]

                   

                  From what I see on the board list there is only one Intel® Management Engine (Intel® ME) version 8.1.40.1416 for Intel® Desktop Boards and that is between Bios 62 & 64--there is no 63 listed.

                   

                  If it matters, Intel Detection Tool says I have installed the ME version 8.1.7.1.3608. It is not listed in Windows Update History File--so Perhaps the Intel Driver and Support Assistant Installer installed it. That Intel program is installed, and always gives me an error, perhaps because one of the error could be "Your component is discontinued or is not supported."  The problem might be--I have 2608 installed--MAYBE those older Bios versions will not like and brick my Board??? I have read horror stories on the Lenovo Security forums about bricked motherboards--some owned by IT folks--iow they most likely RFM--but then maybe not

                   

                  I see a header on my board labeled Intel MXBX reset header--is that the jumper that is referred to? I did not look thru the manual--I just looked at the connections on the board.

                  Thanks again,

                  Ron

                  • 36. Re: Spectre and meltdown attacks affected cpus
                    N.Scott.Pearson

                    As I said, you should install through all releases that include security updates and/or ME firmware updates. The list I provided is not an example; I looked through the BIOS release notes for the MK BIOS and identified the updates that included either of these update types. I saw nothing in any of the other updates that would make me recommend that they be included as well. So, your choices are to either do the 4 versions in the list using the normal update methods or go for the BIOS Recovery option.

                     

                    If you decide to do the 4 BIOS updates, you could put all 4 of these onto a USB flash disk and then use the (recommended) F7 method to install them (it presents a dialog that allows you to select which BIO file to install). If you haven't done so previously, I recommend that you reformat the USB flash disk per the instructions in step 1 of my BIOS Recovery procedure. Further, after installing the final BIOS update (MK0072.BIO), I recommend that you perform steps 13 through 19 of my BIOS Recovery procedure. This procedure ensures that any changes made in the BIOS Configuration parameters are properly handled (sometimes, over a large number of BIOS releases, the "current" parameter settings can get out of sync with the overall parameter set).

                     

                    No, if you have a newer version of the ME firmware already installed, the ME firmware version in the BIOS update will simply be ignored.

                     

                    No, it is not the MEBX header (leave that one alone). Your board will only have one yellow jumper (any others will typically be black), so finding it should be fairly easy.

                     

                    Hope this helps,

                    ...S

                    • 37. Re: Spectre and meltdown attacks affected cpus
                      rondi

                      Hi, You are truly an asset to this forum. Lots of straight answers you have provided since this Meltdown/Spectre problem when I joined.

                       

                      Back again---I used the Express BIOS Update to install 56 (the next on the list after my current 54). All passed until it was installing the Firmware for the ME Engine. It sat there for a little bit with the end dash spinning like a wheel. The update that said there was "ERROR FWUP"  (plus a few more letters on the next line they disappeared before I could write it down) that replaced the wheel.. After about 10 sec the screen was blank and it rebooted to W7. I shutdown and restarted it. W7 had the Welcome screen, then the screen went light blue, about the same time as the initial try--maybe longer a message window popped up said "Congrats--you have successfully updated your BIOS. I looked at the read me---it was just info about the program--- "Custom BIOS Update Release 1.3 12/21/2011" followed by requirements etc, Nothing about the error. I pressed Finish and it continued into W7. I shutdown, restarted W7, hit F2 at the boot screen. The BIOS version was still 54. It appears nothing got updated. When I exited, I Exit without Saving--since it appeared to not have installed 56.

                      EDIT--Maybe it did not recognize I have 64 bit and it tired to install a 32bit version.

                      and there is na ME Engine Driver " Version: 8.1.40.1416 5M (Latest) Date: 10/14/2013" after ver 65 (10/3/2013) and 66 (3/18/2014). Maybe existing BIOS at the time was not effected??  end EDIT

                       

                      Is install error is because my ME Engine is already at 3608--a higher level than 1336 version 56 wanted to install? As you know, the next ME Engine install is on 72--which is the last version---so maybe it will not install either--and perhaps 66 & 71 won't install either.

                       

                      I was thinking of trying the BIOS Recovery method you posted, using the 56 BIO file (on a FAT 32, USB 2.0 NON-bootable memory stick), but I thought it might have the same problem--and a bit more complex to do. I found on the main board PDF where the jumper plug is, that is removed when in recovery mode.

                      I understand about using the rear panel USB 2.0 inputs, but what is gonna cause the .bio file to install into the BIOS. Other procedures mention about using a BOOTABLE memory stick. I do have a Bootable USB NTFS formatted with the W7 Pro installation on it for my Lenovo laptop. I don't it has ever worked on my Desktop.

