Intel Security Issue Update: Progress Continues on Firmware Updates

I have seen a few comments on folks not being comfortable with flashing BIOSes, and I have debated for a while whether to make this post. I do not, in any way, manner, or form, want to berate anyone for their decision on whether to flash or not, but just wanted to relate a bit of experience and some advice to help make the decision a bit easier. Again, take this as helpful advice and nothing more - and do so what you will with it.

I know that a lot of people have listened to the warnings and read the horror stories, but I'd like to relate my own personal experiences.

I started getting into computes at age 12 (FWIW, I'm turning 48 in a month). My first semi-real PC was a TI 99-4/A (well, real enough that it had a BASIC cartridge on which I started learning BASIC). After that was a Tandy 1000 EX (built in 360K 5¼" floppy, with an external drive of same capacity). At one point the BIOS got fried because something metal fell into the computer while it was on directly onto the the expansion card pins, frying it - and my Dad had to pay to have the BIOS chip replaced.

The next computer I got was a Gateway 2000, 486 SX/25 based machine, also with a removable BIOS. The motherboard was set up to run in either increments of 20 MHz or 25 MHz, and replacing the BIOS (myself, this time) could not change that, so even when I plugged in a 486 DX2/66 CPU it still only ran at 50 MHz. And that motherboard only supported up to 32 MB RAM< which we started out with 8. I finally did get up to 32, but it became unstable. And this was with a pair of Conner HDs, a 425 MB and an 850 MB (which for some very odd reason, only worked when plugged in as a slave or master on the same IDE as the 425, or else solo - it would not work correctly with any other HD on the same IDE cable - ever).

Shortly after this, I started taking classes as a local community college (now its own full fledged university!) and I quickly got work study in the Computer Lab - where I played with all sorts of hardware. I even replaced the cache on several older 386 boards that we were going to set up as dumb terminals to have a computer-based study and testing for the Nursing Program that was gearing up. One of those machine I had accidentally popped in one of the cache chips backwards (notch side facing opposite direction, which, in my defense, was mostly my fault, but that notch was much less prevalent than older generation cache, and a black mark, such as from a Sharpie, confused me because I didn't scrutinize it as I should have). Powered on the machine, an there was a loud pop and sizzle, and I immediately yanked the power cord. Checked, found the mis-aligned cache re-aligned it correctly, crossed my fingers, powered it on, did a double memory check and hardware checks, then installed the UNIX OS that was being used to make it a DT.

And since that job, I've worked for many different companies, from a regional ISP to IBM Global services, and I have probably flashed or replaced something on the order of 500+ (I am not kidding - when you see the list below, you'll be able to agree with me that this is not an exaggeration at all) firmware (not even counting my Android phones since 2009). TBH, I am moderately sure that the number is approaching, if it hasn't already surpassed, 1K devices flashed.

Other than the 2 incidents listed above, I've never had a flash go bad. Not BIOS, not HD firmware, not CD / DVD / BD ROM / RW firmware, laptop, graphics cards (yes, even those can be flashed), not other peripherals, such as printers, switches, firewalls, routers, modems (of the dial-up variety, never performed on a broadband modem), touch-pads, digitizers, even televisions, digital cameras, DVRs, security camera appliances, even older mice and trackballs, even my 2 different UPSes. Not once.

But I'm not just blindly / randomly flashing items, either. I do it with a purpose, for a reason, n9t just to have the latest and greatest (OK, not always to have the latest and greatest, but with my phones, well, that is a slightly different story, and I've subjected them to the Android ßeta program numerous times specifically to have the latest and greatest ASAP.

To flash firmware successfully, there are several keys items to remember:

1) Make sure your hardware connections are solid and secure - by this, I mean that if you use wiring to connect, the wires are not shoddy, they're in good to excellent condition (and if you have been using the same wire for a long time already, find / buy a new one). Similarly, where those wires plug into - the ports, whether USB, or Serial, or even (heaven forbid) parallel or SCSI - are all in good condition. make sure that the device itself is in good condition, not only ports, but also working - I've loaded firmware onto a few bad devices in hopes of being able to fix them, with moderate success - some HDs are just not fixable (or, at least, without a full board replacement). But for updating existing, good hardware, you still need to make sure everything is working from the point of reading the device all the way through to the end of the flash, and that means everything in between.

