Reply to post:

Microsoft and dance partners coordinate firmware defenses with Secure-core PCs

Stuart Castle Silver badge

I'm going to wait and see before I pass judgement on this. It's good that someone is looking seriously at the firmware, because as noted in the article, any malware running as a result of firmware vulnerabilities can make itself invisible to the OS (and therefore any security software running on the OS). I count Intel management engine in that.

Personally, I'd like to see Intel ME disabled by default. Anyone who needs it for any reason can enable it.

Regarding the rest of it, on a professional level, I've always been slightly concerned it's possible to run pretty much any code on a UEFI firmware. I think as long as Microsoft don't specifically put in traps to stop Linux (and, despite their past tricks, I've no reason to believe they will, Windows accounts for only a small fraction of their business now, so it's not in their interest to lock people into it and risk legal action), a properly secured firmware is a good thing. Note: I am not saying Microsoft have changed into a good company. I still don't trust them as far as I can throw them. I am just saying I don't think Windows is the priority for them it once was, and I don't think they will risk legal implications.

Saying it's a small problem isn't helpful, IMO. It's a small problem now. That doesn't mean it's not a serious problem, and it does't mean it's not going to get worse. Waiting for motherboard manufacturers may not be an option either. Motherboard manufacturers frequently stop firmware updates within a year or 2 of a motherboard's release. This will still happen to motherboards with this "Secure Core", but my understanding is that the system will minimise the damage caused.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon