Are AMD CPUs as researched as Intel ones (was Re: New Intel microcode release for migiating ZOMBIELOAD FALLOUT AND OTHERS)
Hi Ivan,
On 15.05.19 17:11, Ivan Ivanov wrote:
Funny vuln names! Luckily AMD (as usual?) is not affected... As someone wrote at the forums, a hidden price for Intel higher performance is a holey pants, just for 120 fps in games instead of 110 :P Neglecting security for the purpose of performing slightly better by skipping various checks inside CPU to improve the latencies, - is both unfair competition and scamming a consumer, since eventually he's getting significantly less performance than what he paid for
I'm curious. Did you do or know somebody who did as much research on AMD processors, as was necessary to find these vulnerabilities? If not, how can you make such comparisons?
Nico
Hi Nico, when someone finds a vulnerability at Intel, people do a good digging for a similar vulnerability at AMD. And so far, if I haven't missed something, it has been discovered that AMD shares only a few variants of Spectre together with Intel, while all the other vulns seem to be Intel-specific. Judging by the lack of other findings, I believe that AMD is more secure - perhaps because they haven't used such a "speedhacks"...
ср, 15 мая 2019 г. в 18:23, Nico Huber nico.h@gmx.de:
Hi Ivan,
On 15.05.19 17:11, Ivan Ivanov wrote:
Funny vuln names! Luckily AMD (as usual?) is not affected... As someone wrote at the forums, a hidden price for Intel higher performance is a holey pants, just for 120 fps in games instead of 110 :P Neglecting security for the purpose of performing slightly better by skipping various checks inside CPU to improve the latencies, - is both unfair competition and scamming a consumer, since eventually he's getting significantly less performance than what he paid for
I'm curious. Did you do or know somebody who did as much research on AMD processors, as was necessary to find these vulnerabilities? If not, how can you make such comparisons?
Nico
On 15.05.19 17:37, Ivan Ivanov wrote:
Hi Nico, when someone finds a vulnerability at Intel, people do a good digging for a similar vulnerability at AMD.
I don't doubt it. But did somebody try to find AMD-specific vulnera- bilities? Checking if somebody else did the same errors is not the same as checking if they did their own.
Nico
Yes, the people are checking AMD as well, and discovered the AMD-specific vulnerabilities at their PSP Platform (IN)Security Processor. Luckily almost all the coreboot-supported AMD computers - with the exception of some PC Engines boards if I'm not mistaken - don't have a PSP, so not affected.
ср, 15 мая 2019 г. в 18:50, Nico Huber nico.h@gmx.de:
On 15.05.19 17:37, Ivan Ivanov wrote:
Hi Nico, when someone finds a vulnerability at Intel, people do a good digging for a similar vulnerability at AMD.
I don't doubt it. But did somebody try to find AMD-specific vulnera- bilities? Checking if somebody else did the same errors is not the same as checking if they did their own.
Nico
On 15.05.19 17:59, Ivan Ivanov wrote:
Yes, the people are checking AMD as well, and discovered the AMD-specific vulnerabilities at their PSP Platform (IN)Security Processor.
Unless I missed something about the PSP, I fear, we are talking past each other. Not only is the PSP a completely different research area than the main CPU cores, also, the vulnerabilities I recall were in software programs.
If you can't provide any _related_ reference for research on AMD processors, please keep your believes about who is better for yourself (or at least away from technical oriented mailing lists).
Nico
On 5/15/19 11:54 PM, Nico Huber wrote:
If you can't provide any _related_ reference for research on AMD processors, please keep your believes about who is better for yourself (or at least away from technical oriented mailing lists).
Nico, you sound a little rude and schoolmasterly.
You know, other people have different writing styles, and that's a good thing. Cheers
Hi
On 15. 05. 19 17:28, Nico Huber wrote:
Hi Ivan, I'm curious. Did you do or know somebody who did as much research on AMD processors, as was necessary to find these vulnerabilities? If not, how can you make such comparisons?
Here [1] is a official AMD paper on the speculation behavior in AMD architectures. Intro:
This document provides in depth descriptions of AMD CPU micro-architecture and how it handles speculative execution in a variety of architectural scenarios. This document is referring to the latest Family 17h processors which include AMD’s Ryzen™ and EPYC™ processors, unless otherwise specified. This document does necessarily describe general micro-architectural principles that exist in all AMD microprocessors. AMD’s processor architecture includes hardware protection checks that AMD believes help AMD processors not be affected by many side-channel vulnerabilities. These checks happen in various speculation scenarios including during TLB validation, architectural exception handling, loads and floating point operations.
Thanks,
Rudolf
[1] https://www.amd.com/system/files/documents/security-whitepaper.pdf
-
anac@rbox.co -
Ivan Ivanov -
Nico Huber -
Rudolf Marek