Announcement

Collapse
No announcement yet.

Libre/Open-Source POWER10 Hardware Systems Unlikely Until At Least 2022

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • make_adobe_on_Linux!
    replied
    Originally posted by phoron View Post
    I think so, because it'd make sense, but I don't have a specific source for it.
    Well that would be a big first step... To be able to verify that and show the community. This is important work that I'm talking about to inspire people and spread awareness. Perhaps even people internal @ AMD will read it and influence them.

    Originally posted by phoron View Post
    Brute force is something anyone implementing public key criptography already accounted for. If you managed to take advantage of it then the simple solution would be just some more bits in the length of future CPUs embedded keys.
    Yes but the generations are fairly gradual in performance - especially now that Moore's non-law is obviously dead. So the top generations now - if they were opened up - would be usable for a long time. Perhaps long enough for a FOSS ARM architecture or RISC-V.

    Originally posted by phoron View Post
    I'm not a lawyer. Check with one if you need it. I wasn't counting on brute forcing anything. I said stealing a private key was illegal. Things like breaking into someone else's property, bribing or threating people into telling secrets, etc. are crimes.
    I know enough about the law to know that I'm allowed to do whatever I want in the privacy of my own home with a CPU I bought & own.

    Originally posted by phoron View Post
    NO. Check your key lengths, algos and budgets.
    No point in discussing until we extract the public key

    Originally posted by phoron View Post
    Power9. Power10 requires proprietary software, so let's not encourage that, even if they don't (hopefully) sign their firmware.
    Yes hopefully they'll turn that around.

    Originally posted by phoron View Post
    I can understand you. When you first learn these things you go nuts. It's like seeing a TV ad for your new shiny handcuffs. But then you get used to it. It's so. Too few people care (yet?).
    I learned it many years ago - I just have a lot of determination for pet projects.

    Leave a comment:


  • phoron
    replied
    Originally posted by make_adobe_on_Linux! View Post

    Does that mean that every model of CPU has the same public key embedded into it?
    I think so, because it'd make sense, but I don't have a specific source for it.

    If this is the main issue, then perhaps brute forcing just one public key would be worth it
    Brute force is something anyone implementing public key criptography already accounted for. If you managed to take advantage of it then the simple solution would be just some more bits in the length of future CPUs embedded keys. But I don't expect vendors to be so incompetent to let you take advantage of brute force.

    Also, I don't see how this specific strategy could be illegal considering you actually own the CPU you buy - and you should be allowed to do whatever with it.
    I'm not a lawyer. Check with one if you need it. I wasn't counting on brute forcing anything. I said stealing a private key was illegal. Things like breaking into someone else's property, bribing or threating people into telling secrets, etc. are crimes.

    Maybe a few million dollars of AWS compute or a botnet could get lucky with cracking a public key (by finding the private key), once it is extracted.
    NO. Check your key lengths, algos and budgets.

    And yes, perhaps the only option will be power10.
    Power9. Power10 requires proprietary software, so let's not encourage that, even if they don't (hopefully) sign their firmware.


    Yes, but the issue is that they're silent on it. If they're security experts and not saying anything about a very likely backdoor in every modern computer, then what are they being paid for except to keep quiet?
    YMMV. From what I've seen, the antifeatures are advertised by vendors as management systems and whatever. So experts would be hard pressed to disclose something that it's already advertised in the press kit.

    I can understand you. When you first learn these things you go nuts. It's like seeing a TV ad for your new shiny handcuffs. But then you get used to it. It's so. Too few people care (yet?).

    Leave a comment:


  • make_adobe_on_Linux!
    replied
    Originally posted by phoron View Post
    Your proposal is basically breaking public key encryption. If you can then the applications are many more than what you propose. If you can't, you don't need to feel alone.
    Thanks; I appreciate your reply! Does this mean we have found the public keys in the CPUs? Does that mean that every model of CPU has the same public key embedded into it? If this is the main issue, then perhaps brute forcing just one public key would be worth it (if it means getting access to an entire generation of CPU). Also, I don't see how this specific strategy could be illegal considering you actually own the CPU you buy - and you should be allowed to do whatever with it. Maybe a few million dollars of AWS compute or a botnet could get lucky with cracking a public key (by finding the private key), once it is extracted.

    Regardless, I appreciate the brainstorming because it is the lack of creativity in this area that I'm annoyed by - not the fact that it is hard to make progress. Just want to see more approaches. And yes, perhaps the only option will be power10. Hopefully we'll get some good motherboards for it. As I understand it doesn't have both register & memory encryption like Ryzen PRO & EPYC have, unfortunately.

    Originally posted by phoron View Post
    They probably understand the problem and know the only hope is building CPUs that don't check signatures on firmware, unless the owner install their own stuff.
    Yes, but the issue is that they're silent on it. If they're security experts and not saying anything about a very likely backdoor in every modern computer, then what are they being paid for except to keep quiet? Sure they can find some exploits that enable petty criminals, but that is like working for the bad guys preventing the less powerful bad guys from competing. This is a reasonable concern especially now that the world economic forum and the rest are claiming there is an inevitable "cyberpandemic" ("worse than coronavirus") incoming. This is their words, not mine.
    Last edited by make_adobe_on_Linux!; 07 October 2021, 07:30 AM. Reason: typo

    Leave a comment:


  • phoron
    replied
    Originally posted by make_adobe_on_Linux! View Post
    Everyone claims it is impossible to reverse engineer an AMD CPU in order to bootstrap it with FOSS and disable suspicious management system stuff. Where is the evidence of that? Perhaps they don't want anyone trying so they spread information about how impossible it is...
    It's not lack of information on how it works, so that you have to reverse engineer. Yes, there may be programs there that we don't know what they do and might reverse engineer,
    but the problem if there is hardware and software in ROM in the same CPU chip that will check the signature of those programs and don't run them even if you wrote a free software replacement. You can't replace those signature checks. You could at most find some flaw in the verification and exploit it, and I think this was done some times, but eventually it simply doesn't work anymore because newer CPUS patch flaws in verification. So even if you had done all the work of reverse engineering you would have to do some crime to get the private key the vendor holds and sign your firmware replacement, or you get a brick. That's illegal and unfeasible and even if someone ever does that they wouldn't have much reason to tell me or you.

    One would think a company would have more than a million to blow on verifiable HW security on inexpensive chips. We need to start a GoFundMe for reverse engineering EPYC/Ryzen for this purpose and get companies that want verifiable security to donate. It would be a massive public service considering how many AMD chips are in circulation! And ditto for AMDGPU firmware binary blobs! This is the fastest path to cheaply available, high functioning open systems, in my research.
    Your proposal is basically breaking public key encryption. If you can then the applications are many more than what you propose. If you can't, you don't need to feel alone.

    P.S. Contact any security expert including academicians about the black box operating system running in 99% of modern CPUs and they will either ignore you, downplay the issue, or both. They're clearly deluded by their gravy trains!
    They probably understand the problem and know the only hope is building CPUs that don't check signatures on firmware, unless the owner install their own stuff.
    Building CPUs is so capital intensive that you can never be sure the hardware does what the datasheet says, but hey, having more choice in hardware where at least the datasheet isn't saying the owner is powned from factory would already be great. The other solution is not using computers. At least there's historical feasibility evidence.

    Some people when faced with problems whose solutions are more difficult than the problem simply accept the problem. I bet that's what you've been finding.

    I don't know you and don't know what you know. In case you need a summary of the situation, try here.

    Leave a comment:


  • make_adobe_on_Linux!
    replied
    Everyone claims it is impossible to reverse engineer an AMD CPU in order to bootstrap it with FOSS and disable suspicious management system stuff. Where is the evidence of that? Perhaps they don't want anyone trying so they spread information about how impossible it is... One would think a company would have more than a million to blow on verifiable HW security on inexpensive chips. We need to start a GoFundMe for reverse engineering EPYC/Ryzen for this purpose and get companies that want verifiable security to donate. It would be a massive public service considering how many AMD chips are in circulation! And ditto for AMDGPU firmware binary blobs! This is the fastest path to cheaply available, high functioning open systems, in my research.

    P.S. Contact any security expert including academicians about the black box operating system running in 99% of modern CPUs and they will either ignore you, downplay the issue, or both. They're clearly deluded by their gravy trains!

