-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/28/2017 02:25 PM, Igor Skochinsky wrote: > Hello Timothy, > > Wednesday, January 25, 2017, 6:32:29 PM, you wrote: > > > TP> -----BEGIN PGP SIGNED MESSAGE----- > TP> Hash: SHA1 > > TP> On 01/25/2017 11:26 AM, Aaron Durbin wrote: >>> On Wed, Jan 25, 2017 at 11:24 AM, Timothy Pearson >>> <[email protected]> wrote: >>> On 01/24/2017 10:55 PM, [email protected] wrote: >>>>>> I know the 63xx has a very fatal NMI exploit, but according to the >>>>>> libreboot (oh no) website the 62xx works safely out of the box without >>>>>> microcode however I would like to confirm if this is actually true. >>>>>> >>>>>> I looked at the errata .pdf from the AMD website but I didn't see >>>>>> anything that seemed significant. >>>>>> >>>>>> >>> >>> As far as we have been able to determine it does, again with the caveat >>> that this is without microcode _updates_, not without microcode. There >>> is still the off chance that these CPUs ship with a backdoor inside the >>> burnt microcode ROM that is patched out with an update. Unlike POWER >>> and ARM we are solely dependent on the vendor being trustworthy enough >>> to disclose issues in their errata document; outside of that, there is >>> simply no feasible way to know for certain what bugs are lurking inside >>> the CPU. >>> >>>> POWER and ARM parts can have microcode too. That's up to the >>>> implementation. I'm not sure how you can distinguish the difference. >>>> Because one posts an update vs others never indicating there is an >>>> update? Even if parts have no microcode, there's a possibility of >>>> backdoors baked into the silicon. In all situations one needs to trust >>>> the vendor. > > TP> I am definitely aware of that; the difference is that with POWER the > TP> microcode is open (though documentation is lacking), and most of the > TP> mainstream ARM implementations lack microcode. > > ARM1 had microcode[1], are you sure the current cores don't? The TRMs do > mention revision numbers after all. > > [1] http://www.righto.com/2016/02/reverse-engineering-arm1-processors.html
ARM's microcode is generally hardwired; i.e. it can't be updated. You are correct in that I was not precise enough; all modern CPUs have some kind of microcode to make implementation practical. ARM is interesting in that the vast majority of manufacturers hardwire the microcode at the gate level; this might be related to ensuring that the cores use minimal area but this is just a wild guess. NVIDIA is a notable exception with Tegra; Tegra cores have updateable microcode the same as x86 and POWER CPUs. - -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 (direct line) +1 (512) 690-0200 (switchboard) https://www.raptorengineering.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJYjQCXAAoJEK+E3vEXDOFbeG4H/ic8Fof5BlKwMGPUB/gHUuq4 03XPd8qujolOehhk3wpBJt2eyJS9zrPWo6Yj3OP/48q+basBRnmEq03HjkpjaAJX 8qWO428O9QOv0RNVzoyNOAo7hP/4G69/N9YmqJCLYwcdOCAmvKY0sPsUb6EiVqs5 Jen4H8DlqTBIgQ7V6UFHZ99YF8P1xf5OIt9Ziq8zxJUUgrNvq+Pvq4P/t+TX5kJK HlchBMr/RsGArnPj2iWI/bEh+BIxNsuLLvWreRUuwiH0y+QpPB/D14tl7KtWrTzx GjEM5pakfCvX6ys9pvTzsxnUoRz+4vnc9uGfZo+Yq/ztgUvidnmAPoVXTmPiXWQ= =Vf25 -----END PGP SIGNATURE----- -- coreboot mailing list: [email protected] https://www.coreboot.org/mailman/listinfo/coreboot
