[coreboot] Microcode updates for slightly older intel CPU's re: meltdown/spectre

Thu Jan 11 18:21:11 CET 2018

 > If I compare the Lenovo X230 to Lenovo G505s this looks like a step
back: the G505s is targeted at another audience that Lenovo ThinkPad
Users. It looks to me like an entry level desktop, which is also very
bulky (without the additional performance of a W540).
> CPU comparison X230 CPU vs G505s
> AMD_A6-Series_for_Notebooks_A6-5350M_vs_Intel_Core_i5_Mobile_i5-3360M_(BGA)
> Also the G505s has less cores/no HT

Sorry, but what are you comparing with? G505S is a laptop, not a
desktop. and G505S laptop has been sold with different CPUs (which are
removable),
as well as at least three motherboard versions! ( only integrated GPU
/ integrated + HD 8570M discrete / integrated + R5 M230 discrete )

That A6-5350M cpu you have been comparing to - could be found at the
very low end version of G505S, and this A6 is probably not even
supported by coreboot
Most (if not all) of G505S+coreboot owners here - have A10-5750M AMD
CPU which is a powerful quad core CPU with functional virtualization,
not 2 core weak A6-5350M

So, this link should have been
http://www.cpu-world.com/Compare/815/AMD_A10-Series_for_Notebooks_A10-5750M_vs_Intel_Core_i5_Mobile_i5-3360M_(BGA).html

Looks like the performance of A10-5750M (G505S cpu) and i5-3360M (X230
cpu) is almost the same,
but now we should substract 5-30% or even more from i5-3360M
benchmarks - because the Meltdown vulnerability, for which this
horrible "5-30% or even more slowdown patch" is required ---> is Intel
specific vulnerability ( cpu_insecure , as reported by Linux kernel )

And... "thanks" to Intel Meltdown, the results are suddenly very
favorable for A10-5750M CPU, and for G505S in general

Best regards,
Ivan Ivanov

2018-01-11 8:34 GMT+03:00 [799] via coreboot <coreboot at coreboot.org>:
> Hello,
>
> Off-topic:
> Top-posted as Protonmail Android App is still unable to correctly use inline
> answers without correct quote layout/line breaks. Bug has been reported
> months ago :-/
>
> Taiidan wrote:
>
> "(...) CPU's....without a fix there will
> be only one coreboot compatible laptop with open source hardware
> initiation that is remotely secure (...)"
>
> Currently I am using two laptops for my work setup:
> A 12.5" Lenovo X230 and a 15.x" Lenovo W540 both machines are running with
> Qubes OS 4rc3 and 16GB RAM. The W540 is a Dual-Boot system with Win10, the
> x230 is running Coreboot.
>
> Honestly I am shocked and angry if there will be no Intel Updates for the
> X230 and W540.
> On the other hand, if I am running Qubes and Coreboot, wouldn't this reduce
> the risk of Meltdown/Spectre attacks as Coreboot will protect me against
> remote attacks (stripped down AMT/Intel ME) and Qubes might reduce the
> attack surface as I am using several VMs and DVMs for browsing?
>
> If I compare the Lenovo X230 to Lenovo G505s this looks like a step back:
> the G505s is targeted at another audience that Lenovo ThinkPad Users. It
> looks to me like an entry level desktop, which is also very bulky (without
> the additional performance of a W540).
>
> CPU comparison X230 CPU vs G505s
> http://www.cpu-world.com/Compare/725/AMD_A6-Series_for_Notebooks_A6-5350M_vs_Intel_Core_i5_Mobile_i5-3360M_(BGA).html
>
> Also the G505s has less cores/no HT
>
> Frustration. Can't "we" build one or maybe two crowd founded secure Laptops
> (12", 15.x") with reasonable specs, good keyboard, hardware kill switches,
> internal wan (kill-switchable)?
> I can't think that choice is limited in 2018 to only 1 (in words "one")
> laptop modell, which is no nearly 5 years old (08/2013).
>
> Brave new world.
>
> [799]
>
>
>
>
> Gesendet von ProtonMail mobile
>
>
>
> -------- Original-Nachricht --------
>
> An 11. Jan. 2018, 03:55, Taiidan at gmx.com schrieb:
>
>
> I am curious of any intel insiders know if there will be microcode
> updates released for older intel CPU's (ex: sandy/ivybridge) and failing
> that, what can be done in regards to securing them from meltdown/spectre.
>
> I believe this is a relevant coreboot topic considering how many
> coreboot boards have these and older CPU's....without a fix there will
> be only one coreboot compatible laptop with open source hardware
> initiation that is remotely secure (lenovo g505s as has a pre-PSP AMD
> CPU) and theoretically owner controllable (as the previous C2D/C2Q's
> such as the X200 are now permanently insecure without intervention from
> intel apparently)
>
> At this point even a massive performance loss is better than having to
> throw out so much now-useless hardware.
>
>
> --
> coreboot mailing list: coreboot at coreboot.org
> https://mail.coreboot.org/mailman/listinfo/coreboot
>
>
> --
> coreboot mailing list: coreboot at coreboot.org
> https://mail.coreboot.org/mailman/listinfo/coreboot