Originally posted by duby229
View Post
Announcement
Collapse
No announcement yet.
AMD To Issue PSP/BIOS Firmware Updates For Recent Vulnerabilities
Collapse
X
-
Last edited by torsionbar28; 21 March 2018, 02:47 PM.
- Likes 2
-
Originally posted by torsionbar28 View PostAgree on the general principle, but in practice, it's not quite true. A Pentium die is very very different from a Xeon die. They may use a similar architecture and instruction set, and be manufactured on the same process, but the Pentium and Xeon do not come from the same wafer. Heck, even within the Xeon lineup, the 10 core chips are substantially different from the 12 core. It's not a simply re-binning. The 12 core is three rings of 4 cores, while the 10 core is two rings of 5 cores. When you look at a photo of the two dies, they are very different looking. Yes, the individual cores themselves may be substantially similar between the two, but the uncore portion is quite different. And neither the 10 core or 12 core Xeon looks anything at all like a Pentium.
EDIT: Just as an example, look at Qualcomm, they stopped making semi-custom ARM cores. Intel is one of a very small list of giant corporations that can do this.Last edited by duby229; 21 March 2018, 03:15 PM.
Comment
-
Originally posted by Gusar View Post
Your scenario can happen with or without these "vulnerabilities", and no matter what the CPU vendor is. If one of the three letter agencies want to bug a machine, they'll bug a machine, plain and simple.
Comment
-
Originally posted by duby229 View Post
It's absolutely relevant. The fact is -anyone- can boot -any- LiveUSB to -any- computer -anyway-. Period. That's kinda the whole point of LiveUSB's, so that users -can- get that highest tier of access. It's not a security hole if it's a root user. Now if that root user wants to rip off his customers then he can, but is his own damn fault and he can do it with or without this.
Yes a physical access to your computer means auto-pwnage but the issue here is there's another "secret" layer that can now be exploited to keep things hidden and continue said pwnage. AMD failed on the signature checks on their "secure" system. I'd say that's a bloody big no-no.
To give it as an example.
Without these "security systems" and their holes you can wipe a computer and be sure it's clear. Wipe BIOS too and it should be all good.
You CAN'T officially wipe the PSP. So say I'm just an individual buying a used machine, I can't now be sure it's now pre-pwned. There are SOO many vectors of attack you're blatantly fanboyishly ignore here.
- Likes 2
Comment
-
Originally posted by Gusar View Post
Your scenario can happen with or without these "vulnerabilities", and no matter what the CPU vendor is. If one of the three letter agencies want to bug a machine, they'll bug a machine, plain and simple.
Comment
-
Originally posted by sa666666 View Post
I don't think the issue is that there is a vulnerability that has to be patched, but instead with the way this whole thing was reported, and the fact that it seems to want to paint AMD in the worst possible light. IOW, it was a hit-job.
Also, I can understand why all the Intel fanboys want to blow this out of proportion; so that everyone will stop looking at the gaping holes in current Intel CPUs (Spectre and Meltdown). See, I can turn this into an AMD vs. Intel fanboy argument too.
I'm as big of a "fan" of AMD as anyone here. I just refuse to fanboy security and privacy out the window. Intel ME is "probably" worse than AMD PSP with or without this firmware issue, but they're both horrible. Any and all hooplas around these holes need to be called out and outcried about, otherwise we'll just end up with an even worse mess with layers upon layers of black box "security" crap to spy and hack things easily.
The whole idea of a "security processor" within the processor is extremely ludicrous.
- Likes 1
Comment
-
Originally posted by Almindor View PostNo it can't. Where do you put it such that it's undetectable and has full RAM and encrypted disk access without the PSP?
Also I think everybody should be reminded that an attack like the BIOS flash-based one is possible on every Intel machine since 1990 when Intel 386SL introduced the SMM which is below everything. If you ever wondered how is it possible to boot MSDOS and have the keyboard working with your USB keyboards that's how - it's a handler that emulates PS/2 implemented in the SMM.
- Likes 1
Comment
-
I thought about writing a reply to you Almindor, but your use of the word "fanboy" in every friggin' sentence makes it really hard to take you seriously.
Yes, we're all fanboys here, so we stick fingers in our ears and go "la-la-la", so that we can be in denial that the sky is falling. Because we're fanboys. But you, the only non-fanboy here, you see the truth. That we're all doomed. *Dooooooooomed*
Ok, I'll indulge you at least a little bit - HDD firmware would be the obvious choice.
- Likes 1
Comment
-
Originally posted by starshipeleven View PostAMD disables stuff too, see Epic that has 4 dies while only 2 actually have CPU cores enabled.
Comment
-
Originally posted by Almindor View PostYou CAN'T officially wipe the PSP. So say I'm just an individual buying a used machine, I can't now be sure it's now pre-pwned. There are SOO many vectors of attack you're blatantly fanboyishly ignore here.
And don't you DARE call me a fanboyTest signature
- Likes 1
Comment
Comment