No announcement yet.

Holiday Shopping 2023: FSF Endorses 802.11n WiFi, Opteron Boards & USB To Parallel Printer Cable

  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by phoronix View Post
    The ASUS KGPE-D16 is from the AMD Opteron 6000 series days and has DDR3-1600 memory support. Besides having the open-source firmware it's hard to argue in favor of it especially given the era of today's CPU security vulnerabilities and long outdated CPUs not seeing any microcode updates or any formal security guidance
    No not really. Actually, that's one benefit of the Fam 15h server chips from AMD - there are no unmitigated CPU security vulns that impact the Opteron 6000 series. None! The only vulns it's affected by are a couple of the Spectre variants, which are mitigated in the OS.

    Here's the output from the latest script on my Opteron 6386 server:

    * Affected by CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
    * Affected by CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
    * Affected by CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
    * Affected by CVE-2018-3640 (Variant 3a, rogue system register read): NO
    * Affected by CVE-2018-3639 (Variant 4, speculative store bypass): YES
    * Affected by CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
    * Affected by CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO
    * Affected by CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO
    * Affected by CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): NO
    * Affected by CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): NO
    * Affected by CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): NO
    * Affected by CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): NO
    * Affected by CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): NO
    * Affected by CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): NO
    * Affected by CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)): NO

    All those 'NO' line items mean the chip does not have that vuln. Intel chips of the same era would be all yes's. The only three 'yes' entries are for Spectre, and all three are mitigated in the Linux kernel:

    spectre_v1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization
    spectre_v2 : Mitigation: Retpolines, IBPB: conditional, STIBP: disabled, RSB filling, PBRSB-eIBRS: Not affected
    ​spec_store_bypass : Mitigation: Speculative Store Bypass disabled
    Opteron, as old as it is now, is the most secure x86-64 microarch of the past decade. Of course if any new Opteron hardware vulns are discovered, it won't get a microcode update. But as of today, it's about as secure as you can get.
    Last edited by torsionbar28; 01 December 2023, 11:12 AM.


    • #12
      Glad to know the FSF is continuing to be relevant! To vintage computing enthusiasts like myself, I mean.


      • #13
        FSF is the exact opposite of "cutting edge".

        Like "super dull".