Announcement

Collapse
No announcement yet.

Intel Linux Patch Would Report Outdated CPU Microcode As A Security Vulnerability

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Intel Linux Patch Would Report Outdated CPU Microcode As A Security Vulnerability

    Phoronix: Intel Linux Patch Would Report Outdated CPU Microcode As A Security Vulnerability

    A patch posted on Thursday by one of Intel's long-time Linux kernel engineers would begin treating outdated Intel CPU microcode as a security vulnerability that would be reported to user-space via the existing sysfs vulnerabilities reporting...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    I would say they should start publishing changelogs for their microcode, *then* add the patch.

    Comment


    • #3
      Originally posted by npwx View Post
      I would say they should start publishing changelogs for their microcode, *then* add the patch.
      The required changelog:

      General system stability improvements to enhance the user's experience.

      Comment


      • #4
        Originally posted by npwx View Post
        I would say they should start publishing changelogs for their microcode, *then* add the patch.
        They should open-source it :P

        Comment


        • #5
          Originally posted by npwx View Post
          I would say they should start publishing changelogs for their microcode, *then* add the patch.
          They often do. Intel very frequently and explicitly states what vulnerabilities or stability issues a microcode patch fixes. Especially when either the patch means that the linux kernel can stop doing a workaround that hurts performance or needs to make use of a new microcode feature that improves security.

          What they don't publish is source code and well, tough tiddies. That C code (yes, intel write microcode in C) is tightly tied to the internal architecture of the CPU and is one of the most valuable trade secrets intel has. They're not going to ever give it to you.

          Comment


          • #6
            bruh, talk about going overboard

            Comment


            • #7
              While useful I honestly think this sounds more of an excuse to nag people that your slightly dated, no longer updated CPU is a security nightmare.... which it is, but now it is not as easy to forget about it... And you buy a new machine because updating the CPU by itself is not that easy anymore and you (and others !!) discover that your new secure CPU was not that secure after all, and then you update your microcode until there is no updates anymore and the damn thing starts over like never ending loop you can't break out of unless of course there is a security bug in the CPU which leaves you in a mental state where the only sane thing to do is to yank out your network cable, stuff the ethernet port with gum, put a tinfoil hat on you and any nearby antenna, and end up buying pen and paper because those does not suffer from security problems... And then it was that thing about invisible ink... So .... Yeah..... Yeah indeed!!

              http://www.dirtcellar.net

              Comment


              • #8
                Originally posted by Developer12 View Post
                What they don't publish is source code and well, tough tiddies. That C code (yes, intel write microcode in C) is tightly tied to the internal architecture of the CPU and is one of the most valuable trade secrets intel has. They're not going to ever give it to you.
                It's also a way to distribute backdoors at the behest of intelligence agencies. Microcode backdoors can be exploited in the browser via WASM. And Intel already has had a history of 'cooperation' with the NSA as the existence of the HAP bit attests.

                Comment


                • #9
                  Originally posted by mixov View Post
                  It's also a way to distribute backdoors at the behest of intelligence agencies. Microcode backdoors can be exploited in the browser via WASM. And Intel already has had a history of 'cooperation' with the NSA as the existence of the HAP bit attests.
                  Who needs to "distribute" backdoors when there's already MB of microcode in the chip when you bought it? If you don't trust the patches, you shouldn't have bought an intel chip to begin with.

                  Comment


                  • #10
                    Originally posted by waxhead View Post
                    While useful I honestly think this sounds more of an excuse to nag people that your slightly dated, no longer updated CPU is a security nightmare.... which it is, but now it is not as easy to forget about it... And you buy a new machine because updating the CPU by itself is not that easy anymore and you (and others !!) discover that your new secure CPU was not that secure after all, and then you update your microcode until there is no updates anymore and the damn thing starts over like never ending loop you can't break out of unless of course there is a security bug in the CPU which leaves you in a mental state where the only sane thing to do is to yank out your network cable, stuff the ethernet port with gum, put a tinfoil hat on you and any nearby antenna, and end up buying pen and paper because those does not suffer from security problems... And then it was that thing about invisible ink... So .... Yeah..... Yeah indeed!!
                    Windows 11

                    (To be fair, I have installed it on older machines and it runs.)

                    Comment

                    Working...
                    X