AMD releasing all their secret IP. Oh noes, Intel will steal it!
Announcement
Collapse
No announcement yet.
AMD Publishes SEV Firmware As Open-Source
Collapse
X
-
Let's not blow this out of proportion.
This is code for *one* app running on the PSP, it's far from complete, and you'll never be able to run it. This is just a code dump, with the intention of allowing security researchers to comb through it for bugs.
The licence is wrong for people to do anything with it, they're not accepting contributions, it's missing headers and build scripts and other junk, and you'd have to get it signed by AMD to run it because there's no provision for testing locally.
One has to admit though that it technically is *a step* towards the demands to "open source the PSP" even if very small.
- Likes 8
Comment
-
Originally posted by hlandau View PostThis means that while this source code has been made available, you can't actually compile it yourself or use it on your computer. It doesn't give you the freedom to modify the software, which is what open source is supposed to do. In short, this doesn't actually move things any closer to actually be able to have fully FOSS firmware on a PC, or to allow use of e.g. Libreboot with modern AMD systems.
Errr, no, it's NOT a GREAT idea.
- Likes 1
Comment
-
Originally posted by boboviz View Post
It's a GREAT idea to modify (by yourself) the firmware of servers in a datacenter (this firmware is for EPYC cpu)!!
Errr, no, it's NOT a GREAT idea.
This allows for a far smaller and easier to audit firmware attack surface because the custom firmware can cut off anything and everything that's not needed for that specific use, faster (re)booting positively impacting downtimes for each machine, advanced specialized architectures that a traditional firmware might not enable so directly, etc, etc
Is it complicated to develop? Sure... but then again being FOSS means there's at least the possibility for a wide-range cooperation and creation of reference designs, implementations, etc instead of each company reinventing the wheel alone from scratch
Unfortunately what AMD did falls short of being FOSS or even of the opencompute open firmware criteria, but still better than not doing it
- Likes 3
Comment
-
Originally posted by piorunz View PostGood move. While not letting anyone compile and run modified software, it allows independent engineers and hackers to read the code and verify it. To make sure there are no nasty surprises in it.
- Likes 2
Comment
-
Originally posted by billbo View Post
Having the "code" doesn't mean you can verify the shipped binaries were built from that version of the code. You need reproducible builds and a way to compare your binaries to what the vendor (AMD) ships. You can look for bugs with the code, which you might be able to verify have been fixed in the next binary release; but this won't help much to find any deliberate backdoors.
It's not much from AMD, but better than nothing.
Comment
Comment