[coreboot] Does the 62xx Series Opteron work *securely* without microcode?
Aaron Durbin
adurbin at google.com
Wed Jan 25 18:26:53 CET 2017
On Wed, Jan 25, 2017 at 11:24 AM, Timothy Pearson
<tpearson at raptorengineering.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 01/24/2017 10:55 PM, Taiidan at gmx.com wrote:
>> I know the 63xx has a very fatal NMI exploit, but according to the
>> libreboot (oh no) website the 62xx works safely out of the box without
>> microcode however I would like to confirm if this is actually true.
>>
>> I looked at the errata .pdf from the AMD website but I didn't see
>> anything that seemed significant.
>>
>>
>
> As far as we have been able to determine it does, again with the caveat
> that this is without microcode _updates_, not without microcode. There
> is still the off chance that these CPUs ship with a backdoor inside the
> burnt microcode ROM that is patched out with an update. Unlike POWER
> and ARM we are solely dependent on the vendor being trustworthy enough
> to disclose issues in their errata document; outside of that, there is
> simply no feasible way to know for certain what bugs are lurking inside
> the CPU.
POWER and ARM parts can have microcode too. That's up to the
implementation. I'm not sure how you can distinguish the difference.
Because one posts an update vs others never indicating there is an
update? Even if parts have no microcode, there's a possibility of
backdoors baked into the silicon. In all situations one needs to trust
the vendor.
>
> - --
> Timothy Pearson
> Raptor Engineering
> +1 (415) 727-8645 (direct line)
> +1 (512) 690-0200 (switchboard)
> https://www.raptorengineering.com
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJYiN81AAoJEK+E3vEXDOFbcPYH/Rgpgzt9GcVQrcZPAfelMumo
> O7miIjEKRj9m0EUJZRmIXZjMPuTHOLRDI6IaVt2kvuZM9voLsKkeSqOKjOHwKT0C
> Bn3Biir4+shbe8zOgSyp3ZYkReDIW3BkrGBzjGaoMSV+mtwevc0t4aly8vicXm2N
> J0H5ELq54Z8NWP9imujpM8Ok8+6QJCE7G9cYYRJsqxVLrZulxzYO19tXIBsZJR8q
> sBEV7uBIWIXznd9/3sv9RBLTYQ3N0VwNvBkEbUH3xpfOjLt+Wq3x/uP2NQtlnKxY
> FzQhwQXWM+oE2ccHx86Wkb6WlgFX8mxuDmYsD49fLZ1gvzRK7JSsSFsS48qEm/I=
> =4qDj
> -----END PGP SIGNATURE-----
>
> --
> coreboot mailing list: coreboot at coreboot.org
> https://www.coreboot.org/mailman/listinfo/coreboot
More information about the coreboot
mailing list