MSI UEFI firmware master keys stolen

[gpw928]

If you have an MSI motherboard, you probably don't want to flash the firmware any time soon.

With no easy way to revoke compromised keys, MSI, and its customers, are in a real pickle.

 

[ct85711]

This isn't really surprising to have happened. At least on the bright side for MSI, is that the damage is semi constrained to their current/older products, so they have a chance of revoking/replacing the key on new/future products. Considering the rate Intel and AMD is pushing out new processors, just gave them a reason to give early EOL on the compromised hardware, getting people buy new hardware.

 

[Crivens]

"Only a matter of time, I suppose..."
I would not upgrade the firmware now from anyone. And this is only one of the cases where we get to be told. When there is such keys, such keys get stolen.

 

[hardworkingnewbie]

UEFI is just a major clusterfuck. I mean there are rootkits out there for UEFI, so... it's shite.

 

[Crivens]

Yep. And now the keys who were supposed to make that impossible have walked out of the door. Not that I would like a locked down UEFI any more than a compromised one. Please give us hardware that can reliably be wiped and reinstalled with no way of something staying behind.

 

[hardworkingnewbie]

Well there's e.g. Coreboot, around since 1999. But almost nobody uses it.

 

[SirDice]

UEFI is just a major clusterfuck. I mean there are rootkits out there for UEFI, so... it's shite.

There's malware for BIOS, ACPI and a few other things too. Nothing's changed.

 

[yuripv79]

I read it as MS at first, and was like "oh wow"; then I read it correctly...