To assist in securing AMI’s OEM/ODM partner systems and their customers who have deployed those systems, AMI and Microsoft have released an open-source patch for platforms running AMI’s Aptio® V UEFI BIOS Firmware on Windows® that were produced and put into service with a test version of the Platform Key (PK).
This patch should serve as mitigation to CVE-2024-8105, also referred to as “PKFail”. The mitigation is licensed and distributed as open source, with no guarantee or support from Microsoft, AMI or other affiliates. In the case of multiple system deployment, the patch should be tested prior to installation across all systems.
ODMs, OEMs, CSPs, Tier 2/3 datacenters, and individual users of Aptio V UEFI BIOS can determine if they have a test version of the PK running by leveraging the Windows Powershell script provided with the mitigation.
Downloads of the patch can be found at https://github.com/CERTCC/PKfail/.