Intel me 8 1 updating tool
We encourage you to review Intel’s Security Advisory for more information on the vulnerabilities, including identification and mitigation measures.
The table below identifies affected ASUS motherboards and outlines our recommended update method.
the possibility that a bogus entry can get dropped into the Secure Boot database.
This increases the possibility of attacks similar to the kexec exploit Matthew Garrett described at Kiwicon, or an attack that is enabled by a bogus db entry.
The UEFI specification requires user present intervention to enable or disable Secure Boot.
“Surface Pro and Surface Pro 2 systems currently do not include the Microsoft UEFI Certification Authority certificate in the systems’ UEFI Secure Boot database.
If present, this certificate would be in the Allowed Database (also referred to as ‘db’), enabling the execution of 3 The UEFI CA key is typically a topic of conversation for using Linux on UEFI without disabling Secure Boot. But there’s more to this utility than rocking open SUSE or Ubuntu on Microsoft branded hardware.
Even though it’s not a simple process, the Microsoft UEFI CA tool uses this requirement as a way to protect the user when adding more pre-OS flexibility to their systems.
Brian Richardson is a Senior Technical Marketing Engineer with Intel’s Software and Services Group (SSG).
Brian’s opinions aren’t always the same as Intel’s, even when he’s blogging on firmware.