Announcement

Collapse
No announcement yet.

AMD SMM Callout Privilege Escalation Bug Disclosed For APUs

Collapse
X
Collapse
 
  • Page of 3
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
  • #11
    Originally posted by Veerappan View Post
    AMD's chips may be swiss cheese, and we haven't discovered the holes yet.
    Intel deserves all flaming it gets for the bs that they did (or dare I say did not do) in the last decade. High end processors have been 4 cores with hyperthreading for 6+ years, damn it.

    • Likes 4

    Comment

    • #12
      Originally posted by L_A_G View Post

      The only modern processor core that I can recall being confirmed to be totally invulnerable is the ARM Cortex A53
      ...Until SLS?

      Comment

      • #13
        Originally posted by carn View Post

        ...Until SLS?
        if by "SLS" you mean the recently disclosed "Straight-line Speculation" vulnerability, then no. A53 doesn't speculatively execute anything, so it's still safe.

        Comment

        • #14
          Originally posted by Veerappan View Post

          This.

          I've been a pretty unashamed AMD fanboy for a while now (15+ years, although I did skip straight from a Phenom II x6 to Ryzen... sorry bulldozer), but I don't think I've ever said that AMD didn't have undiscovered security issues in their chips. The relative lack of reported issues compared to Intel does seem to point to several possibilities:

          1. Security researchers haven't been looking into AMD nearly as much (either due to relative market size, or because of funding/priorities).
          2. Meltdown/Spectre gave just enough of a lever/insight into Intel's weak spots that they're prying it wide open.
          3. AMD's architecture may have skipped some of the shortcuts that Intel took, leading to a more secure design.

          AMD's chips may be swiss cheese, and we haven't discovered the holes yet. For now, until Intel straightens their chip design out and improves their pricing/performance/TDP, I'm not even bothering to recommend Intel-based systems to people. The Ryzen series is good enough for pretty much any use case someone would care to ask me for recommendations about.
          Pointless in speculating if AMD has a swiss cheese state.
          And speculations does not change the current state of things.
          Intel rightly deserves to have their ass handed to them for their bugs.
          • Likes 1

          Comment

          • #15
            Originally posted by hotaru View Post

            if by "SLS" you mean the recently disclosed "Straight-line Speculation" vulnerability, then no. A53 doesn't speculatively execute anything, so it's still safe.
            Since the A53 most likely has a branch predictor, then it most certainly is in the class of "speculative execution" pipelines.
            Branch prediction _is_ speculative execution.

            While technically detailing different concepts (or more like evolution of the concept), the name of the class is speculative execution.
            Pure branch predictors without speculative executions are still vulnerable to bad implementations since it is a control type hazard.
            • Likes 2

            Comment

            • #16
              Originally posted by hotaru View Post

              if by "SLS" you mean the recently disclosed "Straight-line Speculation" vulnerability, then no. A53 doesn't speculatively execute anything, so it's still safe.
              Well, I don't know but all Cortex A got flagged as having SLS. Also there is this:

              Wireshark Wireshark 1.6.9 - Security Database
              https://www.security-database.com/cpe.php?detail=cpe%3A2.3%3Ao%3Aarm%3Acortex-a53_firmware%3A-%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A
              Security-Database help your corporation foresee and avoid any security risks that may impact your IT infrastructure and business applications.


              I'm no expert, I really like the A53 in my RPi but I'm not sure there is such a thing as immunity...

              Comment

              • #17
                Attacking the Golden Ring on AMD Mini-PC
                https://medium.com/@dannyodler/attacking-the-golden-ring-on-amd-mini-pc-b7bfb217b437
                (or how to bypass Windows strongest security boundary)

                Comment

                • #18
                  As usual idiot AMD fanboys jump to defend AMD. Yet another AMD AGESA bug. Sure it's not a hardware bug, and it's "easily fixable" by pushing new AGESA code, right? Wrong.

                  Remember that RDRAND debacle? AMD AGESA bug. AMD pushed out updated AGESA with a fix for the new Ryzen CPUs. But there's an important next step. Motherboard and device vendors must push out updated UEFI with the new AGESA. This doesn't always take place, and even if it does there can be heavy delays.

                  See here for example: https://arstechnica.com/gadgets/2019...ed-my-weekend/

                  Laptops from 2014 and 2015 with some of AMDs pre-Ryzen APUs were also affected by the RDRAND bug. Those laptop vendors never bothered pushing updated code. I don't know if AMD even bothered updating AGESA for those older CPUs. They just disabled RDRAND instead.

                  Comment

                  • #19
                    Originally posted by milkylainen View Post
                    Since the A53 most likely has a branch predictor, then it most certainly is in the class of "speculative execution" pipelines.
                    Branch prediction _is_ speculative execution.
                    it has a branch predictor, but doesn't do speculative execution. the branch predictor is used only for prefetching instructions. instructions are only executed in order.

                    Originally posted by carn View Post
                    Well, I don't know but all Cortex A got flagged as having SLS. Also there is this:

                    https://www.security-database.com/cp...2A%3A%2A%3A%2A
                    that looks like it's just lazy reporting on the part of security-database.com. it specifically says "Arm Armv8-A core implementations utilizing speculative execution", which the A53 is not. it looks like they just flagged all ARMv8-A without actually considering that some of them don't do speculative execution.
                    • Likes 1

                    Comment

                    • #20
                      Originally posted by milkylainen View Post
                      Since the A53 most likely has a branch predictor, then it most certainly is in the class of "speculative execution" pipelines.
                      Branch prediction _is_ speculative execution.
                      I've actually read the technical documentation on the A53 core at one point and it doesn't have branch prediction in terms of actually doing genuine speculative execution. It's got a branch target buffer, but that's it. In terms of execution it's totally in-order and just dead simple.

                      It's obviously not that fast, but being dead simple means it's very energy efficient and small so it gets used a lot in big.Little-setups as the "Little" part.

                      Comment

                      Previous 1 2 3 template Next
                      Working...
                      X