NORCROSS, GEORGIA, USA - AMI, a global leader in BIOS and UEFI firmware, server and remote management tools, data storage products and unique solutions based on the Linux® and Android™ operating systems, today released a statement in response to recent news of the security vulnerabilities known as Meltdown and Spectre.
In short, AMI would like to reassure its valued partners, OEM and ODM customers and end users of AMI products that it continues to closely monitor the details of both the Meltdown and Spectre security vulnerabilities as they emerge. Naturally, AMI exercises the utmost vigilance with respect to security vulnerabilities and makes every effort to be proactive about security advisories from the moment details are disclosed.
Most importantly, AMI is pleased to state that we have reviewed these security issues in detail and determined that Aptio®, our flagship UEFI BIOS Firmware, is not affected or compromised by either of these vulnerabilities in any way. AMI recommends that systems vulnerable to Meltdown and Spectre security vulnerabilities apply all appropriate operating system security patches, which can be obtained directly from the operating system vendor.
However, AMI would also like to point out that for certain Intel® based products, mitigation of the Spectre CPU security vulnerability involves the application of a CPU microcode patch from Intel Corporation, along with any security patches obtained from the operating system vendor. Interested parties can rest assured that AMI is working closely with Intel to obtain all relevant CPU microcode patch updates. As a matter of course, AMI will provide these Intel CPU microcode patch updates to AMI OEM and ODM customers as soon as they become available from Intel.
Subramonian Shankar, President, Founder and CEO of AMI, offered the following comments on the company’s recent activities and stance regarding these two security issues:
“Over the years, AMI has come up with what we believe to be a robust security framework, which allows us to keep tabs on the security vulnerabilities that are relevant to AMI products, so we can take immediate action. AMI has been working on various mechanisms to simplify this entire process of creating and applying security fixes and patches to mitigate vulnerabilities. Additionally, we work closely with key industry partners on fixes, which AMI then distributes to our customers. Keeping in close coordination with our partners also makes it easy for AMI customers to apply the fixes that we have developed.
“From our perspective, we don’t see the threat of security issues like Meltdown and Spectre going away in the future. Therefore, it is imperative that we work closely with Intel, AMD, Arm®-based silicon providers and others to continue to address them. We see ourselves as a partner with silicon manufacturers in many technical and strategic initiatives over the course of many years and we will continue to do so, to address security vulnerabilities in a timely, coordinated and effective manner.
As such, it is important to AMI to continue working closely with all silicon providers on this issue now and in the future. From our perspective, this incident shows the complexity of the security paradigm in our industry, which requires the industry to work in close cooperation so that we can address these security issues collectively with the best possible response.”
AMI will continue to monitor the security situation around Meltdown and Spectre closely as it evolves and make the public, as well as our valued partners, OEM and ODM customers and end users of AMI products, aware of any additional details that may emerge.
Intel® is a registered trademark of Intel Corporation in the US and other countries. Arm is a registered trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere.
Founded in 1985 and known worldwide for AMIBIOS®, the mission of AMI is to power, manage and secure connected devices by providing best-in-class UEFI and remote management firmware, software and utilities to top-tier manufacturers of desktop, server, mobile and embedded/IoT systems. In line with its technology focus, AMI is a member of numerous industry associations and standards groups, such as the Unified EFI Forum (UEFI), the NIST National Cybersecurity Excellence Partnership (NCEP) and Trusted Computing Group (TCG). Headquartered in Duluth, Georgia, AMI has locations in the U.S., China, Germany, India, Japan, Korea, Taiwan and Hong Kong to better serve its customers.
For more information on AMI, its products or services, call 1-800-U-BUY-AMI or visit ami.com.
Statement of Liability: © 2020 AMI Product specifications are subject to change without notice. Products mentioned may be trademarks or registered trademarks of their respective companies. All rights reserved. No warranties are made, either express or implied, with regard to the contents of this work, its merchantability or fitness for a particular use. This publication contains proprietary information, which is protected by copyright. AMI reserves the right to update, change and/or modify this product at anytime.