[coreboot] Does the 62xx Series Opteron work *securely* without microcode?
Igor Skochinsky
skochinsky at mail.ru
Sat Jan 28 21:25:46 CET 2017
Hello Timothy,
Wednesday, January 25, 2017, 6:32:29 PM, you wrote:
TP> -----BEGIN PGP SIGNED MESSAGE-----
TP> Hash: SHA1
TP> On 01/25/2017 11:26 AM, Aaron Durbin wrote:
>> On Wed, Jan 25, 2017 at 11:24 AM, Timothy Pearson
>> <tpearson at raptorengineering.com> wrote:
>> On 01/24/2017 10:55 PM, Taiidan at gmx.com wrote:
>>>>> I know the 63xx has a very fatal NMI exploit, but according to the
>>>>> libreboot (oh no) website the 62xx works safely out of the box without
>>>>> microcode however I would like to confirm if this is actually true.
>>>>>
>>>>> I looked at the errata .pdf from the AMD website but I didn't see
>>>>> anything that seemed significant.
>>>>>
>>>>>
>>
>> As far as we have been able to determine it does, again with the caveat
>> that this is without microcode _updates_, not without microcode. There
>> is still the off chance that these CPUs ship with a backdoor inside the
>> burnt microcode ROM that is patched out with an update. Unlike POWER
>> and ARM we are solely dependent on the vendor being trustworthy enough
>> to disclose issues in their errata document; outside of that, there is
>> simply no feasible way to know for certain what bugs are lurking inside
>> the CPU.
>>
>>> POWER and ARM parts can have microcode too. That's up to the
>>> implementation. I'm not sure how you can distinguish the difference.
>>> Because one posts an update vs others never indicating there is an
>>> update? Even if parts have no microcode, there's a possibility of
>>> backdoors baked into the silicon. In all situations one needs to trust
>>> the vendor.
TP> I am definitely aware of that; the difference is that with POWER the
TP> microcode is open (though documentation is lacking), and most of the
TP> mainstream ARM implementations lack microcode.
ARM1 had microcode[1], are you sure the current cores don't? The TRMs do
mention revision numbers after all.
[1] http://www.righto.com/2016/02/reverse-engineering-arm1-processors.html
--
WBR,
Igor mailto:roxfan at skynet.be
More information about the coreboot
mailing list