                       

                      What now boss---awaiting your instructions--hopefully I did not miss a step

                      Ron

                      • 38. Re: Spectre and meltdown attacks affected cpus
                        N.Scott.Pearson

                        When you told me the ME firmware version that you had, I suspected that this might occur (but hoped it didn't)...

                         

                        What this is telling me is that, because you ran the tool to install the ME firmware fix for the INTEL-SA-00086 vulnerabilities, it isn't going to let you install any of the previous BIOS releases because they have older versions of the ME firmware. This means that you will have to use the BIOS Recovery process to jump to BIOS 72, as this BIOS (and the forthcoming new one) are the only ones that have the same or newer ME firmware included within it.

                         

                        So, decision time. You can install BIOS 72 now, using the BIOS Recovery process outlined, and then, when the new BIOS is available, you can install it using the normal BIOS update process. Alternatively, you can just wait and, when the new BIOS is available, install it using the BIOS Recovery process. I recommend the former, since it immediately gets you all of the bug fixes and compatibility updates that have come out since your board was built, but you can choose to do the latter if you don't plan on doing anything at the BIOS level before this new BIOS appears.

                         

                        ...S

                         

                        P.S. When I say "normal BIOS update process", I mean the F7 method. I do not recommend the use of the Express BIOS Update executables.

                        • 39. Re: Spectre and meltdown attacks affected cpus
                          rondi

                          OK thanks, I've got my USB 2.0 stick formatted FAT32 in a USB 2.0 slot, and the MK0072.bio file on it. I haven't pulled the BIOS Conf Jumper yet--but I'm ready to.

                           

                          What are the odds this will work and not brick my board?

                           

                          I ask because as you know ME Engine f/w 3608 is already installed. Is the recovery just going to write the main BIOS and either try to write the 3608 and fail, but after checking it will find 3608 is installed, overwrite the currently installed 3608 or not try to install it and consider it successful?

                          Per your #8 warning--what if after 30 min I see no an onscreen message? What then?

                          I understand about steps 9-19--assuming it completes and displays line 9

                           

                          I have no backup .bio file to load, do I need one?

                          Should I restore my current BIOS setting to Default before I update?

                           

                          If there is any chance this will not install 72 with my current ME 3608 installed, then I will wait until the final BIOS comes out, which should work ok since it is expecting ME 3608.

                          THANKS

                          Ron

                          • 40. Re: Spectre and meltdown attacks affected cpus
                            N.Scott.Pearson

                            Since ME firmware updates are not done all that often, it is completely normal to see BIOS updates that include the same ME firmware release that is already installed. In this case, however, things are far from normal. A ME firmware update was released independent of the BIOS. It was intended to be installed onto systems that already had the latest (72) BIOS installed, not a down-rev version as you had. The possibility exists that even BIOS 72 will not install. The forthcoming BIOS update may be the only one that will install. So, should you try to install 72 or should you wait? In theory, since the ME firmware is installed first, if it is rejected for being down-rev, the overall BIOS installation will be rejected; no harm, no foul. The chance of this resulting in a bricked BIOS is very small. Now, if you have a flash programmer, it is possible to use it to make a backup copy of the flash component, just in case. There is no other capability for making a backup, however.

                             

                            Clear as mud?

                            ...S

                            • 41. Re: Spectre and meltdown attacks affected cpus
                              rondi

                              Clear as crystal water actually

                               

                              It flashed without any problems, and I even managed to get the jumper plug back on--underneath all those SATA cables without removed the chassis to a bench.

                              A totally different looking screen--no question when it popped up. No error mention of already installed 3608, I guess it just over wrote--it did not care what version it was perhaps, since is the latest update.

                              So I followed your steps thru 16. Tomorrow I will use the pix I took of 54 settings and change them in 72.

                               

                              Thanks much for the help.

                               

                              I know I should have asked this in the Board forum--I did not expect to be this long. Hopefully it will help other users who are reluctant to try. 

                              Hey If I can do it, most anybody can--I would not have done without your help tho!

                               

                              THANKS again,

                              Ron

                              • 42. Re: Spectre and meltdown attacks affected cpus
                                N.Scott.Pearson

                                That's good to hear - and you're welcome. As for forums, I have moved this conversation into the Desktop Boards forum where it more-properly belongs.

                                ...S

                                • 43. Re: Spectre and meltdown attacks affected cpus
                                  rondi

                                  Hi, I think only posts 31 thru 41 ( conversations about updating my BIOS) should be moved. The rest of the conversations all involve CPU's and or Meltdown/Spectre hacks--which should be in Processors---or perhaps a Security forum is there is one. imho

                                  • 44. Re: Spectre and meltdown attacks affected cpus
                                    N.Scott.Pearson

                                    You're right; I moved it back to the Processor forum. There is no separate forum for Security; perhaps there should be...

                                    ...S

                                    1 2 3 Previous Next