[gentoo-user] A new AMD CPU weakness?

[gentoo-user] A new AMD CPU weakness?

[Ian Zimmerman]

https://v.gd/PZkiuR

Does anyone know more details?

-- 
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.

Re: [gentoo-user] A new AMD CPU weakness?

[Philip Webb]

180313 Ian Zimmerman wrote:
> https://v.gd/PZkiuR
> Does anyone know more details?

See LWN.  It is being described as a scam by people shorting AMD stock.

-- 
========================,,============================================
SUPPORT     ___________//___,   Philip Webb
ELECTRIC   /] [] [] [] [] []|   Cities Centre, University of Toronto
TRANSIT    `-O----------O---'   purslowatchassdotutorontodotca

Re: [gentoo-user] A new AMD CPU weakness?

[Taiidan]

On 03/13/2018 08:54 PM, Ian Zimmerman wrote:

> https://v.gd/PZkiuR
>
> Does anyone know more details?
>
A shortened link? really? not clicking that.

Re: [gentoo-user] A new AMD CPU weakness?

[Taiidan]

Here is a non-shortened link.
https://it.slashdot.org/story/18/03/13/1558221/researchers-find-critical-vulnerabilities-in-amds-ryzen-and-epyc-processors-but-they-gave-the-chipmaker-only-24-hours-before-making-the-findings-public

All the more reason to avoid the ME/PSP garbage and instead buy the 
equivalently priced, owner controlled and higher performance OpenPOWER 
arch systems such as the libre firmware TALOS 2.

Pretty much someone found a bug in AMD's version of ME which *how 
terrible* in other words you can use this to defeat hollywoods AMD PSP 
DRM which is the true reason of existence for ME/PSP, to prevent people 
from owning and controlling their devices.

I can't believe the new normal is not being able to really buy a 
mainstream computer because you don't own it and everyone in the tech 
press and so called experts says its a good thing, oh it is to "keep you 
safe from hackers" and they pretend like it has always been this way as 
if it wasn't just a recent change that for some reason all the major 
OEM's did at the exact same time....I wonder why.

"The corporate sector asked for this" - MYTH - They already had it, it 
is a BMC/LOM chip and it was owner controlled. I doubt any company with 
IP worth something wants a super insecure black box supervisor processor 
that they don't control on every computer of theirs.


If you need secure remote management you can use OpenBMC which is 
present on the TALOS 2 (IBM OpenBMC) and also the KCMA-D8 and KGPE-D16 
pre-PSP x86 boards (you can replace the crappy non-free ASUS firmware on 
the ASMB module with the facebook version of OpenBMC which was recently 
ported to it via crowdfunding)

Re: [gentoo-user] A new AMD CPU weakness?

[Pengcheng Xu]

[-- Attachment #1.1: Type: text/plain, Size: 1896 bytes --]

Actually there’s a more memorable link that describes the matter concisely:

https://amdflaws.com

Pengcheng Xu
i@jsteward.moe



> H30/03/14 10:15、Taiidan@gmx.comのメール:
> 
> Here is a non-shortened link.
> https://it.slashdot.org/story/18/03/13/1558221/researchers-find-critical-vulnerabilities-in-amds-ryzen-and-epyc-processors-but-they-gave-the-chipmaker-only-24-hours-before-making-the-findings-public
> 
> All the more reason to avoid the ME/PSP garbage and instead buy the equivalently priced, owner controlled and higher performance OpenPOWER arch systems such as the libre firmware TALOS 2.
> 
> Pretty much someone found a bug in AMD's version of ME which *how terrible* in other words you can use this to defeat hollywoods AMD PSP DRM which is the true reason of existence for ME/PSP, to prevent people from owning and controlling their devices.
> 
> I can't believe the new normal is not being able to really buy a mainstream computer because you don't own it and everyone in the tech press and so called experts says its a good thing, oh it is to "keep you safe from hackers" and they pretend like it has always been this way as if it wasn't just a recent change that for some reason all the major OEM's did at the exact same time....I wonder why.
> 
> "The corporate sector asked for this" - MYTH - They already had it, it is a BMC/LOM chip and it was owner controlled. I doubt any company with IP worth something wants a super insecure black box supervisor processor that they don't control on every computer of theirs.
> 
> 
> If you need secure remote management you can use OpenBMC which is present on the TALOS 2 (IBM OpenBMC) and also the KCMA-D8 and KGPE-D16 pre-PSP x86 boards (you can replace the crappy non-free ASUS firmware on the ASMB module with the facebook version of OpenBMC which was recently ported to it via crowdfunding)
> 


