From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1PewRf-0000ZB-9j for garchives@archives.gentoo.org; Mon, 17 Jan 2011 21:16:59 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id DE87EE07B7 for ; Mon, 17 Jan 2011 21:16:58 +0000 (UTC) Received: from mail-fx0-f53.google.com (mail-fx0-f53.google.com [209.85.161.53]) by pigeon.gentoo.org (Postfix) with ESMTP id A5D0EE06DC for ; Mon, 17 Jan 2011 20:52:15 +0000 (UTC) Received: by fxm11 with SMTP id 11so8212930fxm.40 for ; Mon, 17 Jan 2011 12:52:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:message-id:from:to:subject:date :x-kmail-transport:x-kmail-fcc:x-kmail-drafts:x-kmail-templates :x-kmail-link-message:x-kmail-link-type:user-agent:in-reply-to :references:mime-version:content-transfer-encoding:content-type; bh=VwUvnPzj4uNFHTxTvUojs1YCuvnk+Ncl7TwHQO1rLhI=; b=K13u7KDCh79Q0aS9KM6hsMzw//2642vqF3VmJuiobuZdR/4wXkAolkDnYyU1nCZ5Pt LDXCdF+FsE4zToux5MpggEujYgYIKjKuXyqhJTZMpVbSIv8o5vsBTiTV+whR/0V5j+yN N4GaPjIgjxzibhlicJs/RW0sF2vDMOj6N5Z9g= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:from:to:subject:date:x-kmail-transport:x-kmail-fcc :x-kmail-drafts:x-kmail-templates:x-kmail-link-message :x-kmail-link-type:user-agent:in-reply-to:references:mime-version :content-transfer-encoding:content-type; b=TVdqwtzBd6xZwTRlKVhgPuGF3EyLNtuX3K2CGOoiNLoROEkyMsnYFIZCBSoGaE4Ibs TzyeyI3/uwcKB+w1CTXpqtrvk/otBqUHsR1dwK1QqcE9QSOgpKHWfVANKT0IrOeVjvlK xBOLqk4luTIhMkh4uiVqD9luZUUdL9SpRV1VA= Received: by 10.223.96.195 with SMTP id i3mr5296824fan.77.1295297534906; Mon, 17 Jan 2011 12:52:14 -0800 (PST) Received: from energy.localnet (p4FC74DE2.dip0.t-ipconnect.de [79.199.77.226]) by mx.google.com with ESMTPS id n1sm1847330fam.40.2011.01.17.12.52.13 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 17 Jan 2011 12:52:14 -0800 (PST) Message-ID: <4d34abfe.815bdf0a.65ee.ffffcf70@mx.google.com> From: Volker Armin Hemmann To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Microcode update AMD Date: Mon, 17 Jan 2011 21:52:12 +0100 X-KMail-Transport: googlemail X-KMail-Fcc: 32 X-KMail-Drafts: 14 X-KMail-Templates: 35 X-KMail-Link-Message: 124954 X-KMail-Link-Type: reply User-Agent: KMail/4.6 beta3 (Linux/2.6.36.3r4; KDE/4.5.95; x86_64; ; ) In-Reply-To: References: <20110117172148.GD5748@solfire> <20110117195755.GO5748@solfire> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Archives-Salt: 3733fe4e-bf9f-459a-a4b7-7c321cd8497c X-Archives-Hash: 8726b5e42963277687266b7c57b72093 On Monday 17 January 2011 12:12:08 Mark Knecht wrote: > On Mon, Jan 17, 2011 at 11:57 AM, wrote: > > > > So...why should I try unknown code patched into my CPU. > > > > It looks like "install this virus" from the security point > > of view, doesn't ist? > > That was my point. > > I think the idea Volker is suggesting is the micro-code updates go > from AMD (who understands what the issue is with their processor) to > the BIOS manufacturer (Phoenix or whoever did yous) and get > incorporated in a secure way. They are 'known good' in the BIOS update > we receive and write into a Flash drive. It's just a choice whether > you want to use that part of BOIS or now. > > After all, _any_ BIOS update represents an opportunity for someone to > really mess you machine up. Doesn't matter if it's micro-code or > something else. > > That's my reading of this so far.... > > - Mark also the microcode you download is from amd's servers. If you don't that stuff - you can't use CPUs because they might be loaded with 'hacked' microcode from the start. Or motherboards, because the bios might be hacked. Or the linux kernel because maybe somebody incorporated code into linux. gcc and binutils that looks innocent but combined will kill your machine. On the other hand, CPU bugs can result in miscalculations. Very, very expensive miscalculations. So what is worse - an instable, incorrect CPU or paranoia?