On 11/22/2017 12:42 AM, Adam Carter wrote:
I notice that an update for sys-firmware/intel-microcode just come through
on ~amd64, does that address the ME issues?
http://www.zdnet.com/article/intel-weve-found-severe-bugs-in-secretive-management-engine-affecting-millions/
Or will my NUC need a firmware update?
That would be "solved"[1] via a firmware update, microcode update is
microcode - only for the cpu.
If you don't get one for your hardware due to the vendor saying it is
"too old" (to scam you to buy a new motherboard for no reason) you can
bisect the BIOS update and add it yourself (ask on the coreboot
mailinglist how to do this for more info) not too difficult.
Using ME cleaner would also solve the issue and you wouldn't need any
more firmware updates when the next "bug" comes around.
[1] Intel ME/AMD PSP will always be full of security "bugs" as they are
designed to be an uber backdoor for god knows who - one can avoid this
via getting either a slightly older x86-64 setup such as
KCMA-D8/KGPE-D16 opteron motherboards (RYF libre firmware and a libre
bmc firmware is available for them they also don't need microcode updats
for series 2 CPU's), a g505S laptop (open source init firmware
available) or a TALOS 2 server/workstation (POWER9, very very high
performance high end server hardware with the usual price for that level
of performance but you get libre firmware AND libre hardware RYF
certification pending on release)