2) Make sure you have ample power to conduct it. For devices that have their own power supply, such as desktop computers, external optical drives, etc., make sure you have a UPS to plug them into that is fully charged. The reason is quite simple - I'll wager that more than 75% (and honestly, I believe that more than 90%) of the horror stories of flashing gone bad that was not directly related to bad hardware was, in fact, related to poor power, whether it is from brownouts, voltage spikes, or whatever else anomalies you get from line voltage. I cannot stress this enough - even peripherals, like printers and scanners, or connectivity equipment like routers, firewalls and other security appliances, should be plugged into a UPS. And for you home users, your desktop computers should be as well - as should your other high end electronics (for many reason, too many to get into here). For laptop users, you get a (sort of) out here, in that all you have to do is make sure that you're plugged into reliable line voltage power AND that your battery is fully charged (just in case line power does die, fizzle, brownout, or present some other sort of anomaly). Do note that even when I flash my Laptop BIOSes, though, I have the power cord connected to my UPS - as a sort of double (redundant, I suppose) backup.

3) Follow the instructions explicitly. Don't skip steps, and don't try to be creative - no matter what some bloke on the Internet says to the contrary.

4) Remember, it is not magic. There is still an infinitesimally small chance that something could go wrong - but this is the same chance that exists that something could go wrong in your everyday use of the device. I am not kidding - it is the same percentage chance that something could go wrong when flashing as when you're using it normally. That's because, if you follow the above guidelines, you've eliminated just about every variable that can increase the chances of failure when flashing - and all you're left with is the so-called 1 in a million chance of something going stupid for some inexplicable reason - and that is the same chance as something going stupid for some inexplicable reason when you use the device.

5) A good rule of thumb (which is not always included with the instructions) is to reset your firmware settings after flashing. A better rule of thumb is to reset, flash, then reset again. The reason is quite simple - if the firmware does not store the settings in the same area as the firmware itself (highly unlikely, but stranger things have happened) then it may try to load those settings for items that not longer exist / have been moved in your current firmware, and this can lead to all sorts of idiosyncrasies that take a long time to troubleshoot. (TBH, though, well over 1/2 of my flashes have been without resetting - mainly because I know which devices I can flash without the need to reset (and I know when I do actually need to reset) but also because a good number of the devices I have flashed are non-interactive firmware - i.e. there are not settings associated with them, as there are in the BIOS.

It's not rocket science. And in this day and age, I'd guess that nearly everyone on the face of the planet has had experience flashing something already (go back and look at my list above in case you think you haven't - routers use firmware, as do smartphones, tablets, etc. which is the same principle as flashing the BIOS on a computer (laptop or desktop), even if it has been completely automated (particularly like our smartphones are), or mostly automated (as most router firmware is - you have to log in, and find the admin area where you can check for updates, but once it finds the update, it usually proceeds with minimal user intervention).

Remember, again, I have been doing this since before software-assisted flashing existed - I was replacing the BIOS chips myself in the beginning. So, I hope this helps alleviate some of the stigma associated with BIOS flashing (specifically, and firmware flashing (in general).

HTH

AMDMan2016 said:

Good Info there, i need to actually afford updated UPS Devices for my systems here, one in use on main Desktop from 2006 i think, 2001 for other one with replacement battery. As for my laptop always on AC power if i'm flashing any bios or firmwire update, just safer and always make sure the battery is fully charged before starting.

I recently replaced my UPS - I had an aging 1500VA server class UPS (I don't play with power protection) that started going bad, even after I bought a new (third replacement set) of batteries for it - about 2 years ago, I think. And I replaced it with another from the same family, albeit a lot newer.

In contrast, my desktop CPU is 10+ years old, my entire rig was originally slapped together in 2011, and I've updated parts piecemeal here and there, but same mobo, CPU and RAM since the beginning.

My Rationale - no way in Hades am I buying / building a new machine without a working server class UPS in place first. I'd rather make the $500 investment now than build a new machine for $1500+ and have it all wiped out in a single nanosecond before UI had saved the money up for a new UPS.

As for the laptop - yeah, mentioned that. Even to the point of plugging the laptop int the UPS for redundant backup lol.

As I highlighted in your response - always a critical factor.

I keep my desktop, laptops, modem, router, switch and both monitors plugged into mine. Even then I can get ~15-20 minutes of time before it starts hitting low battery and PowerChute starts shutting down my laptops, then my desktop.

That, BTW, is the best thing about APC - the PowerChute software and the ability to cleanly shut your machine down in the even of an extended power outage - so that it isn'y abruptly turned off. And the fact that they have made it available for use with consumer UPSes as well as commercial UPSes is pretty awesome. The downside - last update to he software was, what, 2013? lol.

I have probably only flashed about a dozen and a half BIOS altogether. One (Dell) went south on me. I've been gun shy ever since.