[sqeaky]

Why? I'm anal about security and this barely registers with me but not as something to be angry about.

Somebody with ring 0 privileges (a prereq for this) on your CPU already has root and you have to presume they've already had the ability to write to your BIOS and VBIOS, and this is just confirmation of that. If you're actually worried about this stuff then how can you be sure that someone hasn't paid Microsoft to put stuff into your firmware?

[dtx1]

Step 1: Lease a Server for a month Step 2: Compromise that server Step 3: Cancel the lease Step 4: Wait for it to be reused Step 5: Next Customer in line is now compromised

[CamperBob2]

If the cloud provider is giving metal ring-0 access to their customers, this particular issue is the least of their worries (and their customers').

[sqeaky]

Real hardware running midrange AMD only CPUs? This doesn't hit Intel or AMDs Epyc or Threadripper.

[christophilus]

That’s fair. I’d missed the ring0 part.