-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/09/2017 11:36 AM, ron minnich wrote:
On Mon, Jan 9, 2017 at 8:23 AM Taiidan@gmx.com mailto:Taiidan@gmx.com <Taiidan@gmx.com mailto:Taiidan@gmx.com> wrote:
On 01/08/2017 06:50 PM, Daniel Kulesz via coreboot wrote: > Hi, > > for the record: I had the Q9000 (not Q9100) running in my Thinkpad T500 for a few weeks now without microcode updates and did not encounter any issues so far.absence of proof is not proof of absence.
I would personally be very wary of running Intel CPUs without microcode updates. Intel relies heavily on that "patch after ship" feature to iron out serious bugs (i.e. privilege escalation) in their hardware.
- -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 (direct line) +1 (512) 690-0200 (switchboard) https://www.raptorengineering.com
Hi,
thank you for the hints. Actually, I am a bit puzzled why some of you misinterpreted my message as a claim or even a "proof". Since I haven't seen (m)any reports about running Coreboot with a Core2Quad Mobile w/o microcode updates (The Libreboot docs even state that these CPUs are incompatible), I only wanted to report that for me it seems not to crash badly on booting or compiling. No more than that.
Cheers, Daniel
[1] https://libreboot.org/docs/install/t500_external.html#cpu_compatibility
On Mon, 09 Jan 2017 11:40:33 -0600 Timothy Pearson tpearson@raptorengineering.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/09/2017 11:36 AM, ron minnich wrote:
On Mon, Jan 9, 2017 at 8:23 AM Taiidan@gmx.com mailto:Taiidan@gmx.com <Taiidan@gmx.com mailto:Taiidan@gmx.com> wrote:
On 01/08/2017 06:50 PM, Daniel Kulesz via coreboot wrote: > Hi, > > for the record: I had the Q9000 (not Q9100) running in my Thinkpad T500 for a few weeks now without microcode updates and did not encounter any issues so far.absence of proof is not proof of absence.
I would personally be very wary of running Intel CPUs without microcode updates. Intel relies heavily on that "patch after ship" feature to iron out serious bugs (i.e. privilege escalation) in their hardware.
Timothy Pearson Raptor Engineering +1 (415) 727-8645 (direct line) +1 (512) 690-0200 (switchboard) https://www.raptorengineering.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJYc8sOAAoJEK+E3vEXDOFb/YwH/AqhMYlwtUsEAOVAg1dRmGss wld98lITvh9gRv2vDPUxNrA8S2rhV8gE6OyQLn8EskyTRMNl8Wts9HR9gVBgPDO2 +mk6CQTVbWy7CBT4MZmGsJfx61KT+5valJCvH63RVciLPIY4v97w2KVPn1FE7IqN AlCPBZDuxvVvBbRFKepygb9v75Nse6yGt1f7DHdwasAOnKGxEr+kSqMDjCNIM7D7 p4Sh5u8WzBT/3+fYm4jViskZrPhKdlo6LLQcggrlurPeAItvccm3acULGkE2FeRD +R/Y984vIaS+qlGfkh+Es8Xo4xbeXDJQzIruifN4unOD295txwsFdJ/muSXYpsk= =eXl1 -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/09/2017 11:58 AM, Daniel Kulesz wrote:
Hi,
thank you for the hints. Actually, I am a bit puzzled why some of you misinterpreted my message as a claim or even a "proof". Since I haven't seen (m)any reports about running Coreboot with a Core2Quad Mobile w/o microcode updates (The Libreboot docs even state that these CPUs are incompatible), I only wanted to report that for me it seems not to crash badly on booting or compiling. No more than that.
Cheers, Daniel
No problem, and thanks for the data point. I just wanted to chime in so that others are aware that on certain CPUs there are hidden risks to not using update microcode; when making the decision to avoid microcode the errata documentation for the specific processor in use needs to be carefully analyzed for the intended use case to avoid an even less secure setup than just using fully proprietary firmware.
- -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 (direct line) +1 (512) 690-0200 (switchboard) https://www.raptorengineering.com
Hi Timothy,
Many thanks for pointing this out! We should put this somewhere to Wiki, in VERY LARGE letters as over the years I'm also very sensitive to all the people not liking to do their microcode update.
I always failed to explain that microcode is not a program (despite the "code" in the word). I concluded that people are preventing doing the microcode update because of religious reasons as I failed to identify any other reason. I also do think that if one trusts the CPU one should also trust the update, otherwise it makes more sense to go for RISC-V CPU in FPGA approach.
Thanks Rudolf
On Mon, Jan 9, 2017 at 9:58 AM Daniel Kulesz daniel.ina1@googlemail.com wrote:
Hi,
thank you for the hints. Actually, I am a bit puzzled why some of you misinterpreted my message as a claim or even a "proof".
I understand, but be aware that people tend to take such statements in the form of "I have not seen a problem yet" as meaning "microcode updates are not needed." I've seen this type of interpretation for several years now so have gotten sensitive to it. :-)
ron
-
Daniel Kulesz -
ron minnich -
Rudolf Marek -
Timothy Pearson