BIOS security updates LGA 1151 - Intel Core processors 6th and 7th generation
The following table shows available UEFI firmware/BIOS security updates for LGA 1151 (Skylake & Kaby Lake) motherboards from Thomas-Krenn. In the columns of the table security flaws are listed, which require UEFI firmware/BIOS updates. For each mainboard it is noted whether an update is already available for the respective vulnerability. Information about other mainboards can be found in the article BIOS security updates.
In the case of security flaws that affect the CPU microcode (e.g. Spectre or L1TF), the microcode can in many cases also be applied alternatively via the operating system.
LGA 1151 - 6th & 7th Gen
- Processors: Skylake (6th Generation Intel Core Processor Family) / Kaby Lake (7th Generation Intel Core Processor Family)
- SPS version: 04.01.*
- ME version: 11.8.*
Security updates from 2022
The table below lists the security updates released as of 2022.
Security update | 2022.1 IPU INTEL-SA-00601 INTEL-SA-00613 INTEL-SA-00614 INTEL-SA-00616 INTEL-SA-00617 |
---|---|
Update Microcode | yes |
Update SPS | under investigation |
Update Platform Sample / Silicon Reference firmware | under investigation |
Update BIOS ACM firmware / SINIT ACM firmware | yes |
ASUS P10S-I | affected, Microcode update necessary |
ASUS P10S-M | affected, Microcode update necessary |
Supermicro X11SSH-F | BIOS 2.8 (in development) |
Supermicro X11SSH-LN4F | BIOS 2.8 (in development) |
Supermicro X11SSH-TF | BIOS 2.8 (in development) |
LES network 6L (CPU soldered) |
affected, Microcode update necessary |
LES network+ (CPU soldered) |
affected, Microcode update necessary |
LES industrial v2.0 | affected, Microcode update necessary |
LES industrial | affected, Microcode update necessary |
LES plus v2 (CPU soldered) |
affected, Microcode update necessary |
LES plus | affected, Microcode update necessary |
JNF594-Q170 | affected, Microcode update necessary |
Security updates until 2021
The table below lists the security updates released through the end of 2021.
Security update | 2021.2 IPU INTEL-SA-00528 INTEL-SA-00562 |
2021.1 IPU INTEL-SA-00442 INTEL-SA-00459 INTEL-SA-00463 INTEL-SA-00464 INTEL-SA-00465 |
2020.2 IPU INTEL-SA-00381 INTEL-SA-00389 INTEL-SA-00391 |
2020-09-08 INTEL-SA-00347 INTEL-SA-00356 INTEL-SA-00404 |
2020.1 IPU INTEL-SA-00295 INTEL-SA-00320 INTEL-SA-00322 |
2020-01 INTEL-SA-00329 |
2019-12 INTEL-SA-00289 INTEL-SA-00317 |
2019.2 IPU INTEL-SA-00220 INTEL-SA-00241 INTEL-SA-00254 INTEL-SA-00270 |
2019.1 QSR INTEL-SA-00213 INTEL-SA-00223 Microarchitectural Data Sampling - ZombieLoad INTEL-SA-00233 |
2018.4 QSR INTEL-SA-00185 INTEL-SA-00191 |
Intel ME, CSME, SPS und TXE INTEL-SA-00125 INTEL-SA-00141 INTEL-SA-00142 |
Spectre V3a and V4, Foreshadow L1 Terminal Fault INTEL-SA-00115 INTEL-SA-00161 |
Spectre Variant 2 INTEL-SA-00088 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Update Microcode | yes | yes | yes | under investigation | yes | yes | yes | yes | yes | - | - | yes | yes |
Update SPS | under investigation | yes | yes | under investigation | yes | - | - | yes | yes | yes SPS >= 4.00.04.383 SPS >=4.01.02.174 |
yes | - | - |
Update Platform Sample / Silicon Reference firmware | under investigation | under investigation | under investigation | under investigation | under investigation | - | - | yes | under investigation | yes | - | - | - |
