Announcement

Collapse
No announcement yet.

AMD To Issue PSP/BIOS Firmware Updates For Recent Vulnerabilities

Collapse
X
Collapse
 
  • Page of 7
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 5 6 7 template Next
  • #41
    Originally posted by duby229 View Post
    Read what you wrote again. CPU companies should manufacture products made for retail, but they can't, ti would cost way too much. All they can do is design IC's which are as complete as possible and then bin them to different product lineups. Those will be retail and OEM, they will be consumer and IT grade. The only difference between a Xeon and Pentium are the defects on the die.
    Agree on the general principle, but in practice, it's not quite true. A Pentium die is very very different from a Xeon die. They may use a similar architecture and instruction set, and be manufactured on the same process, but the Pentium and Xeon do not come from the same wafer. Heck, even within the Xeon lineup, the 10 core chips are substantially different from the 12 core. It's not a simply re-binning. The 12 core is three rings of 4 cores, while the 10 core is two rings of 5 cores. When you look at a photo of the two dies, they are very different looking. Yes, the individual cores themselves may be substantially similar between the two, but the uncore portion is quite different. And neither the 10 core or 12 core Xeon looks anything at all like a Pentium.
    Last edited by torsionbar28; 21 March 2018, 02:47 PM.
    • Likes 2

    Comment

    • #42
      Originally posted by torsionbar28 View Post
      Agree on the general principle, but in practice, it's not quite true. A Pentium die is very very different from a Xeon die. They may use a similar architecture and instruction set, and be manufactured on the same process, but the Pentium and Xeon do not come from the same wafer. Heck, even within the Xeon lineup, the 10 core chips are substantially different from the 12 core. It's not a simply re-binning. The 12 core is three rings of 4 cores, while the 10 core is two rings of 5 cores. When you look at a photo of the two dies, they are very different looking. Yes, the individual cores themselves may be substantially similar between the two, but the uncore portion is quite different. And neither the 10 core or 12 core Xeon looks anything at all like a Pentium.
      It certainly is true that Intel manages to fabricate more complex dies than anyone else, the principle still applies. Just compare the number of dies AMD produces, including their semi-custom dies, it's a lot less than Intel manages to accomplish. But I think that's just a factor of shear size of the companies.

      EDIT: Just as an example, look at Qualcomm, they stopped making semi-custom ARM cores. Intel is one of a very small list of giant corporations that can do this.
      Last edited by duby229; 21 March 2018, 03:15 PM.

      Comment

      • #43
        Originally posted by Gusar View Post

        Your scenario can happen with or without these "vulnerabilities", and no matter what the CPU vendor is. If one of the three letter agencies want to bug a machine, they'll bug a machine, plain and simple.
        No it can't. Where do you put it such that it's undetectable and has full RAM and encrypted disk access without the PSP?

        Comment

        • #44
          Originally posted by duby229 View Post

          It's absolutely relevant. The fact is -anyone- can boot -any- LiveUSB to -any- computer -anyway-. Period. That's kinda the whole point of LiveUSB's, so that users -can- get that highest tier of access. It's not a security hole if it's a root user. Now if that root user wants to rip off his customers then he can, but is his own damn fault and he can do it with or without this.
          This is extremely short-sighted. I hope you don't work at security.

          Yes a physical access to your computer means auto-pwnage but the issue here is there's another "secret" layer that can now be exploited to keep things hidden and continue said pwnage. AMD failed on the signature checks on their "secure" system. I'd say that's a bloody big no-no.

          To give it as an example.

          Without these "security systems" and their holes you can wipe a computer and be sure it's clear. Wipe BIOS too and it should be all good.

          You CAN'T officially wipe the PSP. So say I'm just an individual buying a used machine, I can't now be sure it's now pre-pwned. There are SOO many vectors of attack you're blatantly fanboyishly ignore here.
          • Likes 2

          Comment

          • #45
            Originally posted by Gusar View Post

            Your scenario can happen with or without these "vulnerabilities", and no matter what the CPU vendor is. If one of the three letter agencies want to bug a machine, they'll bug a machine, plain and simple.
            The question is if they can do it in an undetectable manner. Without the PSP I'd say no. Maybe UEFI but that's just another gaping hole (thanks M$)

            Comment

            • #46
              Originally posted by sa666666 View Post

              I don't think the issue is that there is a vulnerability that has to be patched, but instead with the way this whole thing was reported, and the fact that it seems to want to paint AMD in the worst possible light. IOW, it was a hit-job.

              Also, I can understand why all the Intel fanboys want to blow this out of proportion; so that everyone will stop looking at the gaping holes in current Intel CPUs (Spectre and Meltdown). See, I can turn this into an AMD vs. Intel fanboy argument too.
              I'm not an intel fanboy. In fact, if you want we can compare machines to see who's more AMD (hint: I'd win unless you're 100% amd, including graphics card).

              I'm as big of a "fan" of AMD as anyone here. I just refuse to fanboy security and privacy out the window. Intel ME is "probably" worse than AMD PSP with or without this firmware issue, but they're both horrible. Any and all hooplas around these holes need to be called out and outcried about, otherwise we'll just end up with an even worse mess with layers upon layers of black box "security" crap to spy and hack things easily.

              The whole idea of a "security processor" within the processor is extremely ludicrous.
              • Likes 1

              Comment

              • #47
                Originally posted by Almindor View Post
                No it can't. Where do you put it such that it's undetectable and has full RAM and encrypted disk access without the PSP?
                Into any other part of your highly interconnected cluster of separate computers that you call a PC nowadays. It's been done with NICs and HDDs among other things. Even laptop SD readers are now PCIe with DMA. It's not that hard to imagine and almost nobody runs IOMMU in consumer gear to stop those attacks.

                Also I think everybody should be reminded that an attack like the BIOS flash-based one is possible on every Intel machine since 1990 when Intel 386SL introduced the SMM which is below everything. If you ever wondered how is it possible to boot MSDOS and have the keyboard working with your USB keyboards that's how - it's a handler that emulates PS/2 implemented in the SMM.

                • Likes 1

                Comment

                • #48
                  I thought about writing a reply to you Almindor, but your use of the word "fanboy" in every friggin' sentence makes it really hard to take you seriously.

                  Yes, we're all fanboys here, so we stick fingers in our ears and go "la-la-la", so that we can be in denial that the sky is falling. Because we're fanboys. But you, the only non-fanboy here, you see the truth. That we're all doomed. *Dooooooooomed*



                  Ok, I'll indulge you at least a little bit - HDD firmware would be the obvious choice.
                  • Likes 1

                  Comment

                  • #49
                    Originally posted by starshipeleven View Post
                    AMD disables stuff too, see Epic that has 4 dies while only 2 actually have CPU cores enabled.
                    That's not true. EPYC has all 4 dies enabled. It's Threadripper that has 2 functioning dies and 2 spacers to balance the physical load on the socket (https://overclock3d.net/news/cpu_mai...silicon_dies/1).

                    Comment

                    • #50
                      Originally posted by Almindor View Post
                      You CAN'T officially wipe the PSP. So say I'm just an individual buying a used machine, I can't now be sure it's now pre-pwned. There are SOO many vectors of attack you're blatantly fanboyishly ignore here.
                      I don't believe PSP has its own flash - you "hide stuff in PSP" by flashing the BIOS with an altered image that includes different PSP code. AFAIK "resetting the PSP code" is as simple as restoring the original BIOS image.

                      And don't you DARE call me a fanboy
                      Test signature
                      • Likes 1

                      Comment

                      Previous 1 2 3 4 5 6 7 template Next
                      Working...
                      X