×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

AMI Firmware Source Code, Private Key Leaked

Soulskill posted 1 year,19 days | from the never-trust-others-to-respect-your-property-as-much-as-you-do dept.

Security 148

Trailrunner7 writes "Source code and a private signing key for firmware manufactured by a popular PC hardware maker American Megatrends Inc. (AMI) have been found on an open FTP server hosted in Taiwan. Researcher Brandan Wilson found the company's data hosted on an unnamed vendor's FTP server. Among the vendor's internal emails, system images, high-resolution PCB images and private Excel spreadsheets was the source code for different versions of AMI firmware, code that was current as of February 2012, along with the private signing key for the Ivy Bridge firmware architecture. AMI builds the AMIBIOS BIOS firmware based on the UEFI specification for PC and server motherboards built by AMI and other manufacturers. The company started out as a motherboard maker, and also built storage controllers and remote management cards found in many Dell and HP computers. 'The worst case is the creation of a persistent, Trojanized update that would allow remote access to the system at the lowest possible level,' researcher Adam Caudill said. 'Another possibility would be the creation of an update that would render the system unbootable, requiring replacement of the mainboard.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

148 comments

Me go pee pee in your coke (-1)

Anonymous Coward | 1 year,19 days | (#43370323)

LOL. Never trust chinks.

Re:Me go pee pee in your coke (1)

fustakrakich (1673220) | 1 year,19 days | (#43370847)

No, never trust upgradable bios. Put the damn chip into a socket, and do upgrades by snail-mail... The internet will never be safe. Which is a good thing, because I don't want anybody telling me what I can upload or download.

Security Through Obscurity (5, Insightful)

Jeremiah Cornelius (137) | 1 year,19 days | (#43371169)

How can you trust what you can never see, or even know is there?

Thesis: Security requires trust.

You are not trusted to know these secrets, therefore you are not secured through their application.

The whole UEFI boondoggle is false security. Worse, this proves that it is vulnerability risk, sold under masquerade, as security.

Re:Security Through Obscurity (1)

fustakrakich (1673220) | 1 year,18 days | (#43371637)

The whole UEFI boondoggle is false security. Worse, this proves that it is vulnerability risk, sold under masquerade, as security.

The dogs are always hungry.. This is just part of the show.

Re:Security Through Obscurity (1)

sexconker (1179573) | 1 year,18 days | (#43372101)

How can you trust what you can never see, or even know is there?

Thesis: Security requires trust.

You are not trusted to know these secrets, therefore you are not secured through their application.

The whole UEFI boondoggle is false security. Worse, this proves that it is vulnerability risk, sold under masquerade, as security.

UEFI is a replacement for BIOS. It has many features that let us deal with hardware that BIOS couldn't provide. UEFI is not a boondoggle, nor is it about security.

Re:Security Through Obscurity (1)

fustakrakich (1673220) | 1 year,18 days | (#43372223)

Either way, something that can brick your machine so easily with software shouldn't be soldered to the board.

Re:Me go pee pee in your coke (1)

mattventura (1408229) | 1 year,18 days | (#43371873)

What some hardware does (not just motherboards) is it has a physical jumper which has to be closed in order to allow the firmware to be changed. No chance of malicious flashing of the firmware (unless someone has physical access, but then you've got bigger problems) but without having to ship firmware on chips.

Keys and source... (1)

idunham (2852899) | 1 year,19 days | (#43370341)

Any way this could be used to circumvent Secure Boot?

Re:Keys and source... (1)

HarrySquatter (1698416) | 1 year,19 days | (#43370377)

No.

Re:Keys and source... (3, Interesting)

Truekaiser (724672) | 1 year,19 days | (#43370595)

Actually, yes it can.
"“By leaking this key and the firmware source, it is possible (and simple) for others to create malicious UEFI updates that will be validated and installed for the vendor’s products that use this Ivy Bridge firmware,” "

It will allow those with secure boot, that is on and has no user visible way of shutting it off. Because every extra option in a uefi/bios costs system builders like dell and hp money. a way of disableing it by flashing a bios,uefi image with that option or it permanently set to off.

Re:Keys and source... (5, Funny)

Bacon Bits (926911) | 1 year,19 days | (#43371005)

It will allow those with secure boot, that is on and has no user visible way of shutting it off. Because every extra option in a uefi/bios costs system builders like dell and hp money. a way of disableing it by flashing a bios,uefi image with that option or it permanently set to off.

Did you write my stereo instructions in the 1980s?

