Announcement

Collapse
No announcement yet.

AMD PSP Affected By Vulnerability

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #71
    Originally posted by ssokolow View Post
    my choice is to either buy something old (only AMD has stuff recent enough to satisfy) or buy something that can be neutered (me_cleaner only supports Intel currently).
    did you miss comment telling you that psp can be disabled?

    Comment


    • #72
      Given that, AFAIR, my ThinkPad BIOS had an option to enable/disable Intel ME feature(s), and a prior message here with supported docuementation that Motherboard manufacturers control Intel ME, wouldn't the onus fall on OEM companies rather than on Intel or AMD to provide this within the BIOS?


      Alternatively, based on https://www.theinquirer.net/inquirer...owered-laptops, Purism's use of coreboot has allowed them to devise a method to disable Intel ME entirely.
      Last edited by azdaha; 01-09-2018, 10:17 PM.

      Comment


      • #73
        Originally posted by pal666 View Post
        did you miss comment telling you that psp can be disabled?
        News flash: it can't be disabled. Try not to believe every "fact" you hear online. AMD's own manuals show the PSP must run even before the system can start up its main (i.e. "user") x86 cores.

        azdaha same with the ME. Sorry. Purism was wrong on this and they've said so publicly. me must run or no boot! :-)

        Comment


        • #74
          Originally posted by rene View Post
          suddenly looks like a viable alternative to use an MIPS64 Sgi Octane as a daily driver ;-)
          https://www.instagram.com/p/BdbPj8dH-Ji/

          a SPARCstaiton 2 is just a bit too slow:
          https://www.instagram.com/p/BdKbXxlnW_i/

          , …
          Heh, Rene I'll raise you a SparcStation 20 with dual SM81s ... and if that isn't enough I have 3 hulks of SS1000 that I'm working getting running on (still) I have enough CPUs and RAM and main board cards to fully populate one with 8x 85Mhz SuperSparc IIs and 4GB ram.... I also have a SparcPlug Minitower I can slap a dual 142Mhz MBus card in... probably the neatest thing I have.
          Last edited by cb88; 01-12-2018, 03:07 AM.

          Comment


          • #75
            Originally posted by cb88 View Post

            Heh, Rene I'll raise you a SparcStation 20 with dual SM81s ... and if that isn't enough I have 3 hulks of SS1000 that I'm working getting running on (still) I have enough CPUs and RAM and main board cards to fully populate one with 8x 85Mhz SuperSparc IIs and 4GB ram.... I also have a SparcPlug Minitower I can slap a dual 142Mhz MBus card in... probably the neatest thing I have.
            well, the point of me mentioning the SPARCstation 2 was low-end, you could raise that down to an 1st gen SPARCstation. However, to raise that down, I also recently got my am386dx40 w/ Cyrix FastMath! 387 out of my parents attic with just 4MB RAM. The RAM will make it really hard to get a recent Linux booted, if I try that I probably have to find some more vintage RAM sticks. However, the SPARCstation 2 w/ 16 MB RAM is really at the border of being endurable (for text terminal) work. It may be more fun to stick a little bit more RAM into that and have a more useful yet esoteric system over the am386 ;-)

            Comment


            • #76
              Originally posted by Spooktra View Post
              This can't possibly be!!! We have been treated to one article after another and endless posts on forums around the net from all the AMD fanboys crowing that AMD processors are secure and Intel's are crap and blah blah blah. Now we have an article about a security issue with AMD processors. Allow me to beat the AMD faithful in declaring this article FAKE NEWS!!!

              Seriously though, I think this article needs to be punched up a bit with a good recipe for crow along with a nice wine recommendation.

              Man, I wish I could get a RISC-V based desktop cpu with a nice BSD based OS and leave Linux, Windows, Intel and AMD behind and never look back.
              Um, buh-bye then.... You go right ahead, just keep in mind they are designing a 90's era central processor, that uses a whole shit ton of arm cores to provide functionality.... The screwed up part? At least one of those arm cores is faster than the actual central processor is gonna be!. Its fucking retarded. They would have been better off just licensing arm in the first place, it's a more modern architecture and it's faster than what RISC-V will end up being and it has a bunch arm cores in it anyways where at least one of them is actually faster than the main CPU....

