Cool stuff from AMD. A little off-topic, but generally related to chip-makers and virtualization: I wish that AMD would release, as open source, their own implementation of something similar to iGVT-g (aka KVMGT and XenGT), which is currently being developed by Intel.

This is just AMD's copy of Intel's SGX that's already available on the market right now.

Now, when SGX was announced with open source code for the Linux kernel the usual ignorant d-bags around here claimed it was some conspiracy to destroy Linux: https://www.phoronix.com/forums/foru...nux-kernel-sgx

Something tells me that the usual suspects who threw a temper tantrum when Intel innovated this technology the first time will suddenly pretend that AMD invented virtualization out of thin air when they get around to copying it.

You sound jaded

I for one am happy with new shiny stuff from AMD, even if they are playing catch up. AMD being competitive means Intel might need to start competing on price as well!

No, the usual suspects will show up here saying the same thing. After all, MS can't implement their plan to destroy linux until all the x86 chips are boobytrapped. Otherwise we'd just switch.

I'm not sure abuot AMD coping Intel. End effect on paper might be the same, but memory encryption sounds non-trivial enough to expect from implementation to matter a whole lot.

> but rather a binary blob

Gah! Not good. Insecure by design. Can be used against the user (and owner) of the HW by certain 3rd parties: Digital restriciton management / content mafia like Microsoft w. secure boot, crackers, 3-letter-agencies (secret services) and other criminals.

The mem crypto tech itself sounds interesting on the first thought - but as long as something stays obscure and hidden and that very thing is core functionality and runs on privilege level like ring below 0 - then this is absolutely allmighty, all-crucial and totally transparent to the OS, the user or any anti-malware-solution. And thus should be avoided.

There is no use in giving your crown jewels to some obscure person you don't even know, just for the promise to keep good watch over them...

Tired of this, why can't someone produce a fully open source cpu?

Just browsing through the slides during work pauses.
From the slides (p. 10):
The SOC is shown with the PSP and the latter communicates with an external flash chip via SPI.

"SPI Flash holds all non-volatile state. All secret SPI flash data is encrypted with chip-unique keys."

I wonder what that means for Coreboot. Is the flash chip accessible at all? Will things still work if no signed / encrypted blobs are found there? Does it only occupy a small portion of the flash chip and stores e.g. encrypted keys for the memory encryption (e.g. for NV mem) with its own per-chip-unique-serial-number-"dependent" key? Can MS preload things there and prevent booting "non-certified" things again and this time you can't switch it off? Is that an extra chip (physically separated from the main firmware / BIOS chip)?

Also on the next slides the user can supply a key when starting up a guest in a virtualized environment. Um, but how exactly does the key transaction work? I mean, wouldn't that be a weak point where an attacker could try to obtain a copy of the key?

Sorry for being a user and not quickly enough grasping the whole thing. But users also have the right to be worried.

Linux has power now, 100% of super computers, and the most powerful is not even intel AMD or ARm
So when this things happen Linux should say We will not support those CPUs (or GPUs) if they not have "open specs" for SECURITY reasons
So the kernel must not have blobs at all, and if any, proprietary software, even for GPU advanced features must be outside the kernel.

And open specs do not mind open hardware, they will have their patents, but programmers would be able to setup it.

i was waiting for ZEN to buy one, after reading this, I probably will buy some Intel with lower prices when ZEN will come to the market