PSA: New Zotac CI323 Nano BIOS Breaks pfSense



  • Zotac just released a new BIOS for the CI323 nano to address Spectre.  However, I flashed it and found that afterward pfSense was only able to see one of the two onboard NICs.  I double checked all the BIOS settings and could find no explanation.  Thankfully, I happened to have the previous BIOS on a thumb drive so I downgraded to it, which immediately fixed everything.  So it would appear that those of us running CI323s just have to live with the Spectre vulnerability :'(


  • Netgate Administrator

    Unless you're running pfSense as a VM on that device the risk in minimal. If you don't allow other users on the firewall it could be argued the risk is none. At least that's how I read it.

    Steve



  • Thanks for the information.  Yeah it's a dedicated, non-VMed machine, so it's pretty low risk.  I just like to stay up to date whenever possible.  And who'd have thought it would take out one of my NICs?  :P  Oh well, haha.



  • @TheNarc:

    Thanks for the information.  Yeah it's a dedicated, non-VMed machine, so it's pretty low risk.  I just like to stay up to date whenever possible.  And who'd have thought it would take out one of my NICs?  :P  Oh well, haha.

    Take it up with the Zotac support, if the BIOS is faulty they need to fix it.



  • I wouldn't load the spectre patches on a dedicated pfSense box. You neuter your CPU performance for very, very minimal risk. As @stephenw10 if virtualization isn't involved Spectre really isn't much of a threat, especially for something as minimal and tight as pfSense.