    Leave a comment:


  • c117152
    replied
    Originally posted by madscientist159 View Post

    Sorry, but I do need to correct this...while I cannot make any statements about POWER10 (this is because it isn't released yet by IBM), I can absolutely confirm there is no special handling, key fusing, or anything along those lines required for POWER9, and that POWER8 was the same. OpenPOWER CPUs do not come with any kind of fused key; the end user needs to program their own key into the CPU if desired, and even then that process just programs an EEPROM inside the CPU if physical presence is asserted or the booted firmware has a valid signature as determined by that particular CPU. This is what the "Secure Mode Disable" physical jumper is for, fundamentally, to allow recovery of a system to which the signing key is lost via physical presence at that system.

    Raptor in general believes fused key systems to be dangerous on multiple levels (e.g. how does key rotation work? does the vendor retain control or is all control passed to the owner?), and either avoids hardware that requires them or deactivates them prior to shipment with a public well-known key as required, across all of its product lines

    Make sense?
    1. While the TPM provisioning process ( https://www.ibm.com/support/knowledg...ng_concept.htm ) can be circumvented using the built-in keys via a jumper, to secure boot "TPM Provisioning requires connectivity to an IBM® certificate authority while provisioning the TPM card".
    2. Beyond standard assembly, IBM lets large enough (military it seems) orders to fuse their own keys straight on the ROM (with or without IBM's own keys) so they'd be able to provision their own TPM keys without IBM cert auth kicking off the chain of trust. I figured you guys are doing this but I guess not. Either way, I agree it's silly seeing how the same "quality" of trust is required from IBM either way (not to backdoor / not to lose/give away their master...).

    Anyhow, I still say IBM will satisfy big orders months before making parts available "on-shelf" since that's how POWER7, 8 and 9 rolled. Admittedly though, it might be for different reasons than it was back when I was the one on the phone with IBM... But whatever.

    Leave a comment:


  • starshipeleven
    replied
    Originally posted by Spooktra View Post
    And you think that Power10 is somehow a solution to the allegations Snowden, or should I call him snow job, made?
    It sure is more secure than running a system with a hardware backdoor with ring-3 access to everything (aka Intel Management Engine or AMD PSP).

    Unless you think Intel is very good at making secure stuff.

    Leave a comment:


  • starshipeleven
    replied
    Originally posted by Spooktra View Post
    Hogwash!!! The well known security issues, such as Meltdown, Spectre, and side channel attacks are not caused by flaws in the firmware but flaws in the hardware,
    Lol, not really, we are not in 1999. A lot of the "smart" operation of modern processors is done by microcode. Most of the prediction logic used in CPUs (and the faults in it cause side channel attacks, Meltdown/Spectre/friends) isn't really in the hardware. How do they even test and tune it? Do they print multiple engineering samples each time they benchmark new algorithms? That's nonsense.

    "fixing" the issue in an "open source" cpu would be the same way that Intel "fixed" the issue with Intel processors, where they changed the firm ware to mitigate the attacks but in the process killed performance.
    Lol no vendor has any incentive to do a very good job with post-sales support. The most they can provide is some quick and dirty patch or workaround.

    The true fix always comes with the "next version" that you need to pay.

    "Open source" cpu's will offer no benefit in this regard, they are just a placebo.
    In 1999 perhaps. Nowadays most of the CPU/GPU's complexity is put inside microcode and firmware. It's simply impossible to not do that, Even Intel/AMD can't just go and print new CPU silicon on a moment's notice to test new logic or fix some bugs while in development.

    Leave a comment:


  • Spooktra
    replied
    Originally posted by andyprough View Post
    I'm assuming this is a joke post? If not, you may want to read up on a fellow named Edward Snowden.
    And you think that Power10 is somehow a solution to the allegations Snowden, or should I call him snow job, made?

    Leave a comment:


  • Spooktra
    replied
    Originally posted by starshipeleven View Post
    It's actually quite a bit for security (you can fix any issue that is found regardless of what the manufacturer does) and means you can trust the hardware to a much bigger extent than x86 where you have like 30MB of firmware blobs between the OS and the hardware.
    Hogwash!!! The well known security issues, such as Meltdown, Spectre, and side channel attacks are not caused by flaws in the firmware but flaws in the hardware, "fixing" the issue in an "open source" cpu would be the same way that Intel "fixed" the issue with Intel processors, where they changed the firm ware to mitigate the attacks but in the process killed performance.

    "Open source" cpu's will offer no benefit in this regard, they are just a placebo.

    Leave a comment:

Working...
X