Re:Keys and source... (2)

glrotate (300695) | 1 year,19 days | (#43371513)

Close, he wrote the instructions for your motherboard.

that's umpossible (0)

Anonymous Coward | 1 year,18 days | (#43371869)

the creation of an update that would render the system unbootable, requiring replacement of the mainboard.

what kind of loser doesn't have a JTAG interface?
must be some sort of Apple user.

Re:Keys and source... (4, Insightful)

DarkOx (621550) | 1 year,19 days | (#43371199)

It might do even better than that! You might be about to create a custom bios image; with the secure boot check deliberately broked to not actually check the boot loader is signed but still return attest that it was.

This could allow you to compromise the DRM all the way up the chain.

Re:Keys and source... (0)

Anonymous Coward | 1 year,18 days | (#43372579)

Neat! Now we won't be able to boot Windows as well as Linux! (Things might change now.)

Ok... this chould be bad. (0)

Cyberglich (525256) | 1 year,19 days | (#43370347)

This could be very very bad..

Re:Ok... this chould be bad. (1)

Anonymous Coward | 1 year,19 days | (#43370509)

And this also could be great. Like everything, 90% of firmware sucks. Unlike most other software, replacing the firmware usually isn't even close to an option, and I loathe almost every single hardware company as a result of this.

Re:Ok... this chould be bad. (1)

sveinungkv (793083) | 1 year,19 days | (#43370821)

Unlike most other software, replacing the firmware usually isn't even close to an option If you do some research [coreboot.org] before buying a new main board its a lot closer.

Re:Ok... this chould be bad. (1)

Junta (36770) | 1 year,19 days | (#43371303)

Of course, considering the selection of coreboot applicable hardware is extremely limited and mostly ancient...

Re:Ok... this chould be bad. (0)

Anonymous Coward | 1 year,18 days | (#43371689)

Indeed, I"ve wanted to try it for years, but I've never had a motherboard that was supported by it.

Re:Ok... this chould be bad. (4, Insightful)

briancox2 (2417470) | 1 year,19 days | (#43370571)

Bad? Part of the UEFI barrier for other OS's has just been Open Sourced.

And there was much rejoicing.

Re:Ok... this chould be bad. (1)

Anonymous Coward | 1 year,19 days | (#43370627)

No it hasn't. You're not going to be able to use this to bypass UEFI secure boot even on AMI hardware let alone it being applicable to hardware at large.

Re:Ok... this chould be bad. (0)

Anonymous Coward | 1 year,19 days | (#43370939)

Then why did we need secure boot in the first place?

Re:Ok... this chould be bad. (0)

Anonymous Coward | 1 year,19 days | (#43371237)

Sounds like it can be used to sign your own BIOS updates. And if you can sign your own BIOS updates, how does that not translate back to effectively bypassing UEFI? Sure, you're technically simply working within the system instead of going around it, but if it looks like a bypass, walks like a bypass, quacks like a bypass...

Re:Ok... this chould be bad. (0)

Anonymous Coward | 1 year,19 days | (#43371429)

...if it looks like a bypass, walks like a bypass, quacks like a bypass...

Then it must be a witch! Burn it [to EEPROM]

Re:Ok... this chould be bad. (1)

Billly Gates (198444) | 1 year,18 days | (#43372899)

Bad? Part of the UEFI barrier for other OS's has just been Open Sourced.

And there was much rejoicing.

Or a piece of malware will now sign itself and change the keys making it impossible to remove. It would be better totally unlocked otherwise. If the keys were in ROM where they could not be rewritten then yes there will be much rejoicing but who is to say the malware wont reimage itself in the UEFI and put another set of keys maybe randomly generated on the host?

Link? (5, Insightful)

visualight (468005) | 1 year,19 days | (#43370357)

I could care less about the security implications. Where's the link to the full key and source code?

Re:Link? (1)

Anonymous Coward | 1 year,19 days | (#43370519)

Something tells me the admin of AMISource.com [amisource.com] is about to have a bad day!

Re:Link? (1)

stafil (1220982) | 1 year,19 days | (#43371307)

Just out of curiosity I would love to have a look at their code. I am sure it will appear in piratebay soon.

Anybody knows if it is illegal to download it and have a peek at it?

Re:Link? (0)

Anonymous Coward | 1 year,19 days | (#43371397)

Who cares. Personally I believe it is morally right to look at code out of intellectual curiosity and that is all I need. You wont get caught illegal or not. And if you are paranoid there are way to acquire it without exposing your IP to a bitorrent tracker.

Re:Link? (2, Informative)

Anonymous Coward | 1 year,19 days | (#43370613)

THEN CARE LESS.
The phrase is "I couldn't care less", you troglodyte.

Re:Link? (0)

Anonymous Coward | 1 year,19 days | (#43370941)

Not necessarily. Having several systems with AMI BIOSes dating back to the early 1990s, I could care less about the security implications too. Not much less, seeing that none of them use UEFI, but I can't honestly say that I couldn't care less. I'm more interested in reading through the code.

Re:Link? (0)

Anonymous Coward | 1 year,18 days | (#43372917)

If OP couldn't care less, then he wouldn't have had enough care to post a comment. But he had just enough care to post, though barely. So while his level of care is quite low, it's not empty. If couldn't care less, then that would indicate his level of care is zero, but that would be false since he obviously had enough care to care to write a post declaring the level of care that he had.

Re:Link? (0, Flamebait)

Anonymous Coward | 1 year,19 days | (#43370665)

I couldn't care less about the security implications.

Seeg Hile or something or another for the Grammar Nazi salute!

*I use to get pissed at grammar Nazis. Until one day, someone in authority showed me a resume from someone who made a mistake much less than that one, and said "How can I hire someone who makes such stupid errors as that!?!"

Now, when a grammar Nazi corrects me, I just nod in appreciation or hold back my flames if they're a dick about it.

Things are so bad out there, they'll find any reason to dismiss you.

You may not have problems now or you're secure, but one day, it may matter.

When it was too late, I found out about some of my problems and issues - now, I'm unemployable and on wife support.

There's nothing more humiliating that being on wife support. Especially when you were making six figures.

Just telling you this because I don't want to seem like a dick or come across as someone who thinks "he's all that".

Re:Link? (0)

visualight (468005) | 1 year,19 days | (#43370705)

Roger. It's not an oversight or a mistake on my part. I prefer to say it that way.

I also sometimes say "I give a damn" too.

Because that's the way how I roll.

Re:Link? (1)

Bill, Shooter of Bul (629286) | 1 year,19 days | (#43370809)

Well, I couldn't care more about your off beet phrasing.

Re:Link? (1)

h4rr4r (612664) | 1 year,19 days | (#43371339)

I did not expect that level of frankness to turnip in a slashdot thread.

Re:Link? (0)

Anonymous Coward | 1 year,18 days | (#43371601)

I want to enjoy this thread, but I'm finding it chard.

Re:Link? (1)

bug1 (96678) | 1 year,18 days | (#43372905)

Well, I could care less about this those who couldnt care more, and couldnt care less about those who care more.

SO THERE !

Re:Link? (0)

Anonymous Coward | 1 year,18 days | (#43372271)

Well, expect to catch a lot of flak for sounding like an idiot, then.

I prefer to use blortz instead of "the" and blortz word froople in blortz place of "a."

Re:Link? (3, Interesting)

mjr167 (2477430) | 1 year,19 days | (#43370925)

There is nothing wrong with being on "wife support", assuming she can afford to keep you. Change your title to "home maker" and think of it as an opportunity.

My husband stays home with our kids building block towers and signing about the letter A all day. There is actually a growing community of stay at home husbands, and if you think about it, it is really the next logical step towards equality. If we want women to have the option to go out and earn a 6 figure salary, then we need to be willing to let men stay home and feel proud about it.

If you have no kids to raise, then take the opportunity to reinvent yourself. Start a non-profit. Make soda can sculptures that you can sell at your local craft show. Volunteer. These are the things we expected and praised women for doing and there is no shame in men doing them to.

So pick up your head, take pride in the fact that you have a loving, supportive wife, and turn this into an opportunity. The value of a man, or woman, is not measured solely by their income, but rather how they work to better others.

Re:Link? (0)

Anonymous Coward | 1 year,18 days | (#43372389)

Wut ? "Score:2, Troll"? - I know that it is normal nowadays to both be working, and I guess that having spent a lot of effort to get trained, it is frustrating to be denied the opportunity to use that training productively regardless of your gender..... but still in what way is this anything except true ?

Re:Link? (1)

Anon, Not Coward D (2797805) | 1 year,19 days | (#43370715)

From one of the features FA:

"I’ve contacted both the vendor involved and AMI to alert them to the issue. Obviously, I won’t be releasing the name of the vendor, the FTP address, or anything that was seen on the server."

