Lenovo Rocked By Critical BIOS Vulnerability, Fingers Point To Shoddy Intel Reference Code
Lenovo is finding itself embroiled in yet another security scandal, and this time it revolves around the BIOS used in many of its PC systems. According to security researcher Dmytro Oleksiuk (aka Cr4sh), the vulnerability lies in the SystemSmmRuntimeRt UEFI driver component of Lenovo’s firmware. Oleksiuk claims that the exploit is present in every ThinkPad machine dating back as far as the X220 and as recently as the T450s.
http://hothardware.com/news/lenovo-rocked-by-critical-bios-vulnerability#UqMMYAOpbFhlvfgL.99
oy vey
Does this mean that my precious X200 is safe?
>>55424677
yeah they did a great job with that brand
that's why IBM switched to Apple
>>55427399
No, core duo has a security problem too.
Chromebooks are the new Thinkpads for GNU/Linux
>>55427676
The memory sinkhole, right?
Thx /g/, I feel for the thinkpad meme and now the nsa can hack me. Is this fixable?
>>55427692
yes
>>55427706
install libreboot.
You're entire existence is a meme.
>>55427685
botnet
>>55424677
UEFI was a mistake
I'll stick with my x200 and t500 until Libreboot gets its shit together with the chromebooks.
>as far back as x220
Normies, when will they learn. am I rite?!
>>55424677
It seems that the bug was in Intel's UEFI code. So it'll potentially affect many machines other than thinkpads.
Yet again C proves to be a shitty language that encourages shitty and unsecure programming practices. Thanks, Bell Labs.
>>55424677
This vulnerability was also found on some Gigabyte motherboards, as well as HP laptops. It's most likely something that will require a ton of manufacturers to release BIOS updates for their products, it just so happens that Lenovo was the first one to be discovered.
>>55427742
GNU/Linux not CrOS/Linux
Point is you install GNU/Linux on the chromebooks. Chromebooks are more open than Thinkpads have ever been ootb
>>55427723
Isn't the memory sinkhole an hardware vulnerability? How can libreboot prevent it from being exploited?
>>55427764
>wahhh my low level programming language didn't protect me from fucking up
Are you a fucking moron?
>>55427783
Sounds scary but is preventable.
http://blog.jacobtorrey.com/mitigations-to-the-memory-sinkhole
NSA backdoor.
>>55427782
Does anyone still make chromebooks with upgradeable SSDs? I need at least 250GB to feel comfortable.
Are any of the recent chromebooks worthy replacements of the X200?
>>55427847
The NSA doesn't need these hacks to get in because Intel already gives them the keys to the Management Engine.
>>55427782
>Point is you install GNU/Linux on the chromebooks.
You can't do it because loader is blocked.
>Chromebooks are more open than Thinkpads have ever been ootb
I see google dog-collar pretty comfy for you.
>>55427863
Man this sucks.
Are there any CPUs that aren't inherently insecure with this ME shit?
>>55427871
oh man where to start
>loader is blocked
I assume you mean bootloader? you know, the one running Coreboot, not UEFI or BIOS or any of that garbage? The one that you can use flashrom to flash from your OS? That "loader"?
Is my t420 safe?
>>55427871
>I see google dog-collar pretty comfy for you.
talking shit and doesn't even know how to install his own os
topkek
>>55427764
>blaming the language for the programmer's incompetence
>implying shit gets any easier in assembly
>>55427786
Ada can be used for bare metal programming and offers stronger guarantees without additional developer effort.
The only way to write C that's almost as reliable as average Ada code is to follow NASA's coding standard, but that severely gimps the language.
>>55428027
It would probably be easier to replace the current developers with better C programmers than it would be to replace them with Ada programmers.
>>55428081
The problem is the way C is designed. It makes writing safe programs cumbersome, so developers, not just incompetent ones, tend to take unsafe shortcuts.
>>55428196
You said that before, and I'm giving you the benefit of the doubt, but I'm saying it would probably be easier to find C programmers who are willing to take their time rather than find Ada programmers.
>>55427908
>I assume you mean bootloader?
You right I mean bootloader.
>you know, the one running Coreboot, not UEFI or BIOS or any of that garbage? The one that you can use flashrom to flash from your OS? That "loader"?
And? You lose warranty if try to do it, also firmware have many problem with alternative OS.
As result you'll get just another tivoizated toy.
At this point, any of chinese laptop even more free.
>>55427902
Don't buy x86 then.
>>55428437
>You lose warranty if try to do it
so flashing coreboot on a Thinkpad doesn't void the warranty? pretty sure it does. cuz if you DON'T flash coreboot on a thinkpad you've got a pretty non-free laptop
also the stock coreboot has SeaBios payload, meaning it's configured out of the box to allow alternate OS installation.
additionally, most Chromebook drivers are already in mainline kernel
therefore out of the box, under warranty, the chromebooks are far more free, and far more compatible, than almost any other laptop you could possibly buy
>>55427871
>You can't do it because loader is blocked.
Well gee, why does Libreboot support it then on at least one model? https://libreboot.org/docs/hcl/c201.html
>>55428466
I don't think any silicon is really trustworthy. Given a small enough node process, one can hide whatever they want even on small dies.
>>55428574
>This board is unsupported in libreboot
Because ARM TrustZone not totally crap as Intel ME but anyway it's shit.
Also all modern Chromebook with Intel.
>>55428739
Did you even read the full link? It's supported in the newest builds and it says why.
>>55428547
>so flashing coreboot on a Thinkpad doesn't void the warranty? pretty sure it does.
Yes of course, even use unoriginal battery or AC adapter will void warranty.
>cuz if you DON'T flash coreboot on a thinkpad you've got a pretty non-free laptop
Even if flash it a will got a pretty "non-free" laptop.
>also the stock coreboot has SeaBios payload, meaning it's configured out of the box to allow alternate OS installation.
Uhh... No just few early model use SeaBios.
New Chromebook use private version of Coreboot+u-boot.
>additionally, most Chromebook drivers are already in mainline kernel
Oh... Not even half from GPU to Wi-Fi.
>therefore out of the box, under warranty, the chromebooks are far more free, and far more compatible, than almost any other laptop you could possibly buy
So do you unironically believe you can't get better laptop under 500$ with decent hardware and good *nix support?
I really need learn from Google how to get tame human animal pet.
>muh GET A THINKPAD AND RUN OPEN SORES XDD
Further proof that you're way safer with an Apple brand laptop.
