Intel Releases New CPU Microcode For Two New Security Advisories

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • AdrianBc
    replied
    Originally posted by energyman View Post

    486 introduced SMM.

    The first model of 486, 486DX, which was launched in April 1989, did not have SMM.

    The first CPU with SMM was Intel 80386SL, which was launched in October 1990. This was a 386 variant intended for laptops.

    Some later 486 models, beginning in 1992, have added SMM.


    The initial motivation for SMM was as a workaround for the fact that Microsoft was too lazy to add the power management functions, which normally belong to the operating system, to MS-DOS and Windows.

    That has forced the BIOS providers to do this work in the place of Microsoft and Intel has provided SMM for this purpose. Unfortunately, SMM is easy to abuse, either intentionally or by mistake, by the computer or motherboard vendors, because it cannot be controlled by the legal owner of the computer. Better consumer protection laws should have forbidden the existence of such Trojan horses.










    Leave a comment:


  • fotomar
    replied
    Originally posted by energyman View Post

    486 introduced SMM.
    It wasn’t in the DX, though.

    in other news it’s depressing to see how long it’s been since we could trust our own computers.

    Leave a comment:


  • Sonadow
    replied
    Pass. Not really interested in building a new initramfs just for microcode update unless they actually fix something major, like the overvolting issue in Raptor Lake.

    Security advisories are overrated. Most "vulnerabilities" cannot be remotely exploited, and require physical access to the computer. Only a complete moron will leave their computer unattended and powered on while the OS is unlocked.

    Leave a comment:


  • energyman
    replied
    Originally posted by fotomar View Post

    tbh he had me at no Management Engine
    486 introduced SMM.

    Leave a comment:


  • cutterjohn
    replied
    Originally posted by intelfx View Post

    Sure. You can buy a 386 or a 486.
    No.

    Oh wait he can probably find some obscure linux distro that still supports 32b and 'ancient' CPUs...

    'twould NOT be a fun experience by any stretch of the imagination... none of 'modern' software would work well, web browsing would be right out(TLS would take a day and timeout beforehand anyways etc. even a P8600 struggles greatly nowadays... I wonder how my AMD x2 4800+ would fare today, probably worse... last time booted just to pull some data from the drives, best as a legacy workstation setup for the future now I guess, or more likely something that I THINK can still run DOS adequately and older windows, BeOS(yes I do have OLD installs. Are they still bootable? no idea as of today... bitrot), etc.)

    Leave a comment:


  • fotomar
    replied
    Originally posted by energyman View Post

    even back in those days, researchers showed sideband attacks analyzing cache access pattern.

    Be real:

    there is ALWAYS a theoretical attack.

    all those theoretical attacks do not matter in real life because there are a million other easier to abuse flaws
    tbh he had me at no Management Engine

    Leave a comment:


  • energyman
    replied
    Originally posted by intelfx View Post

    Sure. You can buy a 386 or a 486.
    even back in those days, researchers showed sideband attacks analyzing cache access pattern.

    Be real:

    there is ALWAYS a theoretical attack.

    all those theoretical attacks do not matter in real life because there are a million other easier to abuse flaws

    Leave a comment:


  • Ranguvar
    replied
    Originally posted by AdrianBc View Post


    Whether a CPU core has in-order or out-of-order execution is completely independent on whether it has speculative execution.

    Those CPU cores quoted by you have speculative execution, despite having in-order execution.

    The difference between a CPU core with in-order execution and a CPU core with out-of-order execution is that when they encounter in the instruction stream an instruction with unsatisfied data dependencies (a.k.a. functional dependencies), the former stalls execution until the dependencies become satisfied, while the latter does not execute that instruction, but it continues to execute the instructions following it.

    The difference between a CPU core without speculative execution and a CPU core with speculative execution is that when they encounter in the instruction stream an instruction with unresolved flow of control dependencies (i.e. an instruction that is a conditional branch or which follows one or more conditional branches with unresolved conditions), the former stalls execution until the dependencies are resolved, while the latter executes that instruction, by guessing the values of the conditions of which it depends.

    Not only the out-of-order superscalar CPU cores need speculative execution, but even an in-order CPU that executes only one instruction per clock cycle requires speculative execution, if it is designed for a high clock frequency, so that it has a long execution pipeline.

    Typically being in-order is associated with much more reduced capabilities of speculative execution, because increasing them would be pointless. If the CPU is in-order, the first instruction among the speculated instructions that has unsatisfied data dependencies will stall the execution anyway.

    Nevertheless, even very feeble capabilities of speculative execution can make a CPU insecure, when the speculative execution is implemented wrongly, i.e. where if the instructions executed speculatively are canceled,, some effects of their execution still remain, e.g. in the state of the CPU cache memories.


    Thanks very much for the detailed reply and explanation!

    Leave a comment:


  • fotomar
    replied
    Originally posted by intelfx View Post

    Sure. You can buy a 386 or a 486.
    probably not a bad idea, about the only thing I’d miss would be the 64-bittedness

    Leave a comment:


  • pieman
    replied
    so reading https://cdrdv2.intel.com/v1/dl/getContent/740518 for 13/14th gen processors, which i have with a 14900k, this microcode update advisors, for the october 2024 - 016 release, rpl059, rpl060, rpl061 has no fixes.

    oddly, rpl061 is:
    Incorrect Internal Voltage Request May Lead to Unpredictable System Behavior
    Due to this erratum, an increase to minimum operating voltage may lead to
    unpredictable system behavior.
    It may be possible for the BIOS to contain a mitigation for this erratum.
    is not fixed with this microcode update.

    going to my motherboard bios: https://rog.asus.com/us/motherboards...helpdesk_bios/
    Version 2703
    12.94 MB 2024/10/18

    " 1.Updated with Intel microcode 0x12B to address elevated voltage requests during idle or light activity, further mitigating Vmin Shift instability issues.
    2.The option to disable C1E in the BIOS has been removed to ensure it remains enabled, reducing processor stress and maintaining stability per Intel's recommendation.
    which i updated to last month when i received my warranty 14900k to replace my dead one (i didn't install it until this final "fix" update came out so i just used my laptop until it was released), has the microcode update that fixes "rpl061"

    i wonder why intel isn't including this in their general microcode update. either way, i don't load these microcode's during boot. i just use the microcode that's in my motherboard and keep my motherboard updated.
    Last edited by pieman; 13 November 2024, 11:45 AM.

    Leave a comment:

Working...
X