-->

Tuesday, August 3, 2021

BIOS (and stuff)




TLDR: No need to install a "beta" unless there's some Zero-day catastrophic hole in the fabric of BIOS...(omg)
But if there was (if there *is*) they're keeping very quiet about it.
No (wipes brow) this appears to be some CPU-support-thing (maybe)


https://www.reddit.com/r/MSI_Gaming/comments/p0wche/agesa_1203c_bios_for_msi_x570b550_boards/


 I can't write an intro to this next trivial entry, I have no situation to compare it...

Maybe your homeowner's association has decreed that all houses which used to be Ivory shall  get an Ecru paintjob in future renovations...in other words, if you need to paint your house, you can no longer use ivory.

You know (in your head) the logistics, the paradigms, the terminology.

(It's a bitch painting a whole house)

Consider the lonely BIOS in a typical dusty PC.

Well, no, that's not even right, because most dusty PC's (laptops mostly) won't allow the user to change any settings. Really cheap DIY PC's are similar, having only a basic set of settings
such as which drive to try to boot from.

And then there's *my* PC, which (to compete with Asus) has six zillion settings,

and most of them default to glacial-speed.

And you'll hear guys saying you can save the settings, but *MY* PC turns up its nose at settings,
 "They're soo last month" it says.

Trust me, it really says that.

For around six months, every month, they change something, I implement the change, and then spend hours tweaking BIOS settings that marketing has decided should be filled with folderol and quaintness, curiosity and lore.

Take for example the section about it choosing whether to boot from a built-in video ("APU") to my motherboard, which has none, or to a video card.
And every time it boots, it briefly gives the message, "VGA error".

But if I actually *bought* an APU there would be no place to plug in a monitor, they didn't add the plug.

So, *why* is BIOS asking me to choose an internal video, which it doesn't have and never could?

Multiply that paradox by maybe 30 more settings so arcane, so buried, only someone searching for ways to install "windows 11" would even bother to look at them.

"USB improvements," they tout.
But my USB works fine *now*, I think (I'm pretty sure.)
So I'm not a *confident* BIOS-of-the-month user, I wonder whether to change it, while common sense tells me, it's a bitch painting an entire house. Maybe forget it this time.


Much older posts making more sense (they actually tested stuff)
And my PC already runs at 3600.
So, not confident, reticent.
Not reactionary, just circumspect.
(Fucket)

If they were updating security to foil hackers, I don't suppose they'd announce that, and that is the reason I'm being all waffly. Reference https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-uefi-wsmt
(edit: also, you go and enable the full power of Paranoia in windows and THEN try to upgrade your bios,
Imagine a very pissed-off cat inside a bag):
Couldn't we just let sleeping pissed off cats lie? (I gotta go look up the damn bromide now)


Re-reading this, I think I've confused SMU with SMM.
I still don't know what a SMM is, but I'll have to re-edit this.
Later. (*yawn*)


(SMM) security, soo last year




Yeah butt...there must have been at least one blackhat conference since then.


The Hackers, being older, wiser and having more bitcoins, might have found a way to get around the SMM-workaround.

The question stands: If there were security-improvements in a BIOS update, would they say so??

So, ignoring the bugs and the mess, and the accidental keypresses from killing tiny bugs,
uhm,
The "Device security" has perked up on my system!
I wasn't checking it, the thing said I was unworthy so I left it alone to wallow in its pedantic glory.
But today, while searching for a setting, it was there so I clicked it.
I wasn't expecting much, but I was pleasantly surprised (bless its heart)
It says I'm being good and faithful (isn't that special)

I am still not clear (very unclear, freaking *opaque*
on the differences between a TPM and a security key.
I have both (buffs nails) but wouldn't one be as good as the other?
I...mean...
if I REEEly want to protect my data from the shoulder-surfer....uhm....
OK I've proven in the past (I think) that if someone can grab my password or my PIN, they can totally bypass the key.
OK the key is pretty damn-near useless...the TPM only locks me into my motherboard, so if I get another one, I'd need to install windows and beg for a license,,,,,,.....
OK too many variables. Keys do nothing.
TPM's are a licensing-thing.
Maybe they should stick the TPM+Key into a keyboard I could lock up.
The shoulder-surfer's only option then would be to destroy the keyboard, maybe launch hordes of bugs at it...

No comments: