Lenovo Rocked By Critical BIOS Vulnerability, Fingers Point To Shoddy Intel Reference Code
Lenovo is finding itself embroiled in yet another security scandal, and this time it revolves around the BIOS used in many of its PC systems. According to security researcher Dmytro Oleksiuk (aka Cr4sh), the vulnerability lies in the SystemSmmRuntimeRt UEFI driver component of Lenovo’s firmware. Oleksiuk claims that the exploit is present in every ThinkPad machine dating back as far as the X220 and as recently as the T450s.
Thx Sup Forums, I feel for the thinkpad meme and now the nsa can hack me. Is this fixable?
Caleb Russell
yes
install libreboot.
Grayson Sullivan
You're entire existence is a meme.
Carter Martinez
botnet
Samuel Roberts
UEFI was a mistake
Zachary Mitchell
I'll stick with my x200 and t500 until Libreboot gets its shit together with the chromebooks.
>as far back as x220
Normies, when will they learn. am I rite?!
Kayden Harris
It seems that the bug was in Intel's UEFI code. So it'll potentially affect many machines other than thinkpads. Yet again C proves to be a shitty language that encourages shitty and unsecure programming practices. Thanks, Bell Labs.
Xavier Cook
This vulnerability was also found on some Gigabyte motherboards, as well as HP laptops. It's most likely something that will require a ton of manufacturers to release BIOS updates for their products, it just so happens that Lenovo was the first one to be discovered.
Wyatt Martinez
GNU/Linux not CrOS/Linux
Point is you install GNU/Linux on the chromebooks. Chromebooks are more open than Thinkpads have ever been ootb
Leo Wood
Isn't the memory sinkhole an hardware vulnerability? How can libreboot prevent it from being exploited?
Gavin Sanders
>wahhh my low level programming language didn't protect me from fucking up Are you a fucking moron?
Does anyone still make chromebooks with upgradeable SSDs? I need at least 250GB to feel comfortable. Are any of the recent chromebooks worthy replacements of the X200?
Blake Adams
The NSA doesn't need these hacks to get in because Intel already gives them the keys to the Management Engine.
Carter Collins
>Point is you install GNU/Linux on the chromebooks. You can't do it because loader is blocked. >Chromebooks are more open than Thinkpads have ever been ootb I see google dog-collar pretty comfy for you.
Dylan Reyes
Man this sucks. Are there any CPUs that aren't inherently insecure with this ME shit?
Lincoln Price
oh man where to start
>loader is blocked I assume you mean bootloader? you know, the one running Coreboot, not UEFI or BIOS or any of that garbage? The one that you can use flashrom to flash from your OS? That "loader"?
Isaiah Young
Is my t420 safe?
Bentley Murphy
>I see google dog-collar pretty comfy for you. talking shit and doesn't even know how to install his own os
topkek
Isaac Moore
>blaming the language for the programmer's incompetence >implying shit gets any easier in assembly
Dylan Cox
Ada can be used for bare metal programming and offers stronger guarantees without additional developer effort. The only way to write C that's almost as reliable as average Ada code is to follow NASA's coding standard, but that severely gimps the language.
Oliver Gonzalez
It would probably be easier to replace the current developers with better C programmers than it would be to replace them with Ada programmers.
Luis Perry
The problem is the way C is designed. It makes writing safe programs cumbersome, so developers, not just incompetent ones, tend to take unsafe shortcuts.
Thomas Adams
You said that before, and I'm giving you the benefit of the doubt, but I'm saying it would probably be easier to find C programmers who are willing to take their time rather than find Ada programmers.
Aiden Davis
>I assume you mean bootloader?
You right I mean bootloader.
>you know, the one running Coreboot, not UEFI or BIOS or any of that garbage? The one that you can use flashrom to flash from your OS? That "loader"?
And? You lose warranty if try to do it, also firmware have many problem with alternative OS. As result you'll get just another tivoizated toy. At this point, any of chinese laptop even more free.
Easton Morales
Don't buy x86 then.
Liam Cruz
>You lose warranty if try to do it so flashing coreboot on a Thinkpad doesn't void the warranty? pretty sure it does. cuz if you DON'T flash coreboot on a thinkpad you've got a pretty non-free laptop
also the stock coreboot has SeaBios payload, meaning it's configured out of the box to allow alternate OS installation.
additionally, most Chromebook drivers are already in mainline kernel
therefore out of the box, under warranty, the chromebooks are far more free, and far more compatible, than almost any other laptop you could possibly buy
Colton Nelson
>You can't do it because loader is blocked. Well gee, why does Libreboot support it then on at least one model? libreboot.org/docs/hcl/c201.html
Jeremiah Miller
I don't think any silicon is really trustworthy. Given a small enough node process, one can hide whatever they want even on small dies.
Joseph Rivera
>This board is unsupported in libreboot Because ARM TrustZone not totally crap as Intel ME but anyway it's shit. Also all modern Chromebook with Intel.
Landon Anderson
Did you even read the full link? It's supported in the newest builds and it says why.
Elijah Edwards
>so flashing coreboot on a Thinkpad doesn't void the warranty? pretty sure it does.
Yes of course, even use unoriginal battery or AC adapter will void warranty.
>cuz if you DON'T flash coreboot on a thinkpad you've got a pretty non-free laptop Even if flash it a will got a pretty "non-free" laptop. >also the stock coreboot has SeaBios payload, meaning it's configured out of the box to allow alternate OS installation.
Uhh... No just few early model use SeaBios. New Chromebook use private version of Coreboot+u-boot.
>additionally, most Chromebook drivers are already in mainline kernel
Oh... Not even half from GPU to Wi-Fi.
>therefore out of the box, under warranty, the chromebooks are far more free, and far more compatible, than almost any other laptop you could possibly buy
So do you unironically believe you can't get better laptop under 500$ with decent hardware and good *nix support? I really need learn from Google how to get tame human animal pet.
Grayson Foster
>muh GET A THINKPAD AND RUN OPEN SORES XDD
Further proof that you're way safer with an Apple brand laptop.