Originally posted by Almindor
View Post
Announcement
Collapse
No announcement yet.
AMD To Issue PSP/BIOS Firmware Updates For Recent Vulnerabilities
Collapse
X
-
Last edited by duby229; 21 March 2018, 04:40 PM.
-
Originally posted by Gusar View PostEasy solution: sell these big corporate IT departments something different from what you sell to the regular public.
Originally posted by Gusar View PostFFS, seriously?
1.) CPU with functionality X, Y, Z.
2.) CPU with functionality X, Y, Z, but Z is fused off.
2. is very much something different from 1.
- Likes 2
Comment
-
Originally posted by duby229 View Post
No that's what you just said. The fact is that CPU manufacturers cannot fabricate different dies for every product, it won't happen ever. They fabricate 1 die that is as complete as possible and then they bin it to all the different product lineups that they can.
When it comes to mass produced chips economics pretty much demands custom dies per product. Case in point Apples A series chips wherethe X variants are obviously different dies than the non X variants.
In the end every square mm of space costs money. Fusing off functionality is more about managing defects than anything ekse.
Comment
-
Originally posted by Almindor View Post
So let's say I'm your computer distributor (not even manufacturer). Let's say some 3 letter agency, or some less-than-savoury friends come and tell me to put this in your Ryzens. I just boot a USB to "root" because BIOS is unlocked and all that and put my own PSP firmware in. Then proceed to do whatever else as usual and give you the machine (possibly without an OS).
You're now hosed without a way to know it whatsoever. I can't understand why all the AMD fanboys refuse to see this gaping hole for what it is.
The "root required" is completely irrelevant.
Physical access for hardware is game over, whether it's AMD or Intel. I would not be surprised if firmware-level exploits for Intel ME exist, and if government or large agencies intercept shipments of Intel boards and embed Intel ME malware before sending it on. Does this then not warrant the same level of fearmongering for Intel, or should AMD be singled out for reasons other than "we want to short its stock"?
- Likes 1
Comment
-
Originally posted by Sachiru View Post
If I replace "Ryzen" with "Core i7", and "AMD" with "Intel", would this also not be a gaping security hole for the blue team?
Physical access for hardware is game over, whether it's AMD or Intel. I would not be surprised if firmware-level exploits for Intel ME exist, and if government or large agencies intercept shipments of Intel boards and embed Intel ME malware before sending it on. Does this then not warrant the same level of fearmongering for Intel, or should AMD be singled out for reasons other than "we want to short its stock"?
- Likes 1
Comment
-
Originally posted by duby229 View PostWhat vulnerabilities? There weren't any discovered. Completely other different vulnerabilities would already have had to have been exploited in order to get that far. You're already screwed long before the fact.
What they did is blow pretty low-danger vulnerabilities out of proportion.
- Likes 1
Comment
-
Originally posted by CtrlAltShift View PostBut once bugs, similar to Intel's bugs, were discovered it suddenly became non-critical, and the whole blame was directed to the the company discovered the bugs. Can't you see any bias here...?
So there's no bias here. There's just two very, very scummy companies (CTS and Viceroy), that's why the reaction to these flaws is so very different.Last edited by Gusar; 22 March 2018, 10:42 AM.
Comment
-
Originally posted by sa666666 View Post
I don't think the issue is that there is a vulnerability that has to be patched, but instead with the way this whole thing was reported, and the fact that it seems to want to paint AMD in the worst possible light. IOW, it was a hit-job.
Comment
-
Originally posted by bridgman View Post
I don't believe PSP has its own flash - you "hide stuff in PSP" by flashing the BIOS with an altered image that includes different PSP code. AFAIK "resetting the PSP code" is as simple as restoring the original BIOS image.
And don't you DARE call me a fanboy
Comment
-
Originally posted by Sachiru View Post
If I replace "Ryzen" with "Core i7", and "AMD" with "Intel", would this also not be a gaping security hole for the blue team?
Physical access for hardware is game over, whether it's AMD or Intel. I would not be surprised if firmware-level exploits for Intel ME exist, and if government or large agencies intercept shipments of Intel boards and embed Intel ME malware before sending it on. Does this then not warrant the same level of fearmongering for Intel, or should AMD be singled out for reasons other than "we want to short its stock"?
Besides, it's worse for second-hand hardware. If you want to be sure that there's nothing left on the second-hand system, you can reinstall the OS, reset the BIOS, etc. But how do you know if the PSP has been exploited or not (besides the fact that you can't reset it)? Trust level for second-hand hardware = 0 thanks to this. And the same goes for Intel ME.
Comment
Comment