vulnerable boards not detected if system vendor replaces OEM fields #4
Description
The fields currently used to determine the make/model of the motherboard are not reliable.
For example, my system vendor has changed these fields to System76 / thelio-major-r2 (there are other possible values as well) (I don't know which field exactly contains the product ID there, because this is available in rust but the Get-WmiObject call returns different stuff). While my specific board ("TRX40 AORUS PRO WIFI") is not on the list, it should be noted somewhere that this detection scheme is not 100% reliable, because these fields are malleable. To be sure, one needs to explicitly check the make/model of their board physically, from their shipping materials, from the UEFI GUI, or so on.
Get-WmiObject win32_baseboard returns the following on one of these, for example:
Manufacturer : System76
Model :
Name : Base Board
SerialNumber : Default string
SKU :
Product : Thelio Major