Community
cancel
Showing results for 
Search instead for 
Did you mean: 
MSmit13
Beginner
1,431 Views

BIOS update to address Meltdown/Spectre on 5th Gen Core

I have a few dozen NUC5i7RYH and my org is making a strong push to mitigate Meltdown/Spectre. The latest BIOS release for this kit (0368) was released on Dec 20 2017, just a week or so before the exploits were disclosed. Is there any information on when we can expect an update to address this?

0 Kudos
6 Replies
idata
Community Manager
126 Views

Hello, smimatt

 

 

I understand you would like to know more information about the Spectre and Meltdown issue. Allow me to help you regarding this question you have.

 

 

We are still working hard to provide a solution for this issue. Intel and other companies have begun providing software and firmware updates to mitigate these exploits. You can also check with your operating system vendors if there is any update available.

 

 

Please find more information about this issue below:

 

Antony S.

 

n_scott_pearson
Super User Retired Employee
126 Views

According to the Release Notes, BIOS 368 contains the updates for SA-00088.

...S

fnash
New Contributor I
126 Views

the relevant link for NUCs seems to be https://www.intel.com/content/www/us/en/support/articles/000026620/mini-pcs.html Intel-SA-00088 for Intel® NUC, Intel® Compute Stick, and Intel®...

the entry in the bios release notes only says "Updated CPU Microcode (Security Advisory-00088)". It'd be nice to know more about what is covered by the fix and the performance impact.

svenry
New Contributor I
126 Views

It'd be nice to know more about what is covered by the fix and the performance impact.

mh6
Beginner
126 Views

Hi,

Thanks for sharing information. Any chance you can elaborate a bit more on this topic?

Having upgraded my Intel NUC D54250WYKH with bios from the link posted by user fugounashi in this thread, it still gives "red" result if I run Microsoft's test script (https://www.powershellgallery.com/packages/SpeculationControl/ PowerShell Gallery | SpeculationControl 1.0.4).

Speculation control settings for CVE-2017-5715 [branch target injection]

For more information about the output below, please refer to https://support.microsoft.com/en-in/help/4074629

Hardware support for branch target injection mitigation is present: False

Windows OS support for branch target injection mitigation is present: True

Windows OS support for branch target injection mitigation is enabled: False

Windows OS support for branch target injection mitigation is disabled by system policy: False

Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True

Windows OS support for kernel VA shadow is present: True

Windows OS support for kernel VA shadow is enabled: True

Windows OS support for PCID performance optimization is enabled: True [not required for security]

Suggested actions

* Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation

BTIHardwarePresent : False

BTIWindowsSupportPresent : True

BTIWindowsSupportEnabled : False

BTIDisabledBySystemPolicy : False

BTIDisabledByNoHardwareSupport : True

KVAShadowRequired : True

KVAShadowWindowsSupportPresent : True

KVAShadowWindowsSupportEnabled : True

KVAShadowPcidEnabled : True

Will there be another update?

Thanks in advance

KMcDo3
New Contributor I
126 Views

I, too, have a D54250WYKH and am anxious for a resolution of this issue.