Announcement
Collapse
No announcement yet.
GIGABYTE Latest Beta BIOS
Collapse
This is a sticky topic.
X
X
-
Although there's a long list of motherboards "affected" I don't recall seeing the "App center download and installation?" option on my B550i which is still on BIOS F15 so I wonder if this issue was introduced in one of the later Betas BIOS for B550 X570 era boards - there's nothing listing which BIOS versions are affected only motherboard names and revisions
-
Originally posted by TheLizard View PostHmmm, I wonder when Gigabyte will release bios updates for this:
https://thehackernews.com/2023/05/cr...bility-in.html
.....Addresses Download Assistant Vulnerabilities Reported by Eclypsium ResearchLast edited by stasio; 06-01-2023, 10:59 AM.
Leave a comment:
-
Originally posted by diabetes View PostAccording to Reddit, AM4 300/400/500 series chipset AGESA version 1.2.0.A finally fixes the dreaded VID_LIMIT (1.425/1.45V depending on the SKU) that nonsensically gets set when increasing EDC with PBO and was introduced with AGESA 1.2.0.4. Let's hope that Gigabyte manages to roll it out soonish!
Leave a comment:
-
Originally posted by diabetes View PostAccording to Reddit, AM4 300/400/500 series chipset AGESA version 1.2.0.A finally fixes the dreaded VID_LIMIT (1.425/1.45V depending on the SKU) that nonsensically gets set when increasing EDC with PBO and was introduced with AGESA 1.2.0.4. Let's hope that Gigabyte manages to roll it out soonish!
Leave a comment:
-
Hello
Stasio , could we get ANY comment from Gigabyte about issues with X670E Master BIOS issues pointed in this video ?
https://www.youtube.com/watch?v=O2n4rOWehtQ " Testing some very strange VSOC behaviour on the Gigabyte X670E Aorus Master with the F10c BIOS"
?
Even with previous BIOSes i noticed strange behaviour, like overvolting Vcore, VSOC , and overheating CPU . but this is over the limits tbh.
As a casual customer, i expect to when i set all on default or auto - my mobo and CPU are perfectly safe.... looks like with Gigabyte ,,, they are not. That's terrifying
Leave a comment:
-
Originally posted by amEliza View Postthanks krato, i'm not expecting there to be a user accessible fix, but my expectations can be wrong, each oem firmware has its quirks
According to the specification, this results in the following scheme: PK and KEK can only be changed if:
In Setup Mode, when PKpub is signed with its associated PKpriv.
In User Mode, if the PKpub is signed with the current PKpriv of the firmware.??
But in the end, im just guessing here, since im noob.
Best regards, hope I could help?
Leave a comment:
-
According to Reddit, AM4 300/400/500 series chipset AGESA version 1.2.0.A finally fixes the dreaded VID_LIMIT (1.425/1.45V depending on the SKU) that nonsensically gets set when increasing EDC with PBO and was introduced with AGESA 1.2.0.4. Let's hope that Gigabyte manages to roll it out soonish!
- Likes 3
Leave a comment:
-
AMD Chipset drivers 5.05.16.529 https://www.amd.com/en/support/chips...ocket-am4/b550
Realtek 2.5Gb/s LAN drivers 1125.13 https://www.realtek.com/en/component...press-softwareLast edited by jwsg; 05-24-2023, 06:58 AM.
- Likes 4
Leave a comment:
-
New AMD Chipset Drivers 5.05.16.529
?https://www.amd.com/fr/support/chips...ocket-am4/b550
Release Highlights
=> Bug fixes on few drivers
Known Issues
- Sometimes custom install fails to upgrade to latest drivers.
- Manual system restart required on Non-English OS after the installation is complete.
- Uninstall summary log may incorrectly show uninstall status as fail on non-English OS.
