Announcement

**starshipeleven** · 21 March 2018, 01:11 PM

Originally posted by duby229 View Post

This is like a "no duh" moment. Isn't the whole point of root to have the highest tier of access? Isn't it literally the job of hardware and software designers to make certain that root in fact does have that highest tier of access? In that sense doesn't this mean that the hardware and the software is doing exactly what it's supposed to do?

Did you live under a rock? Intel ME and AMD PSP work at a higher level of privilege than root, and it's like a decade that this is the norm (for the ME).

The vulnerabilities discovered required root to be used, but are still not something the PSP and chipset were supposed to do.

**duby229** · 21 March 2018, 01:13 PM

Originally posted by Gusar View Post

Easy solution: sell these big corporate IT departments something different from what you sell to the regular public.

That doesn't work though. Silicon costs money, the more items that get fabricated the cheaper that feature becomes, so it's incredibly important for IC fabricators to fabricate everything they can on every IC they produce. They can then fuse off defective parts and still sell that product. If they made a different IC for every product, then we'd all be paying 10's of thousands of dollars each, for each and every little IC made.

EDIT: The only reason it doesn't seem that way is because Intel fuses off capability even if it's not defective, they do it specifically to differentiate product lineups. But it still give them one die to produce that they can then use to split the cost of fabricating. AMD takes it one step further and simply chooses not to fuse off perfectly functioning capability.

**starshipeleven** · 21 March 2018, 01:19 PM

Originally posted by Almindor View Post

I just boot a USB to "root" because BIOS is unlocked and all that and put my own PSP firmware in. Then proceed to do whatever else as usual and give you the machine (possibly without an OS).

You're now hosed without a way to know it whatsoever. I can't understand why all the AMD fanboys refuse to see this gaping hole for what it is.

The "root required" is completely irrelevant.

This assumes you can boot something on the target PC at all. Ever heard of SecureBoot or boot password (in businness laptops it is actually stored in a small flash chip and it is a massive pain in the ass to reset, you can't just reset CMOS).

Just pointing out that if you let anyone boot whatever on your system you're fucked big way, regardless of this vuln, half-serious secured systems don't usually allow people to just boot a LiveCD and do shit.

**starshipeleven** · 21 March 2018, 01:21 PM

Originally posted by duby229 View Post

That doesn't work though. Silicon costs money, the more items that get fabricated the cheaper that feature becomes, so it's incredibly important for IC fabricators to fabricate everything they can on every IC they produce. They can then fuse off defective parts and still sell that product. If they made a different IC for every product, then we'd all be paying 10's of thousands of dollars each, for each and every little IC made.

EDIT: The only reason it doesn't seem that way is because Intel fuses off capability even if it's not defective, they do it specifically to differentiate product lineups. But it still give them one die to produce that they can then use to split the cost of fabricating. AMD takes it one step further and simply chooses not to fuse off perfectly functioning capability.

AMD disables stuff too, see Epic that has 4 dies while only 2 actually have CPU cores enabled.

**duby229** · 21 March 2018, 01:24 PM

Originally posted by starshipeleven View Post

Did you live under a rock? Intel ME and AMD PSP work at a higher level of privilege than root, and it's like a decade that this is the norm (for the ME).

The vulnerabilities discovered required root to be used, but are still not something the PSP and chipset were supposed to do.

What vulnerabilities? There weren't any discovered. Completely other different vulnerabilities would already have had to have been exploited in order to get that far. You're already screwed long before the fact.

**Gusar** · 21 March 2018, 01:25 PM

Originally posted by duby229 View Post

That doesn't work though. Silicon costs money, the more items that get fabricated the cheaper that feature becomes, so it's incredibly important for IC fabricators to fabricate everything they can on every IC they produce. They can then fuse off defective parts and still sell that product. If they made a different IC for every product, then we'd all be paying 10's of thousands of dollars each, for each and every little IC made.

EDIT: The only reason it doesn't seem that way is because Intel fuses off capability even if it's not defective, they do it specifically to differentiate product lineups. But it still give them one die to produce that they can then use to split the cost of fabricating. AMD takes it one step further and simply chooses not to fuse off perfectly functioning capability.

So just fuse off some stuff in CPUs intended for retail, no separate silicon necessary.

**ehansin** · 21 March 2018, 01:26 PM

I know my comment may be a bit simplistic, but just tossing out as food for thought (not that it isn't that obvious.) Develop a RISC-V core/mask that can coexist on the main CPU die, segregate features that *have* to be there vs. those that are optional for remote administration, then allow the end user to be able to disable the non-necessary (for operation) functionality from within the UEFI settings. All chips get the RISC-V core "just because of scale", but the end user gets to decide. I suppose it could also exist on its own small chip, but that adds board complexity and BOM costs.

To add: It wouldn't need to be a RISC-V core, but that would be cool if it was.

**duby229** · 21 March 2018, 01:26 PM

Originally posted by starshipeleven View Post

AMD disables stuff too, see Epic that has 4 dies while only 2 actually have CPU cores enabled.

No, those are blank dies put there so that the heatspreader would sit flat on package. AMD does in fact fuse off defective parts and bins them accordingly, but unlike Intel which will fuse off a part regardless of whether it's defective or not, AMD will leave that part enabled if it works.

**duby229** · 21 March 2018, 01:27 PM

Originally posted by Gusar View Post

So just fuse off some stuff in CPUs intended for retail, no separate silicon necessary.

Intel and AMD already does that. That's why you can afford them.

**Gusar** · 21 March 2018, 01:29 PM

Originally posted by duby229 View Post

Intel and AMD already does that. That's why you can afford them.

Then why did your reply to me start with "That doesn't work though", when you're now saying it indeed does work?

Announcement

AMD To Issue PSP/BIOS Firmware Updates For Recent Vulnerabilities

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment