AMD motherboard partners start rolling out BIOS updates with LogoFAIL bugfix

(Image credit: ASUS)

Thanks to AMD's AGESA updates, its motherboard partners have started rolling out BIOS updates containing a fix to protect the BIOS from LogoFAIL, a security flaw that allows the UEFI boot screen to be hijacked. LogoFAIL was discovered in Dec. 2023

Intel patched this vulnerability with Intel ME Version 16.1.30.2307 the same month it was reported. Although the issue was resolved by AMD's AGESA Version 1.2.0.b a few months ago, AMD released the latest 'c' version, which includes fixes for other vulnerabilities, a few weeks ago. As a result, some motherboard vendors, such as Gigabyte, have started releasing BIOS updates with the AGESA 'b' variation for some AMD chipsets, while Asus and MSI released BIOS updates with the latest AGESA update. 

Motherboard makers have yet to release BIOS updates for any of these AGESA versions for X670 chipsets. 

How does LogoFAIL work?

LogoFAIL is platform-agnostic flaw — it affects both Intel and AMD platforms with BIOS made by independent BIOS vendors such as AMI, Phoenix, and Insyde. Because the exploit occurs before the OS and is not stored in the storage drive, it's not possible for conventional anti-malware tools to detect or remove it. 

When Binarly reported the exploit, it made the following observations:

  • Insyde-based firmware usually but not always contains parsers for BMP, GIF, JPEG, PCX, PNG, and TGA. Those are stored in separate modules called, e.g., BmpDecoderDxe
  • AMI-based firmware contains image parsers in a DXE module called AMITSE. Every firmware we analyzed contained between a single BMP parser (e.g., Dell firmware) to a set of parsers for BMP, PNG, JPEG, and GIF (e.g., Lenovo).
  • Phoenix-based firmware stores its parsers in a module called SystemImageDecoderDxe, and it can usually parse BMP, GIF, and JPEG.

The US-based National Institute of Standards and Technology also published information on LogoFAIL in its National Vulnerable Database, filed under CVE-2023-40238 for Insyde, CVE-2023-39538 for AMI, and CVE-2023-5058 for Phoenix Technologies.

Once LogoFAIL infects the BIOS's customizable images, it takes advantage of the security flaw during the DXE (Driver Execution Environment) phase. This allows it to bypass the CPU and OS security protocols and checks and install a bootkit without being detected. This affected both motherboards made by component makers and OEM motherboards; the demo used an 11th-generation CPU-based Lenovo ThinkCentre M720s.

The State of New BIOS Rollouts

Lenovo has not yet released the latest UEFI that includes the LogoFAIL patch. Some OEMs, such as Dell, do not allow UEFI logos to be changed (the images are protected by Image Boot Guard). Mac systems, even older units with Intel CPUs, have logo images hard-coded into the UEFI and are therefore protected from the LogoFAIL exploit.

Subsequently, motherboard vendors need to proactively release BIOS updates once the respective IBVs include the latest patch. The 'b' variant addresses the LogoFAIL exploit, but the new AGESA version 1.2.0.c also addresses the Zenbleed vulnerability (discovered July 2023). Therefore, Gigabyte will need to roll out another BIOS update with the latest firmware for its AM4 platform as well as BIOS updates for its x670 motherboards.

Roshan Ashraf Shaikh
Contributing Writer

Roshan Ashraf Shaikh has been in the Indian PC hardware community since the early 2000s and has been building PCs, contributing to many Indian tech forums, & blogs. He operated Hardware BBQ for 11 years and wrote news for eTeknix & TweakTown before joining Tom's Hardware team. Besides tech, he is interested in fighting games, movies, anime, and mechanical watches.

  • artk2219
    Good to know, i usually disable boot logo's anyway, im not sure if that would make a difference though.
    Reply
  • evdjj3j
    Both my Asrock AM4 MBs received those in Jan.
    Reply
  • Notton
    Thanks for the reminder. My MSI mobo had the 1.2.0.C (apparently it's a combo) update out 2 weeks ago.
    Reply
  • Alvar "Miles" Udell
    I suspect something else had changed because Gigabyte issued BIOS F6 to fix the issue with my X570S Aorus Master, and they have since removed it and posted F7.
    Reply
  • taz-nz
    Gigabyte B550 Pro AX is patched with F18,
    but MSI B550M Mortar WIFI is still not patched.
    Reply
  • nitrium
    Do any of these fixes affect CPU performance? Is anyone even testing it?
    Reply
  • Math Geek
    for some reason the F7d Bios my x570s aorus master has on it is not even listed anymore. it goes from F6 to now F8, though the new one does not have this recent update in it since it came out in jan. it fixes this logo vulnerability but not this new Zenbleed issue the new "C" update fixes.
    Reply
  • neojack
    reading how the flaw works, i guess i can prevent the exploit by :

    * activating secure boot : so only signed OSes can boot
    and/or
    * deselecting all the boot devices, leaving only "windows boot"

    am i right ?
    Reply
  • razor512
    Wouldn't it be better for them to just get rid of the custom boot logo function, or simply display info about what the motherboard is doing before it starts loading the OS rather than any boot logo?
    Reply
  • LabRat 891
    nitrium said:
    Do any of these fixes affect CPU performance? Is anyone even testing it?
    The Spectre-Meltdown patches did.

    I'm purposely running 3-5 releases back on my Asus X570 Tuf gaming plus (WiFi) and 5800x3d.
    (Major stability differences between BIOSes, and reliable losses in Cinebench. -post-Meltdown/Spectre patch)
    Reply