Leave a comment:
-
Originally posted by amEliza View Postyou still haven't understood my post
secure boot is fully "enabled" and "active" but it can be disabled from within the os, that means it isn't secure boot, there's no boundary being enforced as physical access is no longer required, its a security vulnerability
its the same as having a locked door but a button to disable the lock is on both sides of the door, the door lock is engaged, the door lock works, but it doesn't actually keep anybody out
i don't need any help turning on the lock, the lock itself "works", but it serves no purpose because of the implementation
gigabyte has secure boot settings in the "published" hii, which they should not, other oems let you toggle publishing on or off, but it shouldn't be included at all
password protection would mitigate it but their uefi doesn't support password protection, trying to set one i get "Warning: BIOS does not support password feature"?
what i dont know is how to remove a setting from the hii database, how to disable publishing of the hii database, or how to enable password protection of the nvram containing the database
i can do these things on other oem uefi but not gigabyte
once the bios boots to the OS (AA post code)
windows has full control of the security , so bios security means nothing at this point
if someone has physical access to your PC , and is logged in it doesn't matter it's a user issue
if you bios password protect and shut down the PC it solves that problem
Leave a comment:
-
you still haven't understood my post
secure boot is fully "enabled" and "active" but it can be disabled from within the os, that means it isn't secure boot, there's no boundary being enforced as physical access is no longer required, its a security vulnerability
its the same as having a locked door but a button to disable the lock is on both sides of the door, the door lock is engaged, the door lock works, but it doesn't actually keep anybody out
i don't need any help turning on the lock, the lock itself "works", but it serves no purpose because of the implementation
gigabyte has secure boot settings in the "published" hii, which they should not, other oems let you toggle publishing on or off, but it shouldn't be included at all
password protection would mitigate it but their uefi doesn't support password protection, trying to set one i get "Warning: BIOS does not support password feature"?
what i dont know is how to remove a setting from the hii database, how to disable publishing of the hii database, or how to enable password protection of the nvram containing the database
i can do these things on other oem uefi but not gigabyte
update on this:
just got this tested on a similar board before reproducing same result my own, the secure boot settings specifically are blocked and don't actually take effect upon reboot
so i am wrong in that the specific secure boot settings i pointed to as a big obvious issue are actually fine on these boards (no doubt thanks to AMI)
that said, there are other security sensitive settings that can be changed and have similar implications, i can still point them out to gigabyte and I will continue asking them to enable uefi password protection and a toggle for publishing hii resources (similar to asus intel boards)
ofc my ask of any mitigation for this issue in the mean time remains the same while waiting on gigabyte?
Leave a comment:
-
Originally posted by Bcknee View Post
I had it off for a long time not realizing I found these steps on reddit and it fixed it for me
Make sure you are booting OK with CSM disabled before changing Secure Boot settings. People have bricked their system by following the wrong steps.
I also had it saying enabled not Active - this is a BIOS glitch it's not really enabled
On the secure boot settings if it says Mode:User you should be able to simply Enable Secure Boot
Otherwise (if it says Mode:Setup)
- Disable Secure Boot if it says Enabled
- If it says Standard change to Custom
- Change Custom to Standard accepting Factory Defaults
- Enable Secure Boot
?
@amEliza-- hope you get it sorted, Bcknee may have nailed it for you.
Leave a comment:
-
Originally posted by amEliza View Postthanks krato, i'm not expecting there to be a user accessible fix, but my expectations can be wrong, each oem firmware has its quirks
According to the specification, this results in the following scheme: PK and KEK can only be changed if:
In Setup Mode, when PKpub is signed with its associated PKpriv.
In User Mode, if the PKpub is signed with the current PKpriv of the firmware.??
But in the end, im just guessing here, since im noob.
Best regards, hope I could help
Leave a comment:
-
Originally posted by Bcknee View Post
I had it off for a long time not realizing I found these steps on reddit and it fixed it for me
Make sure you are booting OK with CSM disabled before changing Secure Boot settings. People have bricked their system by following the wrong steps.
I also had it saying enabled not Active - this is a BIOS glitch it's not really enabled
On the secure boot settings if it says Mode:User you should be able to simply Enable Secure Boot
Otherwise (if it says Mode:Setup)
- Disable Secure Boot if it says Enabled
- If it says Standard change to Custom
- Change Custom to Standard accepting Factory Defaults
- Enable Secure Boot
?
Leave a comment:
Leave a comment: