Originally posted by Veerappan
View Post
Announcement
Collapse
No announcement yet.
AMD SMM Callout Privilege Escalation Bug Disclosed For APUs
Collapse
X
-
Originally posted by Veerappan View Post
This.
I've been a pretty unashamed AMD fanboy for a while now (15+ years, although I did skip straight from a Phenom II x6 to Ryzen... sorry bulldozer), but I don't think I've ever said that AMD didn't have undiscovered security issues in their chips. The relative lack of reported issues compared to Intel does seem to point to several possibilities:
1. Security researchers haven't been looking into AMD nearly as much (either due to relative market size, or because of funding/priorities).
2. Meltdown/Spectre gave just enough of a lever/insight into Intel's weak spots that they're prying it wide open.
3. AMD's architecture may have skipped some of the shortcuts that Intel took, leading to a more secure design.
AMD's chips may be swiss cheese, and we haven't discovered the holes yet. For now, until Intel straightens their chip design out and improves their pricing/performance/TDP, I'm not even bothering to recommend Intel-based systems to people. The Ryzen series is good enough for pretty much any use case someone would care to ask me for recommendations about.
And speculations does not change the current state of things.
Intel rightly deserves to have their ass handed to them for their bugs.
- Likes 1
Comment
-
Originally posted by hotaru View Post
if by "SLS" you mean the recently disclosed "Straight-line Speculation" vulnerability, then no. A53 doesn't speculatively execute anything, so it's still safe.
Branch prediction _is_ speculative execution.
While technically detailing different concepts (or more like evolution of the concept), the name of the class is speculative execution.
Pure branch predictors without speculative executions are still vulnerable to bad implementations since it is a control type hazard.
- Likes 2
Comment
-
Originally posted by hotaru View Post
if by "SLS" you mean the recently disclosed "Straight-line Speculation" vulnerability, then no. A53 doesn't speculatively execute anything, so it's still safe.
Security-Database help your corporation foresee and avoid any security risks that may impact your IT infrastructure and business applications.
I'm no expert, I really like the A53 in my RPi but I'm not sure there is such a thing as immunity...
Comment
-
As usual idiot AMD fanboys jump to defend AMD. Yet another AMD AGESA bug. Sure it's not a hardware bug, and it's "easily fixable" by pushing new AGESA code, right? Wrong.
Remember that RDRAND debacle? AMD AGESA bug. AMD pushed out updated AGESA with a fix for the new Ryzen CPUs. But there's an important next step. Motherboard and device vendors must push out updated UEFI with the new AGESA. This doesn't always take place, and even if it does there can be heavy delays.
See here for example: https://arstechnica.com/gadgets/2019...ed-my-weekend/
Laptops from 2014 and 2015 with some of AMDs pre-Ryzen APUs were also affected by the RDRAND bug. Those laptop vendors never bothered pushing updated code. I don't know if AMD even bothered updating AGESA for those older CPUs. They just disabled RDRAND instead.
Comment
-
Originally posted by milkylainen View PostSince the A53 most likely has a branch predictor, then it most certainly is in the class of "speculative execution" pipelines.
Branch prediction _is_ speculative execution.
Originally posted by carn View PostWell, I don't know but all Cortex A got flagged as having SLS. Also there is this:
https://www.security-database.com/cp...2A%3A%2A%3A%2A
- Likes 1
Comment
-
Originally posted by milkylainen View PostSince the A53 most likely has a branch predictor, then it most certainly is in the class of "speculative execution" pipelines.
Branch prediction _is_ speculative execution.
It's obviously not that fast, but being dead simple means it's very energy efficient and small so it gets used a lot in big.Little-setups as the "Little" part.
Comment
Comment