Originally posted by freespirit
View Post
Announcement
Collapse
No announcement yet.
It Looks Like Raptor Is Gearing Up To Release A New Open-Source POWER System
Collapse
X
-
-
Originally posted by madscientist159 View PostIt gets tricky, partly because one is relying on undocumented behaviour from the ME components. Apparently different "flavors" of the ME react differently to the invalid inputs created by ME Cleaner, but I am not aware of any of them "crashing" the kernel -- only asking nicely for the ME to halt its userspace after bringup (note "asking nicely" versus "forcibly disabling" -- there is a large difference between those two in terms of assurance). There's also some attempt to remove components from the ME firmware image without really understanding what this does -- does the ME fall back to an internal ROM version of the missing data? Does it start listening for a network upload of the missing data?
http://blog.ptsecurity.com/2017/08/d...-intel-me.html has some additional information. I'd like to call out the following, since I think the information you have above may have been a misquote of this section:
Personally, I don't like the sound of TemporaryDisable, it sounds, well, temporary. ;-) Also looks like this hack may only work on certain desktop variants (?). In any case, the ME hardware is still quite active, so for instance this malware injection vector https://www.theregister.co.uk/2018/0...tel_jtag_flaw/ would still work on your "cleaned" Intel box.
I'm definitely glad that my current plans are to stick with my Athlon II X2 while I try to fit an acceptably low-TDP pre-PSP Opteron into my budget. That'll buy time for people to either better understand the PSP and ME or build less expensive alternatives that appeal.
(Given how much of my gaming is either indie games or emulation, a non-x86 CPU with qemu-user may even perform sufficiently well by the time I have to move off this. I certainly hope so, as my big reason for being so heavily into emulation is to ensure that continued use of my software is not tied to hardware that's getting harder to find.)
Comment
-
Fair point - my first thought was "that's not the microcode I was talking about" but it might fall into the same category after all (microcode which is soft-loaded on our CPUs and ROM'ed on POWER CPUs). I'll try to find out.Test signature
Comment
-
Originally posted by freespirit View Posttrying to make the things more clear i have some questions
on power9:
a) the HDL is a part of processor where this microcode is installed or is the microcode itself?
b) the microcode run OS and programs code; internal hardware instructions or both?
c) as i understood x86 microcode contain hardware firmware while power9 microcode don't is it right?
c.) is unknown. It's getting harder to know what is in the "microcode" files due to vendor encryption. All we can do is take the vendor at their word, and generally the vendor does not provide information on what is in the update files. However, I note that that there are very complex blocks running on both AMD and Intel processors for things like power management; there may or may not be some type of update facility for these, but even with no update facility, any firmware for those blocks would still be burned into a ROM on-die somewhere. POWER has all the power management firmware open and owner-modifiable, Intel / AMD keep it closed, signed, and oftentimes encrypted.
It's a shame, really. Older AMD processors didn't encrypt or sign the microcode updates, and research was possible into how the microcode worked and how to modify it (https://www.emsec.rub.de/media/emma/...-microcode.pdf). This would have allowed, at minimum, keeping the vendor honest by seeing what the vendor changed in a particular update. Sadly this is not possible any more due to encryption and signature checks on the newer processors.
Originally posted by freespirit View Post
now let's assume IBM, Intel, AMD and ARM are evil and they put a backdoor inside their microcode, no one could inspect it because microcode are closed, what difference, should we have from user privacy and security prospective? the microcode differences do matter anymore or is game over for everyone? if it's game over, in my opinion IBM should open this part too, i know it could sound irrealistic but after Snowden leaks nothing will surprise me anymoreLast edited by madscientist159; 02 September 2018, 04:41 PM.
Comment
-
Originally posted by madscientist159 View Post
Sorry, but a.) and b.) don't make any sense. HDL is the literal design language used to describe hardware (hence the name, Hardware Description Language). It isn't part of the processor, it's more like a description of how the hardware that comprises the processor should operate at a very low level. It's used to describe how the other blocks inside the processor should operate, not just the (tiny in comparison) microcode block.
c.) is unknown. It's getting harder to know what is in the "microcode" files due to vendor encryption. All we can do is take the vendor at their word, and generally the vendor does not provide information on what is in the update files. However, I note that that there are very complex blocks running on both AMD and Intel processors for things like power management; there may or may not be some type of update facility for these, but even with no update facility, any firmware for those blocks would still be burned into a ROM on-die somewhere. POWER has all the power management firmware open and owner-modifiable, Intel / AMD keep it closed, signed, and oftentimes encrypted.
It's a shame, really. Older AMD processors didn't encrypt or sign the microcode updates, and research was possible into how the microcode worked and how to modify it (https://www.emsec.rub.de/media/emma/...-microcode.pdf). This would have allowed, at minimum, keeping the vendor honest by seeing what the vendor changed in a particular update. Sadly this is not possible any more due to encryption and signature checks on the newer processors.
