Can say I've had any issues with the new firmware, but that explains the intel firmware rollback that got pushed yesterday on most Ubuntu derivatives and I'm assuming other distros as well. Thanks for the links, it's an interesting read.

Also linked in the same conversation is the point where Torvalds went sheepishly silent after being made aware that he had two issues mixed up and his hissy fit was kinda pointless:

"Dude, you is the mix-up, yo!": https://lkml.org/lkml/2018/1/21/194
"Um, well,... the naming is le stoopid! kthxbye": https://lkml.org/lkml/2018/1/21/201

There are some class action law suits in the offing & not just in the states.

This is all so confusing to read.

So what kind of patches am I expecting for e.g. my 5 years old ASUS gaming laptop? Microsoft will or has published some Windows 7 OS update (which I haven't updated yet; I ran the manual Windows 7 OS update a bit before this whole hoopla started), and on top of that there would be a BIOS/UEFI update (from ASUS?) at some point? Do I need to install both, or do they do the same thing?

Will PC vendors release new BIOS/UEFI updates for their old PCs anyway? I don't think e.g. ASUS has published new BIOS/UEFI updates for my ASUS G75VW for many many years.

Last but not least: was it so that AMD CPUs are totally unaffected by the Meltdown vulnerability, so they don't need to care about either the OS nor the BIOS/UEFI updates? If so, shit, I should have bought some AMD shares.

I guess for now I will do nothing, not getting Windows 7 updates nor any new BIOS updates, and just try to act calmly online, not downloading and installing any freeware or pirate software from unknown sources. Hopefully that keeps me secure for now even with these vulnerabilities.

Also I guess I will not buy any new PC for now, until this shit is sorted out somehow, or I know AMD CPUs are good to buy (even with the Spectre vulnerability).


One more thing. The articla warning about not installing recent Intel firmware updates said that "no you can't roll back either"... does it really mean you can't simply reflash the BIOS/UEFI with the earlier version? Why not, has that been prevented in some way?

Yes, you need both, just one won't offer full protection. Problem being whether the firmware update will be offered. Linux users have it easy, as Intel releases Linux firmware and there is a way to load it, though that makes the OS load it, not the BIOS, so in case of multiboot systems it needs to be applied to all OSs. On Windows they apparently don't, though there are programs that use the Linux code to apply it in the same way to Windows as well, but use at your own risk sort of thing. But maybe MS will release something similar, when Intel will get its act together.

Doubt it. If anything, they may use it to spur people into buying new stuff even more, so it'll be "supported".

As far as I know, yes in case of Meltdown. They are affected by Spectre though, everything is, including phones and little embedded CPUs in various other things. And Spectre is a tough one to fix.

First attack vector is likely to be sites, any JavaScript, injected in ads, that sort of stuff. Since it's information disclosure, the vulnerability can't be used to write, delete or execute, data also needs to be sent, so it'll also escape notice while browsing but if running locally a proper firewall should do a decent job of stopping programs from connecting if you don't want them to.

Yeah, seems the smart thing to do, nothing currently or the market or released this year, at least. But with Intel apparently not even planning to fix hardware, in terms of Spectre at least, for at least the next few years, hmph...

Not sure, that confused me too.

I read it as "you can't reflash".

Also, there is one more thing: all software-only patches (like Windows Updates) probably do not work without proper MCU - so do not be so happy about "I installed just software patches and I can't see any performance drops" opinions.

Technically there a number of ways how one can downgrade the BIOS. 2 Methods I used on a regular basis were with a Bios programmer USB tool and the other using "Flashrom" a Linux based software. There are also some companies that offer similar software such as Intel itself.

I don't use Windows but I've been told that MS has in the past released cpu microcode in the same manner, but not very often and not since 2015. Maybe they eventually will again once this thing gets settled somehow, but right now there isn't even fixed microcode available that hasn't been pulled back by Intel. Even when it was still recommended it only addressed certain families of processors.

Intel's statements are very carefully worded, but I read them to say they only ever plan to address products up to five years old. No one else can do anything about them, so they're not getting fixed.

I understood that Cortex-A53 and Cortex-A55 don't do out-of-order execution and thus things based on them like Snapdragons 4xx, 625, 626 and 630 aren't vulnerable to Spectre. This covers my phone, so I hope it's true. Cortex-A75 on the other hand is even vulnerable to Meltdown, despite not being Intel.