              Comment


              • #77
                Originally posted by numacross View Post
                How are you using a modern computer that's filled with firmware-driven CPUs with DMA?
                Fortunately it is still quite easy not to use such computers for specific tasks that are nearly performance independent while using such machines for tasks that are performance dependend on the other hand. You see more and more the scenario to use encapsulated (virtual) machines as well.
                So as a result you can encapsulate the traffic between the "insecure" and fast machines by using "secure" libre boot machines in specific scenarios.

                And for the other scenarios, well, you will have to live with the downsides of modern, powerful machines. But although it might be absolutely wrong in terms of privacy that someone knows which TV station you are currently watching it won't harm you directly in any kind of way. So you can temporarily live with this situation.
                (Which doesn't mean you shouldn't flood the servers of the responsible companies and organizations with nasty emails and tell everyone about the insecurity - mass media preferred).

                Comment


                • #78
                  Originally posted by oooverclocker View Post
                  Fortunately it is still quite easy not to use such computers for specific tasks that are nearly performance independent while using such machines for tasks that are performance dependend on the other hand.
                  So you're running a 386 (but not the SL variant since it already has SMM)? Of course with a HDD that doesn't expose UDMA but only PIO

                  A floppy drive or ZIP might be a good alternative. Obviously on the parallel port and not the IDE version for the latter.

                  Originally posted by oooverclocker View Post
                  You see more and more the scenario to use encapsulated (virtual) machines as well.
                  Unless they are using hardware hypervisors (like the IBM mainframe stuff for example) it's not security but rather convenience. Since there's a lot of broken things in x86 (https://blog.invisiblethings.org/pap...86_harmful.pdf) even virtualization can be worked around.

                  Originally posted by oooverclocker View Post
                  So as a result you can encapsulate the traffic between the "insecure" and fast machines by using "secure" libre boot machines in specific scenarios.
                  Running libreboot doesn't magically turn your peripherals into slow, CPU-driven dumb devices. They still control themselves and if placed on a DMA-capable bus it's game over, theoretically of course

                  Originally posted by oooverclocker View Post
                  And for the other scenarios, well, you will have to live with the downsides of modern, powerful machines. But although it might be absolutely wrong in terms of privacy that someone knows which TV station you are currently watching it won't harm you directly in any kind of way. So you can temporarily live with this situation.
                  Unless the times are such in which watching the wrong TV station will put you on a Special-Santa-List-Of-People-To-Sent-To-A-Gulag. It's been done before and we're going back there really quickly too...

                  Originally posted by oooverclocker View Post
                  (Which doesn't mean you shouldn't flood the servers of the responsible companies and organizations with nasty emails and tell everyone about the insecurity - mass media preferred).
                  There's a lot of scientific papers presented at conferences that expose those things, but... not a peep of it in the media. And the general population simply doesn't care.

                  Comment


                  • #79
                    Originally posted by madscientist159 View Post
                    News flash: it can't be disabled. Try not to believe every "fact" you hear online.
                    But it is all too easy to believe when Purism says they can "disable" or "neutralize" the ME, because that is what the posters your responded to and like-minded want to hear. The pesky fact that ME is actually a hardware implementation that you cannot even remove by completely eliminating its flash memory?
                    Or is actually one of "reduce functionality by overwriting some parts but not others so that ME runs for a while and then appears to stop doing the things it usually does" approach by me_cleaner, or the "ask ME/PSP nicely to please disable itself" HAP bit or BIOS setting, which convinced them that ME/PSP can be disabled?

                    I don't know, but I have no time to think about it now, must respond to the email of a Nigerian Prince who promised me tons of gold if I pay for shipping.

                    Comment

                    Working...
                    X