Maybe we won't see it ever :(

Re:Link? (0)

Anonymous Coward | 1 year,19 days | (#43370757)

The name is out there if you know how to look, and the files are still there. Pandora's box has definitely been opened.

Re:Link? (0)

Anonymous Coward | 1 year,19 days | (#43371341)

Oh, so we should of course just trust you as well? If the files are still there, why don't you at least post the name of the vendor, if not the link?

Re:Link? (0)

Anonymous Coward | 1 year,18 days | (#43371703)

No, you should not trust me. You're supposed to learn how to look. Exploits used to be published with small deliberate coding errors in them to prevent script kiddies from just compiling and running them. Handing dangerous stuff to people who haven't gained the corresponding knowledge used to be known as a bad thing. So I won't tell you.

Re:Link? (1)

fustakrakich (1673220) | 1 year,19 days | (#43370945)

We shouldn't believe him then. The old 'tits, or GTFO' applies. In fact, it sounds like attempted extortion.

Re:Link? (0)

Anonymous Coward | 1 year,19 days | (#43371415)

I didn't read a part where he was threatening AMI with release of all the sensitive material unless they paid him a wealthy sum or offered him a prestigious job in exchange for keeping this quiet. Maybe you can help me find it?

Re:Link? (1)

fustakrakich (1673220) | 1 year,18 days | (#43371663)

Yeah, that's right, he's going to post a threat online.

Gee, that's a nice BIOS you get there. It'd be a shame to see anything happen to it.

Re:Link? (1)

Anonymous Coward | 1 year,19 days | (#43371321)

*ahem* http://www.mmnt.net/db/0/0/ftp.jetway.com.tw

Re:Link? (1)

Anonymous Coward | 1 year,18 days | (#43371891)

http://pastebin.com/LFGhmfS9

Better Writeup (1)

bill_mcgonigle (4333) | 1 year,18 days | (#43372667)

This has the link, but that'll do you no good [virustracker.info] at this point.

In related news, I'm more interested in buying an AMI motherboard now. Especially one with CoreBoot flashed over it.

Re:Better Writeup (1)

Billly Gates (198444) | 1 year,18 days | (#43372943)

So you are more interested in purchasing something malware writters who now know the keys to sign their malware as a rootkit making it impossible to remove?

North Korea to use AMI motherboards (0, Troll)

Anonymous Coward | 1 year,19 days | (#43370449)

To mint trillions of counterfeit dollars to buy nuclear warheads from the republic of bitcoinistan.

You are fucked americans, very fucked.

I hope you put a HOSTS file in your secure boot sector.

Predicted (0)

Anonymous Coward | 1 year,19 days | (#43370491)

I predicted a few years back that because of all this crazy DRM stuff eventually you'd get a virus that would require you to throw out your computer.

linux in bios just got even easier (1)

Anonymous Coward | 1 year,19 days | (#43370493)

Besides all the gloom and doom, I can see a use case for this. someone tell coreboot.org? it would make updating your (ami)bios with embedded linux a bit simpler, eh?

There's so much "I told you so" in this... (5, Insightful)

Meshugga (581651) | 1 year,19 days | (#43370561)

...it's not even funny.

Re:There's so much "I told you so" in this... (5, Funny)

Anonymous Coward | 1 year,19 days | (#43370689)

C'mon, it's a little funny.

Like? (1, Insightful)

Sycraft-fu (314770) | 1 year,18 days | (#43372247)

What did you "tell them"? Since you didn't elaborate I fail to see what you are going for or how this is insightful.

I can only guess this is something along the lines of the people crying about "Waaaaa security through obscurity!" in which case I want to hear their solution to code signing/verification on a system that doesn't involve a secret private key. You might note that public/private key signing is how Linux distros secure and verify their application distribution services.

Why is only the worst case is mentioned? (1, Insightful)

Anonymous Coward | 1 year,19 days | (#43370639)

Why is only the worst case is mentioned? This can actually be good and help projects like coreboot support more hardware. Or maybe someone will make opensource fork of their firmware as there is a lot to improve in current uefi implementation.
As for the viruses I don’t think even with the signing key we will not see many bios viruses as it is really hard to write that actually does anything beside bricking the hardware. And on most systems it is impossible to update bios after the os is loaded.

you can flash in windows (0)

Anonymous Coward | 1 year,19 days | (#43370725)

you can flash in windows

Re:you can flash in windows (0)

Anonymous Coward | 1 year,19 days | (#43370779)

Not always. In most bioses you can set the lock that prevents from flashing until you boot into bios and disable it.

