Hello Timothy, Wednesday, January 25, 2017, 6:32:29 PM, you wrote:
TP> -----BEGIN PGP SIGNED MESSAGE----- TP> Hash: SHA1 TP> On 01/25/2017 11:26 AM, Aaron Durbin wrote: >> On Wed, Jan 25, 2017 at 11:24 AM, Timothy Pearson >> <[email protected]> wrote: >> On 01/24/2017 10:55 PM, [email protected] wrote: >>>>> I know the 63xx has a very fatal NMI exploit, but according to the >>>>> libreboot (oh no) website the 62xx works safely out of the box without >>>>> microcode however I would like to confirm if this is actually true. >>>>> >>>>> I looked at the errata .pdf from the AMD website but I didn't see >>>>> anything that seemed significant. >>>>> >>>>> >> >> As far as we have been able to determine it does, again with the caveat >> that this is without microcode _updates_, not without microcode. There >> is still the off chance that these CPUs ship with a backdoor inside the >> burnt microcode ROM that is patched out with an update. Unlike POWER >> and ARM we are solely dependent on the vendor being trustworthy enough >> to disclose issues in their errata document; outside of that, there is >> simply no feasible way to know for certain what bugs are lurking inside >> the CPU. >> >>> POWER and ARM parts can have microcode too. That's up to the >>> implementation. I'm not sure how you can distinguish the difference. >>> Because one posts an update vs others never indicating there is an >>> update? Even if parts have no microcode, there's a possibility of >>> backdoors baked into the silicon. In all situations one needs to trust >>> the vendor. TP> I am definitely aware of that; the difference is that with POWER the TP> microcode is open (though documentation is lacking), and most of the TP> mainstream ARM implementations lack microcode. ARM1 had microcode[1], are you sure the current cores don't? The TRMs do mention revision numbers after all. [1] http://www.righto.com/2016/02/reverse-engineering-arm1-processors.html -- WBR, Igor mailto:[email protected] -- coreboot mailing list: [email protected] https://www.coreboot.org/mailman/listinfo/coreboot
