Originally posted by shmerl
View Post
Announcement
Collapse
No announcement yet.
AMD Publishes New Family 19h CPU Microcode
Collapse
X
-
Originally posted by DRanged View Post
On Debian it seems microcode is blacklisted in amd64-microcode-blacklist.conf. I actually don't know what it means so if someone can enlighten me it would be appreciated.
Comment
-
Originally posted by mulenmar View PostAnd this is why I hate microcode. No idea what's being installed into my CPU or why if the manufacturer doesn't tell the complete truth, needing insider knowledge of the child's workings to understand that truth, and no way to find out barring massive amounts of reverse-engineering.
Basically, if they're going to introduce a backdoor, microcode is the worst way to do it. A "platform firmware update" is a much easier target as that goes into a larger ROM.Last edited by colejohnson66; 03 October 2022, 09:23 AM.
- Likes 2
Comment
-
-
Originally posted by mulenmar View PostAnd this is why I hate microcode. No idea what's being installed into my CPU or why if the manufacturer doesn't tell the complete truth, needing insider knowledge of the child's workings to understand that truth, and no way to find out barring massive amounts of reverse-engineering.Phantom circuit Sequence Reducer Dyslexia
Comment
-
Originally posted by zerothruster View Postwhich listed a lot of errata, most of which were "won't fix".
Once you get past the first couple of months, about the only time you'll see microcode updates is for data corruption, and even that's only because of a mix of massive reputational damage, legal action, and the "fit for purpose" laws in civilized countries. Even catastrophic security vulnerabilities don't necessarily get workarounds, depending on how large the potential lawsuit is.
Basically, unless the manufacturer would be on the hook for a staggering amount of legal liability, it would rather rather just spend $50M of lawyer time tying the whole thing up in the courts instead. I've never understood why, since even $5M of engineer time - which basically NO amount of repair work would cost - is still by far the cheaper option, but I guess they're just playing the odds.
- Likes 3
Comment
-
Originally posted by Anux View PostThat doesn't sound logical, if no backdoors can be introduced through microcode updates how can a microcode update mitigate vulnerabilitys?
Comment
-
Originally posted by colejohnson66 View PostI can't find the talk on YouTube, but other research into MSRs revealed that some RDMSR instructions can take hundreds (thousands?) of cycles. That indicates a lot of work going on behind the scenes just to return a 32 bit number.
- Likes 2
Comment
Comment