In the case of the POWER processor, you're asking if they are willing to compromise a $100 million + mask set to do this, plus risk all the legal fallout since every processor manufactured from those masks would have the backdoor. In the case of x86, you are only asking if they can either burn a custom compromised microcode in at manufacture (assuming the CPU core mask set is not used to pattern the initial ROM), or (more likely) create and distribute a compromised microcode update file. Both of the latter options are relatively cheap and easy in comparison to trying to backdoor a modern RISC CPU at the hardware level.
about the hypotetical evil scenario, considering is everything encrypted and probably hard to understood, i doubt someone will even try so i don't think this could be a point to do not do evil stuff, as cambridge analytica and other news i read on facebook and google, did almost nothing, ofcourse IBM customers are more technical, so it's a bit different
i really appreciate the work you are doing on raptorcs working to give a complete open hardware, but if i can spend a word, i whould like to push you to keep working to free also what it miss from market to be open, you already doing working to free the NIC, and should be nice continue to free usefull stuff, if is possible starting with IBM with this little piece HDL, i understood you and other expert don't think it is a problem, and i have no knowledge to even have an idea, but i feel my self like a little Stallman, if something is close you cannot see what's inside, could be a candy or a bomb, so it's ever better to open what is possible, the other things is close and should be nice to have freed is the storage, ssd is the future, so should be nice go in touch with some vendors and see if is it possible to have an ssd with open firmware
i still have a question about the new platform, or just the talos if is the same, as i understood there is no bios/efi, there is a kind of setting zone like the old bios to setup hardware value? how can i choose the disk/usb to boot on system startup?Last edited by freespirit; 02 September 2018, 05:12 PM.
Comment
-
Originally posted by freespirit View Post
thank you for the explanation, i was misunderstood what HDL is even if i searched for it, now it is clear
about the hypotetical evil scenario, considering is everything encrypted and probably hard to understood, i doubt someone will even try so i don't think this could be a point to do not do evil stuff, as cambridge analytica and other news i read on facebook and google, did almost nothing, ofcourse IBM customers are more technical, so it's a bit different
i really appreciate the work you are doing on raptorcs working to give a complete open hardware, but if i can spend a word, i whould like to push you to keep working to free also what it miss from market to be open, you already doing working to free the NIC, and should be nice continue to free usefull stuff, if is possible starting with IBM with this little piece HDL, i understood you and other expert don't think it is a problem, and i have no knowledge to even have an idea, but i feel my self like a little Stallman, if something is close you cannot see what's inside, could be a candy or a bomb, so it's ever better to open what is possible, the other things is close and should be nice to have freed is the storage, ssd is the future, so should be nice go in touch with some vendors and see if is it possible to have an ssd with open firmware
Originally posted by freespirit View Post
i still have a question about the new platform, or just the talos if is the same, as i understood there is no bios/efi, there is a kind of setting zone like the old bios to setup hardware value? how can i choose the disk/usb to boot on system startup?
Comment
-
Originally posted by Dopefish View PostMy goodness... this has to have been one of the most engaging comments sections on an article I've ever read!
I'm looking forward to the October reveal for the new system from Raptor Engineering.
madscientist159
To enter on petiboot there is a key to stroke on startup? Or how can i change the setting according to the link you posted?
i'm looking for the ram for the new system, i found this one seems good and it's cheaper than others http://www.crucial.com/usa/en/ct16g4rfd824a is ecc and registered, but i see dual ranked, i don't know if this is a problem or not and if is good or not, could you please gimme a suggestion?
i was also looking for a PSU i saw in the talos the minimum psu power is 500w, do you think 400w will be enogh for the new system? considering the cpu+mobo+ram fans and 2 ssdLast edited by freespirit; 03 September 2018, 03:20 AM.
Comment
-
Originally posted by freespirit View Post
agree with you, that's a big news
madscientist159
To enter on petiboot there is a key to stroke on startup? Or how can i change the setting according to the link you posted?
i'm looking for the ram for the new system, i found this one seems good and it's cheaper than others http://www.crucial.com/usa/en/ct16g4rfd824a is ecc and registered, but i see dual ranked, i don't know if this is a problem or not and if is good or not, could you please gimme a suggestion?
i was also looking for a PSU i saw in the talos the minimum psu power is 500w, do you think 400w will be enogh for the new system? considering the cpu+mobo+ram fans and 2 ssd
PSU selection depends on your intended CPUs and accessories. A single 4-core machine with NVMe and just the integrated on-board VGA uses less than 150W at the wall, which should give you some idea of the size PSU required. A full dual 22 core system with GPUs and spinning rust alongside leading edge NVMe might use more like 1kW under full load.
Your RAM selection looks fine. Rank is not important, just the fact that it is DDR4 ECC registered and not LR-DIMM.
- Likes 1
Comment
Comment