Re:Why is only the worst case is mentioned? (0)

Anonymous Coward | 1 year,19 days | (#43370825)

The coreboot people will not look at this, but of course everybody will imply that they did if they successfully reverse engineer something. This makes life harder for them, not easier. The crooks on the other hand will have absolutely no qualms about using this against their victims. Of course that's the story here: The complete and utter failure of a flawed security design. The E in UEFI is what's wrong, and the lack of jumpers that turn off write capability to the firmware *in*hardware*.

So much for SecureBoot (1)

the eric conspiracy (20178) | 1 year,19 days | (#43370651)

What a waste of time.

Re:So much for SecureBoot (2, Insightful)

Anonymous Coward | 1 year,19 days | (#43371211)

There is nothing wrong with SecureBoot, and in fact is a good idea. The problem is security by obscurity. Current SecureBoot implementations are just hoping you never discover the private key. A CORRECT way to do it is to allow custom keys to be loaded by people who have physical access to the machine. If you want Windows to be booted, you load their public key into your secure boot list. If you want to also boot Fedora/Ubuntu/Debian/Redhat, you install their public key. If you want to install a custom Linux, you generate a keypair, sign the binaries, and load the public keys.

Prove it!! (0)

Anonymous Coward | 1 year,19 days | (#43370663)

This is just scare mongering!

Doh (1)

MugenEJ8 (1788490) | 1 year,19 days | (#43370683)

'The worst case is the creation of a persistent, Trojanized update that would allow remote access to the system at the lowest possible level,' researcher Adam Caudill said. 'Another possibility would be the creation of an update that would render the system unbootable, requiring replacement of the mainboard.'

It's safe to assume the latter, as malware commanders don't want the computer offline or under scrutiny. Just give them another vector to attack and easier ways to cover up the bot.../p

It is designed to be "secure" pain in ass. (0, Offtopic)

boorack (1345877) | 1 year,19 days | (#43370787)

This shows what a frickin fiasco is this UEFI Secure Boot crap. It was designed by Microsoft as a DRM-like lock-in tool for their Windows OS and it shows DRM-related problems again and again. TPM chips are around for years and are capable of solving all problems Microsoft promises to "fix" with this UEFI-secure-DRM-windows-only-Boot crap. In my opinion it qualifies as abuse of monopolistic power and should be prosecuted as such. I'd expect a lot of PC vendor arm twisting evidence to show up if such prosecution would ever take place. And BTW, please don't reply to me with "any OS vendor can request a key from Microsoft" or "any vendor can request hardware vendors to install its key" crapola. These are just lies spewed around by Microsoft stooges and paid trolls. They already abused dominant position in key distribution (just before last Christmas season) and they'll do it again and again anytime it fits them. The only sensible solution would be to force Microsoft and hardware vendors to abandon this flawed standard using antitrust measures or other means.

Re:It is designed to be "secure" pain in ass. (2)

Gadget_Guy (627405) | 1 year,19 days | (#43371477)

The basis of your whole rant was that Microsoft invented this technology, but you were wrong. I suggest that you go read up on [wikipedia.org] the UEFI [uefi.org] before you start making these sorts of proclaimations. The standard was originally developed by Intel, not Microsoft, and they contributed the initial version to the UEFI Forum (which includes reprentatives from ten other companies other than Microsoft on their board).

I have no doubt that you will consider me to be a "Microsoft stooge" for pointing this out.

Re:It is designed to be "secure" pain in ass. (0)

boorack (1345877) | 1 year,18 days | (#43372003)

The basis of my rant is that this technology is a DRM, causes problems for all non-MS participants, Microsoft controls this technology (by controlling key distribution) and Microsoft has already abused its control. All conveniently omitted by you. Regarding UEFI itself: yes, Intel designed original version of it but it was Microsoft who forced additional requirements [ozlabs.org] that made Secure Boot such a pain. So I still think that anyone supporting this broken standard either misguided or is a liar. Should I add "useful idiots" to my list of "Microsoft stooges" and "paid trolls" ?

URL, plz? kthx (0)

Anonymous Coward | 1 year,19 days | (#43370833)

If there's no downloadable version, it's not LEAKED.

ftp.asus.com.tw (1, Funny)

Anonymous Coward | 1 year,19 days | (#43370953)

"I’ve contacted both the vendor involved and AMI to alert them to the issue. Obviously, I won’t be releasing the name of the vendor, the FTP address, or anything that was seen on the server."

