-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/25/2017 11:26 AM, Aaron Durbin wrote:
On Wed, Jan 25, 2017 at 11:24 AM, Timothy Pearson tpearson@raptorengineering.com wrote: On 01/24/2017 10:55 PM, Taiidan@gmx.com wrote:
I know the 63xx has a very fatal NMI exploit, but according to the libreboot (oh no) website the 62xx works safely out of the box without microcode however I would like to confirm if this is actually true.
I looked at the errata .pdf from the AMD website but I didn't see anything that seemed significant.
As far as we have been able to determine it does, again with the caveat that this is without microcode _updates_, not without microcode. There is still the off chance that these CPUs ship with a backdoor inside the burnt microcode ROM that is patched out with an update. Unlike POWER and ARM we are solely dependent on the vendor being trustworthy enough to disclose issues in their errata document; outside of that, there is simply no feasible way to know for certain what bugs are lurking inside the CPU.
POWER and ARM parts can have microcode too. That's up to the implementation. I'm not sure how you can distinguish the difference. Because one posts an update vs others never indicating there is an update? Even if parts have no microcode, there's a possibility of backdoors baked into the silicon. In all situations one needs to trust the vendor.
I am definitely aware of that; the difference is that with POWER the microcode is open (though documentation is lacking), and most of the mainstream ARM implementations lack microcode.
In general our policy is to update the microcode for exactly the reason given above -- at some point you do have to trust the hardware created by the manufacturer, and microcode (traditional horizontal microcode, anyway) is highly unlikely to contain the types of security flaws (or even intentional backdoors) that have become so common in closed firmware binaries. No one* is going to take the time to create a meaningful microcode-based backdoor that can only target one CPU line when you can create a platform agnostic backdoor with remote access functionality using the boot or secondary engine firmware instead.
Just my $0.02. :-)
* No one outside of a high level state actor, at any rate!
- -- coreboot mailing list: coreboot@coreboot.org https://www.coreboot.org/mailman/listinfo/coreboot
- -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 (direct line) +1 (512) 690-0200 (switchboard) https://www.raptorengineering.com
Tim and Aaron are right. If you have a machine with microcode updates, you should load the updates. I have never understood the objections to microcode blobs. If you accept the microcode that's on the machine already, then objecting to the microcode blob is creating a distinction without a difference.
ron
Hello Timothy,
Wednesday, January 25, 2017, 6:32:29 PM, you wrote:
TP> -----BEGIN PGP SIGNED MESSAGE----- TP> Hash: SHA1
TP> On 01/25/2017 11:26 AM, Aaron Durbin wrote:
On Wed, Jan 25, 2017 at 11:24 AM, Timothy Pearson tpearson@raptorengineering.com wrote: On 01/24/2017 10:55 PM, Taiidan@gmx.com wrote:
I know the 63xx has a very fatal NMI exploit, but according to the libreboot (oh no) website the 62xx works safely out of the box without microcode however I would like to confirm if this is actually true.
I looked at the errata .pdf from the AMD website but I didn't see anything that seemed significant.
As far as we have been able to determine it does, again with the caveat that this is without microcode _updates_, not without microcode. There is still the off chance that these CPUs ship with a backdoor inside the burnt microcode ROM that is patched out with an update. Unlike POWER and ARM we are solely dependent on the vendor being trustworthy enough to disclose issues in their errata document; outside of that, there is simply no feasible way to know for certain what bugs are lurking inside the CPU.
POWER and ARM parts can have microcode too. That's up to the implementation. I'm not sure how you can distinguish the difference. Because one posts an update vs others never indicating there is an update? Even if parts have no microcode, there's a possibility of backdoors baked into the silicon. In all situations one needs to trust the vendor.
TP> I am definitely aware of that; the difference is that with POWER the TP> microcode is open (though documentation is lacking), and most of the TP> mainstream ARM implementations lack microcode.
ARM1 had microcode[1], are you sure the current cores don't? The TRMs do mention revision numbers after all.
[1] http://www.righto.com/2016/02/reverse-engineering-arm1-processors.html
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/28/2017 02:25 PM, Igor Skochinsky wrote:
Hello Timothy,
Wednesday, January 25, 2017, 6:32:29 PM, you wrote:
TP> -----BEGIN PGP SIGNED MESSAGE----- TP> Hash: SHA1
TP> On 01/25/2017 11:26 AM, Aaron Durbin wrote:
On Wed, Jan 25, 2017 at 11:24 AM, Timothy Pearson tpearson@raptorengineering.com wrote: On 01/24/2017 10:55 PM, Taiidan@gmx.com wrote:
I know the 63xx has a very fatal NMI exploit, but according to the libreboot (oh no) website the 62xx works safely out of the box without microcode however I would like to confirm if this is actually true.
I looked at the errata .pdf from the AMD website but I didn't see anything that seemed significant.
As far as we have been able to determine it does, again with the caveat that this is without microcode _updates_, not without microcode. There is still the off chance that these CPUs ship with a backdoor inside the burnt microcode ROM that is patched out with an update. Unlike POWER and ARM we are solely dependent on the vendor being trustworthy enough to disclose issues in their errata document; outside of that, there is simply no feasible way to know for certain what bugs are lurking inside the CPU.
POWER and ARM parts can have microcode too. That's up to the implementation. I'm not sure how you can distinguish the difference. Because one posts an update vs others never indicating there is an update? Even if parts have no microcode, there's a possibility of backdoors baked into the silicon. In all situations one needs to trust the vendor.
TP> I am definitely aware of that; the difference is that with POWER the TP> microcode is open (though documentation is lacking), and most of the TP> mainstream ARM implementations lack microcode.
ARM1 had microcode[1], are you sure the current cores don't? The TRMs do mention revision numbers after all.
[1] http://www.righto.com/2016/02/reverse-engineering-arm1-processors.html
ARM's microcode is generally hardwired; i.e. it can't be updated. You are correct in that I was not precise enough; all modern CPUs have some kind of microcode to make implementation practical. ARM is interesting in that the vast majority of manufacturers hardwire the microcode at the gate level; this might be related to ensuring that the cores use minimal area but this is just a wild guess. NVIDIA is a notable exception with Tegra; Tegra cores have updateable microcode the same as x86 and POWER CPUs.
- -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 (direct line) +1 (512) 690-0200 (switchboard) https://www.raptorengineering.com
-
Igor Skochinsky -
ron minnich -
Timothy Pearson