Update BIOS ACM firmware / SINIT ACM firmware | under investigation | under investigation | under investigation | under investigation | under investigation | - | - | yes | ? | ? | ? | ? | ? |
ASUS P10S-I | under investigation | affected, Microcode and SPS firmware update necessary | affected, Microcode and SPS firmware update necessary | under investigation | BIOS 4602 | affected, Microcode update necessary | BIOS 4602 | BIOS 4503 | not affected | not affected | BIOS 4503 | BIOS 4401 | |
ASUS P10S-M | under investigation | affected, Microcode and SPS firmware update necessary | affected, Microcode and SPS firmware update necessary | under investigation | BIOS 4602 | affected, Microcode update necessary | BIOS 4602 | BIOS 4503 | not affected | not affected | BIOS 4503 | BIOS 4401 | |
Supermicro X11SSH-F | BIOS 2.7 (in development) | BIOS 2.6 (test pending) | BIOS 2.5 | not affected | BIOS 2.4 | BIOS 2.3 | BIOS 2.2a | not affected | not affected | BIOS 2.2 | BIOS 2.1a | ||
Supermicro X11SSH-LN4F | BIOS 2.7 (in development) | BIOS 2.6 (test pending) | BIOS 2.5 | not affected | BIOS 2.4 | BIOS 2.3 | BIOS 2.2a | not affected | not affected | BIOS 2.2 | BIOS 2.1a | ||
Supermicro X11SSH-TF | BIOS 2.7 (in development) | BIOS 2.6 (test pending) | BIOS 2.5 | not affected | BIOS 2.4 | BIOS 2.3 | BIOS 2.2a | not affected | not affected | BIOS 2.2 | BIOS 2.1a | ||
LES network 6L (CPU soldered) |
affected, Microcode update necessary | BIOS KBR6L160 | BIOS KBRL6L140 | ||||||||||
LES network+ (CPU soldered) |
BIOS BF551TKE (test pending) | BIOS BF551TM2 (test pending) | BIOS BF551TKD | BIOS BF551TKC | BIOS BF551TKB | BIOS BF551TK7 | BIOS BF551TK5 | BIOS BF551TK4 | |||||
LES industrial v2.0 | BIOS B833PTK8 (test pending) | BIOS B833PTK7 (test pending) | BIOS B833PTK6 | BIOS B833PTK5 | BIOS B833PTK4 | BIOS B833PTK3 | BIOS B833PTK2 | ||||||
LES industrial | BIOS available on request | BIOS BF59ITK9 (test pending) | BIOS BF59ITK8 | BIOS BF59ITK7 | BIOS BF59ITK6 | BIOS BF59ITK5 | BIOS BF59ITK3 | ||||||
LES plus v2 (CPU soldered) |
affected, Microcode update necessary | BIOS KBR2L190 | BIOS KBR2L170 | BIOS KBR2L150 | BIOS YKBR2L12 | ||||||||
LES plus | BIOS F697TTKB (test pending) | BIOS F697TTKA (test pending) | BIOS F697TTK9 | BIOS F697TTK8 | BIOS F697TTK7 | BIOS F697TTK6 | BIOS F697TTK4 | BIOS F697TTK2 | |||||
JNF594-Q170 | BIOS BF54TTKD (test pending) | BIOS BF54TTKC | BIOS BF54TTKB | BIOS BF54TTKA | BIOS BF54TTK9 | BIOS BF54TTK8 | INTEL-SA-00185 and Intel-SA-00191 affected, ME 11.8.60 neccessary | BIOS BF54TTK6 |
Author: Thomas Niedermeier Thomas Niedermeier working in the product management team at Thomas-Krenn, completed his bachelor's degree in business informatics at the Deggendorf University of Applied Sciences. Since 2013 Thomas is employed at Thomas-Krenn and takes care of OPNsense firewalls, the Thomas-Krenn-Wiki and firmware security updates.
|
Author: Werner Fischer Werner Fischer, working in the Knowledge Transfer team at Thomas-Krenn, completed his studies of Computer and Media Security at FH Hagenberg in Austria. He is a regular speaker at many conferences like LinuxTag, OSMC, OSDC, LinuxCon, and author for various IT magazines. In his spare time he enjoys playing the piano and training for a good result at the annual Linz marathon relay.
|