[-- Attachment #1.2: Type: text/html, Size: 4022 bytes --]

[-- Attachment #2: Message signed with OpenPGP --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [gentoo-user] A new AMD CPU weakness?

[Adam Carter]

[-- Attachment #1: Type: text/plain, Size: 479 bytes --]

On Wed, Mar 14, 2018 at 12:32 PM, Philip Webb <purslow@ca.inter.net> wrote:

> 180313 Ian Zimmerman wrote:
> > https://v.gd/PZkiuR
> > Does anyone know more details?
>
> See LWN.  It is being described as a scam by people shorting AMD stock.


Dan Guido / Trail of Bits was paid to review the exploits and has confirmed
they work. I don't think he'd burn his reputation on this.

The language around AMD shares being worth $0 is clearly absurd and that
source should be ignored.

[-- Attachment #2: Type: text/html, Size: 930 bytes --]

Re: [gentoo-user] A new AMD CPU weakness?

[Adam Carter]

[-- Attachment #1: Type: text/plain, Size: 1880 bytes --]

On Wed, Mar 14, 2018 at 3:16 PM, Adam Carter <adamcarter3@gmail.com> wrote:

> On Wed, Mar 14, 2018 at 12:32 PM, Philip Webb <purslow@ca.inter.net>
> wrote:
>
>> 180313 Ian Zimmerman wrote:
>> > https://v.gd/PZkiuR
>> > Does anyone know more details?
>>
>> See LWN.  It is being described as a scam by people shorting AMD stock.
>
>
> Dan Guido / Trail of Bits was paid to review the exploits and has
> confirmed they work. I don't think he'd burn his reputation on this.
>
> The language around AMD shares being worth $0 is clearly absurd and that
> source should be ignored.
>
>
From http://www.theregister.co.uk/2018/03/13/amd_flaws_analysis/?page=2

Jake Williams, founder and president of Rendition Infosec, commented on the
above quoted disclaimer via Twitter
<https://twitter.com/MalwareJake/status/973608157208461312>, saying, "I'm
pretty well convinced that this is designed to manipulate stock prices.
That doesn't make the vulnerabilities fake or any less dangerous (though
you need admin access to exploit most)."

Arrigo Triulzi, a security consultant based in Switzerland, described
<https://twitter.com/cynicalsecurity/status/973591954096381952> the paper
as "over-hyped beyond belief" and added, "This is a whitepaper worthy of an
ICO [cryptocurrency initial coin offering]. And yes, that is meant to be an
insult."

Google security researcher Tavis Ormandy, responding to Triulzi wrote
<https://twitter.com/taviso/status/973622044200919040>, "Nothing in this
paper matters until the attacker has already won so hard it's game over.
Not something I'm too interested in, but maybe DFIR [Digital Forensics and
Incident Response] people are?"

Ormandy is referring to the fact that exploiting these supposed flaws
require local administrative access, making them significantly less
dangerous than vulnerabilities that can be exploited by a remote,
unprivileged user.

[-- Attachment #2: Type: text/html, Size: 3098 bytes --]

[gentoo-user] Re: A new AMD CPU weakness?

[Ian Zimmerman]

On 2018-03-14 10:28, Pengcheng Xu wrote:

> Actually there’s a more memorable link that describes the matter
> concisely:
> 
> https://amdflaws.com

Thanks for that, but there is nothing on that page I can actually read
without lowering my uBlock "shield".  I'm going to check out LWN.  In
any case, my processor is much older than Ryzen or EPYC so I'm not too
worried now.

