BIOS file hashes or signatures (question)
Printed From: ASRock.com
Category: Technical Support
Forum Name: Intel Motherboards
Forum Description: Question about ASRock Intel Motherboards
URL: https://forum.asrock.com/forum_posts.asp?TID=25279
Printed Date: 07 May 2024 at 12:43pm
Software Version: Web Wiz Forums 12.04 - http://www.webwizforums.com
Topic: BIOS file hashes or signatures (question)
Posted By: Gorn42
Subject: BIOS file hashes or signatures (question)
Date Posted: 30 Dec 2022 at 2:32pm
When you download Oracle JDK, they provide SHA512 hashes, and when you download TOR browser, they provide a PGP signature. Most win32 executables from major companies are signed with a security certificate.
However, though the BIOS is clearly a hugely import piece from a computer security viewpoint, I don't see any SHA256/512 hashes or pgp signatures available for the BIOS downloads, and I don't think .ROM files can be signed in a way that allows Windows or the user to verify the signature.
Why is this, Asrock? Why are these critical security measures not in place?
|
Replies:
Posted By: threadzipper1957
Date Posted: 07 Apr 2023 at 11:08pm
I don't think any brand does this, but every BIOS is verified for a board before You update, so it can only use a BIOS verified for that particular board.
And Honestly, after 40 years in the business, the only time people ruined theur BIOS, was by there own doing, or downloading it from a different website, other than the manufacturers.
I think, only when its proven, that a BIOS on their website, is hacked, they will react to the threat
-------------
Kind Regards
|
|