On Wed, Jan 25, 2017 at 11:26:53AM -0600, Aaron Durbin via coreboot wrote: > On Wed, Jan 25, 2017 at 11:24 AM, Timothy Pearson > <[email protected]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > On 01/24/2017 10:55 PM, [email protected] wrote: > >> I know the 63xx has a very fatal NMI exploit, but according to the > >> libreboot (oh no) website the 62xx works safely out of the box without > >> microcode however I would like to confirm if this is actually true. > >> > >> I looked at the errata .pdf from the AMD website but I didn't see > >> anything that seemed significant. > >> > >> > > > > As far as we have been able to determine it does, again with the caveat > > that this is without microcode _updates_, not without microcode. There > > is still the off chance that these CPUs ship with a backdoor inside the > > burnt microcode ROM that is patched out with an update. Unlike POWER > > and ARM we are solely dependent on the vendor being trustworthy enough > > to disclose issues in their errata document; outside of that, there is > > simply no feasible way to know for certain what bugs are lurking inside > > the CPU. > > POWER and ARM parts can have microcode too. That's up to the > implementation. I'm not sure how you can distinguish the difference. > Because one posts an update vs others never indicating there is an > update? Even if parts have no microcode, there's a possibility of > backdoors baked into the silicon. In all situations one needs to trust > the vendor.
I guess that "Reflections on Trusting Trust" by Ken Thompson (https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf) is still (and will always be) relevant? Bob -- BOFH excuse #62: need to wrap system in aluminum foil to fix problem -- coreboot mailing list: [email protected] https://www.coreboot.org/mailman/listinfo/coreboot
