Announcement

Collapse
No announcement yet.

AMD+Microsoft secured-core server, and what does it mean to opensource?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • AMD+Microsoft secured-core server, and what does it mean to opensource?


    This joint AMD+Microsoft announcement means a lot to opensource/security-conscious people: since the closed-source concept of "security by obscurity" doesn't work, and - unlike Intel and other competition - AMD DRTM (Dynamic Root of Trust Measurement) can use a 100% open-source stack: no dependencies on binaries with questionable redistribution license.

    There was a rumour at Open Source Firmware Conference 2020 that SMM Supervisor is going to be open-sourced. Thanks to AMD moving the RAM init complexity from BIOS to ASP (aka PSP) firmware: /u/CyReVolt has advanced in oreboot open-source firmware porting to his Ryzen board, and Open Source Firmware Vendors (OSFV) - like /r/3mdeb - could deliver the Open Source Firmware to more AMD Ryzen platforms!

    All this stuff should give a lot of flexibility and high-end security for OEMs and reduce the dependency on closed source, royalty fee-based models from BIOS vendors of the previous era. Some discussion on Twitter with Microsoft Director of OS Security: https://twitter.com/dwizzzleMSFT/sta...529683969?s=19

    EDIT: if you would like to learn more about AMD DRTM with open-source, TrenchBoot developers are having a nice online conference on March 24th - https://twitter.com/TrenchBoot/statu...326751236?s=19
    Last edited by michaelb1; 04 March 2021, 02:48 AM. Reason: Added the info about TrenchBoot conference

  • #2
    Originally posted by michaelb1 View Post
    This joint AMD+Microsoft announcement means a lot to opensource/security-conscious people: since the closed-source concept of "security by obscurity" doesn't work, and - unlike Intel and other competition - AMD DRTM (Dynamic Root of Trust Measurement) can use a 100% open-source stack: no dependencies on binaries with questionable redistribution license.
    Ultimately, the fact it can run on a 100% OSS stack is going to benefit its quality, longevity, and adoption. A win for everyone involved, seeing as even large proprietary vendors care a lot about delivering on security, as recent additions like support for SEV, Hyper-V on Linux, and many, many others indicate.

    To everyone involved- thank you. Although it is wishful thinking to expect that everything will follow this example, I certainly hope this won't be an isolated victory.

    Comment

    Working...
    X