[SUCCESS] Gigabyte Designare Z390 (Thunderbolt 3) + i7-9700K + AMD RX 580

[ianm]

Seems like there is a report that many Gigabyte motherboards have an insecure auto firmware update feature they are likening to a backdoor.

Seems like the z390 Designare (or any z390/z490 boards) doesn't have the UEFI backdoor issue that other Gigabyte motherboards are said to have. Note this issue would only be an issue for dual boot hacks as the update process relies on Windows itself for doing the firmware update. Article and list of motherboards below

Supply Chain Risk from Gigabyte App Center Backdoor - Eclypsium | Supply Chain Security for the Modern Enterprise

Updates: 1. Gigabyte has published updates related to this issue. See the Gigabyte advisory for details. 2. Eclypsium has released a PowerShell script to Github that can assist in determining whether a system is impacted. The script compares the motherboard model to the list of models known...

eclypsium.com

https://eclypsium.com/wp-content/uploads/Gigabyte-Affected-Models.pdf

 

[etorix]

Updated firmwares to fix the issue:

Firmware Backdoor Discovered in Gigabyte Motherboards, 250+ Models Affected

There are ways to protect yourself now and researchers are working to fix it.

www.tomshardware.com

 

[trs96]

Eclypsium has already shared its discoveries with Gigabyte, and the motherboard vendor is working on a solution to address the vulnerability. Ironically, the solution will likely arrive in updated firmware.

Here's what they recommend for those with affected GA motherboards until the firmware fix is available.

Eclypsium recommends users disable the "APP Center Download & Install" feature inside the motherboard's firmware. The option is what initiates the updater. For good measure, users can implement a BIOS-level password to prevent unwanted, malicious activity. Last but not least, users can block the three sites that the updater contacts.

 

[ianm]

Now the question is wether to risk BIOS update or just leave mitigations in place. Even though it's not on the list I believe the z690 Pro Art is also impacted as I found the UEFI exe in my System32 folder when I checked (don't have the name handy right now from one of the articles).

 

[epyonxero]

No worries. Configuring OpenCore EFI is quite easy as follows:
.

Im working on switching from Clover to OpenCore so i can update the OS and I used the above steps to create a USB drive but I cant boot into MacOS. I get the Apple logo and progress bar on a black screen and then a fully black screen. Using BIOS F9i and CFG-Lock is disabled.

 

[madmax559]

Im working on switching from Clover to OpenCore so i can update the OS and I used the above steps to create a USB drive but I cant boot into MacOS. I get the Apple logo and progress bar on a black screen and then a fully black screen. Using BIOS F9i and CFG-Lock is disabled.

cmd + v when you boot so it starts in verbose mode.

Then come back here & post where it stops in the boot sequence.

 

[Stork]

Im working on switching from Clover to OpenCore so i can update the OS and I used the above steps to create a USB drive but I cant boot into MacOS. I get the Apple logo and progress bar on a black screen and then a fully black screen. Using BIOS F9i and CFG-Lock is disabled.

OpenCore-Install-Guide/clover-conversion at master · dortania/OpenCore-Install-Guide

Repo for the OpenCore Install Guide. Contribute to dortania/OpenCore-Install-Guide development by creating an account on GitHub.

github.com

 

[epyonxero]

OpenCore-Install-Guide/clover-conversion at master · dortania/OpenCore-Install-Guide

Repo for the OpenCore Install Guide. Contribute to dortania/OpenCore-Install-Guide development by creating an account on GitHub.

github.com

I've followed all of the steps in the guide, and, when I try to load OpenCore, the sequence goes like this: BIOS -> Select OC USB Drive -> OC Disk Chooser -> Reset NVRAM -> BIOS -> Select OC USB Drive again -> OC Disk Chooser -> Select main startup/Catalina drive -> Apple logo, progress bar, black screen.

I've tried using verbose mode, and I get a stream of messages before the screen goes black. But I cant read the output before it goes away. Running an i9 9900k and Z390 Designare build based on this original thread. Could it be an NVRAM issue that isnt being fixed by OC NVRAMreset?

 

[madmax559]

I've followed all of the steps in the guide, and, when I try to load OpenCore, the sequence goes like this: BIOS -> Select OC USB Drive -> OC Disk Chooser -> Reset NVRAM -> BIOS -> Select OC USB Drive again -> OC Disk Chooser -> Select main startup/Catalina drive -> Apple logo, progress bar, black screen.

I've tried using verbose mode, and I get a stream of messages before the screen goes black. But I cant read the output before it goes away. Running an i9 9900k and Z390 Designare build based on this original thread. Could it be an NVRAM issue that isnt being fixed by OC NVRAMreset?

1. Make sure you are not using some XMP (extreme memory profile) that is causing some instability in the bios

2. Keep a phone handy with the camera pointed at the screen & record a video (for yourself) when the verbose boot sequence starts.
That will make it easier for you to go through it to last frame & save that to get an idea of where in the boot sequence it reached before fade to black

I used the 2nd item to diagnose when I was having issues and my xmp overclock was making the system unstable.

Also.

What version bios & opencore are you running ?

 

[epyonxero]

1. Make sure you are not using some XMP (extreme memory profile) that is causing some instability in the bios

2. Keep a phone handy with the camera pointed at the screen & record a video (for yourself) when the verbose boot sequence starts.
That will make it easier for you to go through it to last frame & save that to get an idea of where in the boot sequence it reached before fade to black

I used the 2nd item to diagnose when I was having issues and my xmp overclock was making the system unstable.

Also.

What version bios & opencore are you running ?

Having a hard time getting verbose mode to come up. CMD-V after selecting the start up drive in the OC chooser right? It seems to ignore the input.
No XMP is active. BIOS is F9i and CFG Lock is off. OpenCore is version 0.8.3
Other than that my BIOS setting are as they were when I did my original Clover install. Are there additional BIOS changes that are needed for OpenCore?