Tianocore updates Security Advisories

Previously, the advisories were in PDF format. There were 2 advisories, each PDF contained a number (19?, I forget) of issues. Now, they’ve moved to Github-hosted content using Gitbooks.

I’ve not yet checked if there are any NEW advisories in the new content.


Tracking Intel BIOS and UEFI updates

Here’re two resources that you should be tracking, if you care about firmware security. In addition to OEM-specific sites, these are very useful to track updates in UEFI- and Intel-based systems:

1) TianoCore Security site, advisories, and list:

The Tianocore Security site has UEFI security vulnerability information impacting most UEFI-based vendors, including non-Intel vendors like ARM. The data is released as PDFs, and announced on their list. Tianocore doesn’t use NIST SCAP CVEs, look for these PDFs instead.

2) Intel Security Center site, and list:

The Intel Security Center site has BIOS/UEFI security vulnerability information impacting Intel-based systems. The data is released as web pages, and announced on their list.

Someone from your IT department should probably be subscribed to these mailing lists, and watch these lists and content for updates that may impact their systems.