If Adam Caudill won't disclose it then I will.

ftp.asus.com.tw [asus.com.tw] (which is currently down)

Implication to secure boot... (5, Interesting)

philipmather (864521) | 1 year,19 days | (#43370969)

Assuming for a moment that the validity of this key is confirmed independently then any further question about the technical feasibility of using this to sub/pervert a Secure Boot arrangement is moot when you consider the deeper and more practical implication which is that you can't trust a major motherboard vendor to keep a signing key properly secured. Secure Boot is dead, long live security.

Implication to secure end users. (0)

Anonymous Coward | 1 year,18 days | (#43371857)

Considering all the malware, botnet, viruses, spyware, etc, etc, I'm not sure we can claim the end user is any better when it comes to security.

Re:Implication to secure boot... (1)

Sulphur (1548251) | 1 year,18 days | (#43371877)

Assuming for a moment that the validity of this key is confirmed independently then any further question about the technical feasibility of using this to sub/pervert a Secure Boot arrangement is moot when you consider the deeper and more practical implication which is that you can't trust a major motherboard vendor to keep a signing key properly secured.

Secure Boot is dead, long live security.

All hail our Moot Boot overlords.

magnet link (1)

Anonymous Coward | 1 year,19 days | (#43370983)

magnet:?xt=urn:btih:bd8b50ebfc73b4f0ea53bda4f7f6a1861b1eb19c&dn=leaked%5Fbios

Re:magnet link (0)

Anonymous Coward | 1 year,18 days | (#43373205)

You are awesome, thanks for this!

Just sayin... (0)

Anonymous Coward | 1 year,19 days | (#43371093)

Just sayin... if I found that, would have kept it to myself

Ha Ha Ha HA! (0)

Anonymous Coward | 1 year,19 days | (#43371213)

This was no accident, and I can pretty much guarantee that in writing or your private signing key back (IMHO)!!!

Well, secure boot in no longer secure!!!!

What a croc!

CAPTCHA = 'violate' -- I kid not, it really was that!

Two years (2)

ThatsNotPudding (1045640) | 1 year,19 days | (#43371387)

I'm hoping we're about two years away from a real PC motherboard initiative along the lines of Raspberry PI. Wouldn't that be nice? A motherboard that isn't infected with vulnerable OEM black boxes and proprietary BS code and OS lock-in?

More specific details (1)

Anonymous Coward | 1 year,19 days | (#43371431)

Posting as AC for hopefully obvious reasons. I discovered the server while Googling for some obscure AMD datasheets and passed the information off to Mr. Wilson. Not going to provide the exact domain name of the server, but it's operated by Jetway.

In addition to this BIOS code, it contains what appear to be full design files for a few motherboards (Gerbers, schematics, test software) and a number of datasheets (with prominent CONFIDENTIAL watermarks) for chips made by Nvidia, Intel, Atheros, Realtek and others.

Re:More specific details (0)

Anonymous Coward | 1 year,18 days | (#43371765)

Cool story bro.

AMI sucks (0)

Anonymous Coward | 1 year,18 days | (#43371653)

Now everyone can see, on actual source level, just how much AMI's firmware sucks.

Custom Firmware? (4, Insightful)

CrimsonKnight13 (1388125) | 1 year,18 days | (#43371759)

Would it be possible that more ambitious/less sinister programmers and/or modders could create a highly customized firmware or BIOS that allowed for more options? I guess I see a positive outcome to any leaked source code rather than the negative weaponry most people imagine.

Re:Custom Firmware? (1)

mrand (147739) | 1 year,18 days | (#43373073)

Possible? Yes. Likely? That's somewhat less clear.

Did it include the build environment also, or just the raw source? Does the source match up with your chipset VERY closely (if not, do you have long road ahead)?

When compiling a Jasper Forest BIOS for example, there is:
1. Source for the Jasper Forest family of CPUs (which is different than the source for all other familes)
2. Source for any BIOS-supported ICs on the system which differ from Intel's reference design (perhaps you have a different super I/O, for example?)
3. A configurator which sets a ton of build options #define's. It has an integrated compiler as well
4. An Intel BIOS packaging tool which adds a few Intel proprietary things

The only one that I would guarantee to be universal is is #1: Different BIOS source for the different families of CPU's.

          Marc

Re:Custom Firmware? (1)

CrimsonKnight13 (1388125) | 1 year,18 days | (#43373137)

I appreciate the insight. I wasn't sure if the source was a generic AMI base or a more specific firmware/BIOS build for a single motherboard.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...