-- 
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.

[gentoo-user] Re: A new AMD CPU weakness?

[Nikos Chantziaras]

On 14/03/18 02:54, Ian Zimmerman wrote:
> https://v.gd/PZkiuR
> 
> Does anyone know more details?

This looks like it's either completely fake, or based on half-truths:

http://www.guru3d.com/news-story/amd-security-vulnerability-%E2%80%93-the-day-after-seems-financially-motivated.html

Re: [gentoo-user] Re: A new AMD CPU weakness?

[Fast Turtle]

Main issue is you need "PHYSICAL"access to carry these attacks out.
It's that god damn simple. If they can physically access the system,
it doesn't matter how good the security it because "THEY' own it.

All this does is makes damn sure I will not buy any used hardware
since you can change embed into the UEFI firmware what ever you want -
keep in mind that most boards now have 64M of storage for UEFI
firmware (I haven't seen an update that needed then 2.5M. So ask
youself, why in hell they needed more then 4M? I could see 8M being a
selling point but 64M - hell the first computer I build only had 16M
(that was a 386 system).

On Wed, Mar 14, 2018 at 6:05 PM, Nikos Chantziaras <realnc@gmail.com> wrote:
> On 14/03/18 02:54, Ian Zimmerman wrote:
>>
>> https://v.gd/PZkiuR
>>
>> Does anyone know more details?
>
>
> This looks like it's either completely fake, or based on half-truths:
>
> http://www.guru3d.com/news-story/amd-security-vulnerability-%E2%80%93-the-day-after-seems-financially-motivated.html
>
>

Re: [gentoo-user] Re: A new AMD CPU weakness?

[Rich Freeman]

On Sat, Mar 17, 2018 at 9:53 AM, Fast Turtle <fturtle@gmail.com> wrote:
>
> All this does is makes damn sure I will not buy any used hardware
> since you can change embed into the UEFI firmware what ever you want -

To be fair that is hardly anything new either.  Sure, this particular
attack is new, but the concept has been around for a while.  The NSA
was even dropping code into hard drive firmware.

I suspect the reason firmware attacks aren't more common is that
they're more useful for things like espionage (government or
corporate) where actually profiting from the stolen data requires
investments, and the fact that firmware programming is a fairly
obscure discipline.

That and they require getting to the firmware in the first place,
which often requires physical access, or tampering with equipment
before it is purchased.  The NSA can give UPS a check for $10k to bump
your 2-day delivery to "hand-carry on private jet with a brief stop at
this nondescript building."  The average hacker doesn't have that
option.

-- 
Rich

Re: [gentoo-user] Re: A new AMD CPU weakness?

[Wols Lists]

On 17/03/18 13:53, Fast Turtle wrote:
> So ask
> youself, why in hell they needed more then 4M? I could see 8M being a
> selling point but 64M - hell the first computer I build only had 16M
> (that was a 386 system).

Because buying new 8Mb chips is expensive, and 64Mb is cheaper?

Seriously, newer memory comes in larger packages and is cheaper. (How
much does a 4K CMOS chip cost nowadays :-) Compare the price of DDR2,
DDR3, and DDR4.

Cheers,
Wol

Re: [gentoo-user] Re: A new AMD CPU weakness?

[Taiidan]

Everyone please remember this is simply an exploit to obtain data off of 
AMD's version of ME which is a DRM mechanism added for hollywood and it 
requires physical access to reprogram the firmware thus this exploit has 
zero impact on anyone who doesn't profit off of DRM.

ME/PSP are evil - don't buy computers that have them - you have choices!

Re: [gentoo-user] Re: A new AMD CPU weakness?

[R0b0t1]

On Sun, Mar 18, 2018 at 4:24 PM, Taiidan@gmx.com <Taiidan@gmx.com> wrote:
> Everyone please remember this is simply an exploit to obtain data off of
> AMD's version of ME which is a DRM mechanism added for hollywood and it
> requires physical access to reprogram the firmware thus this exploit has
> zero impact on anyone who doesn't profit off of DRM.
>

Except if it's anything like the Intel ME exploit, physical access can
be faked using a compromized USB device.

> ME/PSP are evil - don't buy computers that have them - you have choices!
>

No we don't.

Re: [gentoo-user] Re: A new AMD CPU weakness?

[Taiidan]

On 03/18/2018 05:33 PM, R0b0t1 wrote:

> On Sun, Mar 18, 2018 at 4:24 PM, Taiidan@gmx.com <Taiidan@gmx.com> wrote:
>> Everyone please remember this is simply an exploit to obtain data off of
>> AMD's version of ME which is a DRM mechanism added for hollywood and it
>> requires physical access to reprogram the firmware thus this exploit has
>> zero impact on anyone who doesn't profit off of DRM.
>>
> Except if it's anything like the Intel ME exploit, physical access can
> be faked using a compromized USB device.
You mean the skylake debug port?
>> ME/PSP are evil - don't buy computers that have them - you have choices!
> No we don't.
Yes we do.
TALOS 2? g505s laptop? kgpe-d16? novena?

I play new games at max settings on a pre-PSP AMD system KGPE-D16 where 
I have installed a libre firmware for the board and the BMC via the 
recent OpenBMC port (the facebook version of OpenBMC....less features 
than the IBM version but still quite nice)

The TALOS 2 costs less than a brand new xeon system with similar 
performance and it has better features such as IBM's OpenBMC, PCI-e 4.0, 
SMT4 etc.
The stars have aligned and given us a libre firmware server/workstation 
that is brand new and very very fast.

Re: [gentoo-user] Re: A new AMD CPU weakness?

[Adam Carter]

[-- Attachment #1: Type: text/plain, Size: 148 bytes --]

https://community.amd.com/community/amd-corporate/blog/2018/03/20/initial-amd-technical-assessment-of-cts-labs-research

tl:dr bios updates to come

[-- Attachment #2: Type: text/html, Size: 325 bytes --]

Re: [gentoo-user] Re: A new AMD CPU weakness?

[R0b0t1]

On Sun, Mar 18, 2018 at 4:40 PM, Taiidan@gmx.com <Taiidan@gmx.com> wrote:
> On 03/18/2018 05:33 PM, R0b0t1 wrote:
>
>> On Sun, Mar 18, 2018 at 4:24 PM, Taiidan@gmx.com <Taiidan@gmx.com> wrote:
>>>
>>> Everyone please remember this is simply an exploit to obtain data off of
>>> AMD's version of ME which is a DRM mechanism added for hollywood and it
>>> requires physical access to reprogram the firmware thus this exploit has
>>> zero impact on anyone who doesn't profit off of DRM.
>>>
>> Except if it's anything like the Intel ME exploit, physical access can
>> be faked using a compromized USB device.
>
> You mean the skylake debug port?
>>>
>>> ME/PSP are evil - don't buy computers that have them - you have choices!
>>
>> No we don't.
>
> Yes we do.
> TALOS 2? g505s laptop? kgpe-d16? novena?
>
> I play new games at max settings on a pre-PSP AMD system KGPE-D16 where I
> have installed a libre firmware for the board and the BMC via the recent
> OpenBMC port (the facebook version of OpenBMC....less features than the IBM
> version but still quite nice)
>
> The TALOS 2 costs less than a brand new xeon system with similar performance
> and it has better features such as IBM's OpenBMC, PCI-e 4.0, SMT4 etc.
> The stars have aligned and given us a libre firmware server/workstation that
> is brand new and very very fast.
>

The x86 parts are slowly going out of stock to the point where they
are expensive *when* I have found them. The TALOS 2 is the cheapest
POWER system available, but is still many thousands of dollars more
than a consumer computer (though much higher performance). ARM based
computers are not comparable in performance to common consumer
systems. Self hosting on a performant ARM processor is not a
reasonable proposition. High dollar ARM servers have closed
motherboard firmware.

Sure, if you devote all of a good salary's disposable income to a
mostly open hardware computer you can buy one. Most people don't make
that much. The bigger issue than that is all main manufacturers do not
want to remove their backdoors, and so ever so slowly, there will come
to be absolutely no choice at all, even for inordinate amounts of
money.

