PSA: New Zotac CI323 Nano BIOS Breaks pfSense
-
Zotac just released a new BIOS for the CI323 nano to address Spectre. However, I flashed it and found that afterward pfSense was only able to see one of the two onboard NICs. I double checked all the BIOS settings and could find no explanation. Thankfully, I happened to have the previous BIOS on a thumb drive so I downgraded to it, which immediately fixed everything. So it would appear that those of us running CI323s just have to live with the Spectre vulnerability :'(
-
Unless you're running pfSense as a VM on that device the risk in minimal. If you don't allow other users on the firewall it could be argued the risk is none. At least that's how I read it.
Steve
-
Thanks for the information. Yeah it's a dedicated, non-VMed machine, so it's pretty low risk. I just like to stay up to date whenever possible. And who'd have thought it would take out one of my NICs? :P Oh well, haha.
-
Thanks for the information. Yeah it's a dedicated, non-VMed machine, so it's pretty low risk. I just like to stay up to date whenever possible. And who'd have thought it would take out one of my NICs? :P Oh well, haha.
Take it up with the Zotac support, if the BIOS is faulty they need to fix it.
-
I wouldn't load the spectre patches on a dedicated pfSense box. You neuter your CPU performance for very, very minimal risk. As @stephenw10 if virtualization isn't involved Spectre really isn't much of a threat, especially for something as minimal and tight as pfSense.