-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/09/2017 04:28 PM, Nico Huber wrote:
On 09.01.2017 23:07, Taiidan@gmx.com wrote:
Reasons to hate microcode updates:
- They enable companies to ship broken CPU's and fix them later thus a
CPU undergoes less testing (remember when software/games didn't have and worked fine without a day one patch?)
Well, I remember when a x86 CPU alone cost $1k. You should stop buying x86 if it's too cheap for your taste.
- Theoretically a nation state actor could screw around with a CPU and
have an internal microcode update to secure their own systems, or something else like that.
They can have that much more easier by flipping a secret bit somewhere.
- It is a black box (at least with intel) that is just another step of
the war on general purpose computing- the tivoization of hardware.
Might be, but that's not how it started / why we have microcode updates.
These are all good reasons not to buy a CPU that requires black-box updates. But not against applying the update if you have such a CPU.
Very well stated. You could purchase a POWER CPU right now that wouldn't require signed microcode, for instance, or an ARM64 CPU that doesn't need microcode at all, but if you keep purchasing cheap x86 CPUs this is what you get. Not applying the manufacturer's microcode updates (which are still mostly horizontal microcode, basically logic level switches and some basic microprograms) only hurts security on such devices.
- -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 (direct line) +1 (512) 690-0200 (switchboard) https://www.raptorengineering.com