[coreboot] Does the 62xx Series Opteron work *securely* without microcode?

[Timothy Pearson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/25/2017 11:26 AM, Aaron Durbin wrote:
> On Wed, Jan 25, 2017 at 11:24 AM, Timothy Pearson
> <tpearson at raptorengineering.com> wrote:
> On 01/24/2017 10:55 PM, Taiidan at gmx.com wrote:
>>>> I know the 63xx has a very fatal NMI exploit, but according to the
>>>> libreboot (oh no) website the 62xx works safely out of the box without
>>>> microcode however I would like to confirm if this is actually true.
>>>>
>>>> I looked at the errata .pdf from the AMD website but I didn't see
>>>> anything that seemed significant.
>>>>
>>>>
> 
> As far as we have been able to determine it does, again with the caveat
> that this is without microcode _updates_, not without microcode.  There
> is still the off chance that these CPUs ship with a backdoor inside the
> burnt microcode ROM that is patched out with an update.  Unlike POWER
> and ARM we are solely dependent on the vendor being trustworthy enough
> to disclose issues in their errata document; outside of that, there is
> simply no feasible way to know for certain what bugs are lurking inside
> the CPU.
> 
>> POWER and ARM parts can have microcode too. That's up to the
>> implementation. I'm not sure how you can distinguish the difference.
>> Because one posts an update vs others never indicating there is an
>> update? Even if parts have no microcode, there's a possibility of
>> backdoors baked into the silicon. In all situations one needs to trust
>> the vendor.

I am definitely aware of that; the difference is that with POWER the
microcode is open (though documentation is lacking), and most of the
mainstream ARM implementations lack microcode.

In general our policy is to update the microcode for exactly the reason
given above -- at some point you do have to trust the hardware created
by the manufacturer, and microcode (traditional horizontal microcode,
anyway) is highly unlikely to contain the types of security flaws (or
even intentional backdoors) that have become so common in closed
firmware binaries.  No one* is going to take the time to create a
meaningful microcode-based backdoor that can only target one CPU line
when you can create a platform agnostic backdoor with remote access
functionality using the boot or secondary engine firmware instead.

Just my $0.02. :-)

* No one outside of a high level state actor, at any rate!

- --
coreboot mailing list: coreboot at coreboot.org
https://www.coreboot.org/mailman/listinfo/coreboot

- -- 
Timothy Pearson
Raptor Engineering
+1 (415) 727-8645 (direct line)
+1 (512) 690-0200 (switchboard)
https://www.raptorengineering.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJYiOEtAAoJEK+E3vEXDOFbdZ8IALnb0ZSzZDHUmfFlEBfOfj4d
MLk2X9tQPs4MyOVPMOpkp6EIQe6NvmC9mgs/+ly6QhhoB7WkaX2cZBtN5GvvUaS4
zZRVv9HSJhMDN63fe6GR3tYxwrU6K8HdxpFVRrvZMqnPhwiS8g+RmsD3RuA3+rWH
tVvuAAQdZB7+sqbqa8Kp+HnqEGpGaApc9TLoduQTgstJCN4oaYx1x5TntdtW7qaZ
2jxrnykW7drEDRQ0UtmF1rxEOsRWebhd8Ex4mgjM7YWv5ZMvVEG4mHPpFMNcobqU
UfRw7RI2kCaEmBD9c4HaRoIt6PyDU1PG53wbM80g9agXF/v/VeXWas0bzqy2UXw=
=hCLy
-----END PGP SIGNATURE-----