Re: [gentoo-user] Re: A new AMD CPU weakness?

[Taiidan]

On 03/21/2018 11:55 AM, R0b0t1 wrote:

> On Sun, Mar 18, 2018 at 4:40 PM, Taiidan@gmx.com <Taiidan@gmx.com> wrote:
>> On 03/18/2018 05:33 PM, R0b0t1 wrote:
>>
>>> On Sun, Mar 18, 2018 at 4:24 PM, Taiidan@gmx.com <Taiidan@gmx.com> wrote:
>>>> Everyone please remember this is simply an exploit to obtain data off of
>>>> AMD's version of ME which is a DRM mechanism added for hollywood and it
>>>> requires physical access to reprogram the firmware thus this exploit has
>>>> zero impact on anyone who doesn't profit off of DRM.
>>>>
>>> Except if it's anything like the Intel ME exploit, physical access can
>>> be faked using a compromized USB device.
>> You mean the skylake debug port?
>>>> ME/PSP are evil - don't buy computers that have them - you have choices!
>>> No we don't.
>> Yes we do.
>> TALOS 2? g505s laptop? kgpe-d16? novena?
>>
>> I play new games at max settings on a pre-PSP AMD system KGPE-D16 where I
>> have installed a libre firmware for the board and the BMC via the recent
>> OpenBMC port (the facebook version of OpenBMC....less features than the IBM
>> version but still quite nice)
>>
>> The TALOS 2 costs less than a brand new xeon system with similar performance
>> and it has better features such as IBM's OpenBMC, PCI-e 4.0, SMT4 etc.
>> The stars have aligned and given us a libre firmware server/workstation that
>> is brand new and very very fast.
>>
> The x86 parts are slowly going out of stock to the point where they
> are expensive *when* I have found them.
There are still a few sites selling the KGPE-D16 brand new for the
original MSRP of $415, and you can obtain a used CPU from ebay for a
reasonable price that is capable of having two people maxing out the
latest games on a dual gaming VM setup.
> The TALOS 2 is the cheapest POWER system available, but is still many thousands of dollars more
> than a consumer computer (though much higher performance).
Trying to sell libre computers that compete with grandmas $499 dell is
an impossible proposition - competing in the professional workstation
market is however practical and attainable.
> ARM based computers are not comparable in performance to common consumer
> systems. Self hosting on a performant ARM processor is not a
> reasonable proposition. High dollar ARM servers have closed
> motherboard firmware.
>
> Sure, if you devote all of a good salary's disposable income to a
> mostly open hardware computer you can buy one. Most people don't make
> that much.
The idea behind the TALOS 2 is that you spend $2.5K (plus case, ram,
etc) on a computer every 5-10 years rather than $500-$1K on a computer
every year or two.
High performance costs real money, otherwise you can buy one of the
older libre laptops, a kgpe-d16 with a cheap $10 CPU etc.

The Talos 2 is entirely owner controlled, it has libre firmware for the
board and BMC plus various documentation is available even if you aren't
a member of the OpenPOWER foundation.
The only firmware required is for the broadcom nic but there is a
project to remove that and it is behind the IOMMU - this was viewed as
better than supporting intel by purchasing their NIC ASICs.
https://git.raptorcs.com/git/ in case you want to examine some code
https://wiki.raptorcs.com/wiki/Category:Documentation the currently
available public documentation
> The bigger issue than that is all main manufacturers do not
> want to remove their backdoors, and so ever so slowly, there will come
> to be absolutely no choice at all, even for inordinate amounts of
> money.
Yeah, but IBM is luckily becoming more open rather than less open and
they also accept input from the smaller members of the OpenPOWER foundation.
POWER is the way forward for the high performance sector and IBM's only
real way of differentiating themselves is being owner controlled, sure
POWER is faster than x86 for the same price and it has more threads per
core and more cores per CPU but a compelling reason is needed for the
average business to take the time to port their software.