Intel TXE 3.0 security update??

Quoting an article from

MSI adds latest Intel TXE 3.0 security update

In order to avoid severe security vulnerabilities for the platforms, MSI motherboards now support the latest Intel Trusted Execution Engine (TXE) 3.0 for safer system protection. According to recent Intel comprehensive security review, security vulnerabilities are identified and could potentially allow attackers to gain unauthorized access to platforms features, secrets and 3rdparty secrets protected by Intel TXE. Therefore, Intel has validated and released Intel TXE 3.0 updates to address the encountered security situations. Currently all MSI 100,200 and 300 series motherboards are supporting the newest Intel TXE 3.0 by updating to the latest BIOS and installing the latest software updates. MSI always places strong emphasis on security and anti-hack issues to makes sure all MSI motherboard users are operating under the most secure circumstances. MSI will continue to provide additional updates if necessary to ensure maximum platform security protection for users.[…]

[ Update: my last paragraph was wrong, removed. see Comment by reader. :-). ]

Alex at Black Hat: Where the Guardians of the BIOS Are Failing

Black Hat Vegas: Where the Guardians of the BIOS Are Failing
By Alex Matrosov
In our upcoming Black Hat Vegas talk, we will summarize our research about the UEFI firmware protections and our newly-discovered security problems. This talk raises awareness of these security challenges for hardware vendors, BIOS-level security researchers and defenders, and sophisticated stakeholders who want to know the current state of UEFI exposure and threats. The situation is serious but, with the right tools and knowledge, we can prevail.[…]

Analysis of MSI’s NTIOlib

MSI ntiolib.sys/winio.sys local privilege escalation:
So, it seems that not only ASUS drivers allows unprivileged reading and writing to physical memory. Just a few months ago I was looking at the drivers that are loaded on my machine, and I found small MSI driver called NTIOLib_X64.sys. Out of curiosity I’ve looked at it in IDA and it turned out that it has almost the same functionality as the ASMMAP/ASMMAP64 ASUS drivers. I’ve tried to contact MSI through various different channels, but I haven’t really get past their customer support, so I’m not sure if anyone from the development team is aware of this design flaw. After almost 4 months I decided to publish my findings here. […]

Gamer perspective of UEFI diagnostics

There’s a review of a new MSI system on Gamers Nexus by Steve Brooke. I enjoyed his comments on the usability issues with UEFI diagnostics the OEM/IBV provided, including last comment from gamer perspective on lack of need of TPM. 😦 I have yet to find a hardware reviewer that includes information from CHIPSEC, showing if the machine is shipped with known firmware vulnerabilities. 😦

The UEFI board explorer is probably one of MSI’s best features. It’s nothing particularly exciting to experienced builders, but makes for excellent usability and education for newcomers to PC building. Board explorer detects mice, some keyboards, video cards, and other devices, and accurately reports which port they’re plugged into on the board. This makes it easy to see which slots are utilized and what devices are using them.

The Hardware Monitor is probably where we spend most of our time in testing. Hardware Monitor offers basic reporting on the PC’s status and specs, with fan speed, boot, and low-level configuration and controls. The graphical display of fan curves in MSI’s B150A UEFI provides a click-and-drag interface for adjusting fan speed vs. temperatures with smooth input. This somewhat resembles host-level software curve creation, but at a lower-level. We’d really like to see this functionality expand to liquid cooler pump motors so that we can read-out RPMs of CLCs. We’d also like to see breadcrumbs added to UEFI to offer a path->to->current navigation. Regarding temperature accuracy, using our thermal measurement equipment, all thermals appear accurately represented within BIOS.

One thing that’s a little useless: The voltage level graph, which reports vCore and other voltages, has no scale – so it’s just sort of randomly illustrated bars representing an ambiguous, undefined voltage level. Might as well get rid of the graph and just read-out numbers, in that case.

Overclocking profiles are pretty straight-forward for what you’d get on a B-series motherboard. Users can save and load via ROM and USB, which is great for backups and testing, but that doesn’t make it any more in-depth – OCing is still locked. It’s not a Z-series board, so the best we can get is forcing Turbo. Overclocking profiles are “normal” and “expert,” and can perform some modest RAM timing and overclocking control alongside the forced Turbo. Voltage adjustment is present in the event that the forced Turbo needs more power to stabilize, though that’s unlikely.

We saw that Thunderbolt is in the UEFI menu, but without any Thunderbolt ports on the motherboard. Asking MSI about this, we learned that the menu support exists for Thunderbolt add-in cards.

TPM and basic security features exist for business users, though why they’d buy a “gaming” board is questionable.!/ccomment