So these static libraries will be distributed with headers but without source code?
Announcement
Collapse
No announcement yet.
AMD openSIL Detailed For Advancing Open-Source System Firmware
Collapse
X
-
From what I'm reading of the announcement, it's a lot of buzzwords to obscure the fact that all they're doing is moving the majority of the code that matters in bringing up the CPU and PSP into statically linked closed (and probably obfuscated) libraries while opening the glue code in the AEGSA. This is one step forward but two or even three steps back. It's still a nothing burger. I don't see anything to be excited about once you toss the purposely misleading jargon.
The only positive is that the static libraries might be written in some language other than assembly or C although all they actually say is another vague "industry standard language", which can mean anything.
I use a lot of AMD products, because they have historically been open source friendly - more or less. But this... this is nothing. Show us the code not "statically linked [closed] interface libraries and headers."
- Likes 10
Comment
-
Originally posted by Finity View PostHow does this affect the prevalence of CPU microcode? I hope—beyond opening up system firmware—it will help eliminate binary blobs elsewhere, thus advance FSF libre aspirations.
Plus, there are far worse things than microcode on AMD platforms. All the ram init and other key stuff has been pushed down into the far more locked down Platform Security Processor firmware, making it worse than intel who at lest leave it up in the closed-source FSP binaries that you can load or (theoretically) replace yourself.
The FSF's libre hardware aspirations are dead. RYF is itself has always been in complete contradiction with reality.
- Likes 4
Comment
-
Originally posted by paulocoghi View Post
It's important to acknowledge that open firmware still has a ways to go, but AMD has been a valuable contributor to its development. While the current state of affairs is not without its flaws, it is much improved compared to previous iterations.
While it's understandable that companies prioritize financial gain, AMD's investment in open source is an admirable strategy. The company has a notable track record of producing high-quality FOSS projects and contributions, and this benefits everyone involved.
- Likes 1
Comment
-
Originally posted by Developer12 View Post
You're crazy if you think CPUs will stop using microcode. Every CPU made since the 8086 contains it, and the preloaded microcode has only grown larger and larger
Plus, there are far worse things than microcode on AMD platforms. All the ram init and other key stuff has been pushed down into the far more locked down Platform Security Processor firmware, making it worse than intel who at lest leave it up in the closed-source FSP binaries that you can load or (theoretically) replace yourself.
The FSF's libre hardware aspirations are dead. RYF is itself has always been in complete contradiction with reality.
- Likes 1
Comment
-
Originally posted by Developer12 View Post
You're crazy if you think CPUs will stop using microcode. Every CPU made since the 8086 contains it, and the preloaded microcode has only grown larger and larger
Plus, there are far worse things than microcode on AMD platforms. All the ram init and other key stuff has been pushed down into the far more locked down Platform Security Processor firmware, making it worse than intel who at lest leave it up in the closed-source FSP binaries that you can load or (theoretically) replace yourself.
The FSF's libre hardware aspirations are dead. RYF is itself has always been in complete contradiction with reality.
>This is my CPU architecture. You can see the layout, but given that it's too complex to modify or make for yourself, there's no need to worry about licenses or anything.
>Oh great, can't wait to use it.
>And of course some of the logic was done in microcode instead of physical circuits to save on development costs.
>NO NO NO I HAVE TO BE ABLE TO EDIT THAT PART THATS DIFFERENT
- Likes 3
Comment
-
Originally posted by Ironmask View Post
I always found the politics behind microcode to be funny.
>This is my CPU architecture. You can see the layout, but given that it's too complex to modify or make for yourself, there's no need to worry about licenses or anything.
>Oh great, can't wait to use it.
>And of course some of the logic was done in microcode instead of physical circuits to save on development costs.
>NO NO NO I HAVE TO BE ABLE TO EDIT THAT PART THATS DIFFERENT
The argument being exaggerated with sarcasm is also correct. If Intel can modify the software running on my CPU, then I should too. If Intel can't modify my hardware then I don't mind as much if I do not possess the rights to do so, though it would be pretty cool if I could peek at how it works.Last edited by kvuj; 14 April 2023, 03:46 PM.
- Likes 4
Comment
-
Originally posted by kvuj View Post
Maybe, just maybe looking at some code is more fun and educational than trying to physically reverse engineer an extremely complex CPU? Can you imagine how cool it would be to be able to hack on your microcode.
The argument being exaggerated with sarcasm is also correct. If Intel can modify the software running on my CPU, then I should too. If Intel can't modify my hardware then I don't mind as much if I do not possess the rights to do so, though it would be pretty cool if I could peek at how it works.
The number of people that can look at microcode, understand it, and fix or otherwise meaningfully alter it is tiny. Most are already employed by CPU and firmware companies, the majority of the rest are employed by national intelligence agencies and criminal gangs. The tiny number that are left are not enough to have a meaningful long term impact on the security of all microcode. In order for open source to work you must have an economy of scale of skilled eyes on that code that are at least neutral if not beneficial to the public good. Otherwise, you're just whistling in the dark. Don't bother saying anyone can. That's not true. Not everyone has the skill, nor the time, to audit every single piece of code running on their computer from the CPU microcode to the UI. Not even if you put it to the community at large. We already see plenty of examples of this where projects both heavily and rarely used don't get the scrutiny they need to remain secure in the face of determined malicious actors because few people want the thankless task of auditing and debugging software. They only want to write it.
I don't want to give up my security and the security of the general public just because a handful of people want to look at microcode without obfuscation (use Ghidra if you're all fired up to learn microcode). Obscurity is a necessary layer of security that shouldn't be hand-waved away because an absolutist zealot doesn't like its politics, but doesn't actually care about reviewing what they're demanding be open - only that someone (vaguely hand waving) review it somewhere sometime... hopefully (while it's for sure the bad guys will).
- Likes 1
Comment
-
Originally posted by kvuj View Post
Maybe, just maybe looking at some code is more fun and educational than trying to physically reverse engineer an extremely complex CPU? Can you imagine how cool it would be to be able to hack on your microcode.
The argument being exaggerated with sarcasm is also correct. If Intel can modify the software running on my CPU, then I should too. If Intel can't modify my hardware then I don't mind as much if I do not possess the rights to do so, though it would be pretty cool if I could peek at how it works.
Comment
Comment