Re: [DNG] OT: most processors are insecure (was Re: Nvidia Drivers)

[Alessandro Selli]

On Wed, 16 Aug 2017 at 20:00:19 +1000
Erik Christiansen  wrote:

> On 16.08.17 11:24, Alessandro Selli wrote:
>>  Intel Active Management Technology (AMT) is hardware and firmware
>>  technology for remote out-of-band management of personal
>> computers  
>
> Didn't know about that stuff. OK, if firmware undermines iptables, then
> it'll need either a surreptitious in-band internet channel to phone
> home, or some other back-channel provided by the ISP, I figure.
> 
> If we interpose e.g. an ARM firewall, then it's harder to hide such
> stuff on a small RISC chip. A Beaglebone comes to mind.
>
>>   In fact I thing the list of Intel primary customers omits a list of
>> several government agencies...  
>
> Well, if they're a concern, then it's time to move the relevant host to
> the other side of an airgap. For my money, they're like anyone on
> unemployment benefits - contributing to consumption in a western world
> which has ample production.

  There are some good (at least as far as the first one is concerned) news:

https://hackaday.com/2018/02/03/sifive-introduces-risc-v-linux-capable-multicore-processor/

«SiFive Introduces RISC-V Linux-Capable Multicore Processor»

"Slowly but surely, RISC-V, the Open Source architecture for everything from
microcontrollers to server CPUs is making inroads in the community. Now
SiFive, the major company behind putting RISC-V chips into actual silicon, is
releasing a chip that’s even more powerful. At FOSDEM this weekend, SiFive
announced the release of a Linux-capable Single Board Computer built around
the RISC-V ISA. It’s called the HiFive Unleashed, and it’s the first piece of
silicon capable or running Linux on a RISC-V core."

https://techcrunch.com/2018/02/05/former-intel-president-launches-new-chip-company-with-backing-from-carlyle-group/

«Former Intel president launches new chip company with backing from Carlyle
Group»

"Ampere, a new chip company run by former Intel president Renee James, came
out of stealth today with a brand-new highly efficient Arm-based server chip
targeted at hyperscale data centers.

The company’s first chip is a custom core Armv8-A 64-bit server operating at
up to 3.3 GHz with 1TB of memory at a power envelope of 125 watts."


Alessandro
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] OT: most processors are insecure (was Re: Nvidia Drivers)

[Alessandro Selli]

On Thu, 17 Aug 2017 at 16:34:30 -0700
Rick Moen  wrote:

> Quoting Alessandro Selli (alessandrose...@linux.com):
> 
 "This is a NOMMU chip, implemented as Harvard architecture (separate
 Instruction and Data busses) with a 5 stage pipeline, with 16k cache
 (8k instruction, 8k data), supported by a memory controller
 interfacing with up to 256 megabytes of lpddr memory (in one low cost
 memory chip)."
 
   So, it's a 32-bit chip with no MMU, no FPU, 2-way SMP and 256 MiB
 maximum memory.  :-(
>>> 
>>> When you say 'it', you refer to the SH2-compatible chip from 2015, which
>>> was merely the -start- of the Hitachi SuperH-revival project.  
>> 
>>   No, 2-way SMP support was added in 2016.  Looks like that was the last
>> release.  
>
> But the text you quoted (above) described the 2015 SH2-compatible chip,
> exactly as I said, not the 2016 one.  Thus my point.

  Please, read it in full:

http://j-core.org/roadmap.html

It was announced at Linuxcon Tokyo in 2015, with a second release at
ELC 2016 adding 2-way SMP support.


>  You described only the _start_ of the roadmap.

  I described what is available *now*.

>  You said nothing (until
> now) about even the 2016 immediate successor.

  Again:  described what is available *now*.  I don't care what they plan to
produce in the future.  I might take that in consideration when it's going to
materialize.

>>>  Why did you ignore the rest of the roadmap?  
>> 
>>   Because it's just a roadmap.  I wrote about what is available now.  
>
> What is available now is not all that interesting.

  Which is exactly my point.  No product?  No market.


  Bye,


Alessandro
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] OT: most processors are insecure (was Re: Nvidia Drivers)

[Rick Moen]

Quoting Alessandro Selli (alessandrose...@linux.com):

> >> "This is a NOMMU chip, implemented as Harvard architecture (separate
> >> Instruction and Data busses) with a 5 stage pipeline, with 16k cache (8k
> >> instruction, 8k data), supported by a memory controller interfacing with
> >> up to 256 megabytes of lpddr memory (in one low cost memory chip)."
> >> 
> >>   So, it's a 32-bit chip with no MMU, no FPU, 2-way SMP and 256 MiB
> >> maximum memory.  :-(  
> > 
> > When you say 'it', you refer to the SH2-compatible chip from 2015, which
> > was merely the -start- of the Hitachi SuperH-revival project.
> 
>   No, 2-way SMP support was added in 2016.  Looks like that was the last
> release.

But the text you quoted (above) described the 2015 SH2-compatible chip,
exactly as I said, not the 2016 one.  Thus my point.  You described only
the _start_ of the roadmap.  You said nothing (until now) about even the
2016 immediate successor.

> >  Why did you ignore the rest of the roadmap?
> 
>   Because it's just a roadmap.  I wrote about what is available now.

What is available now is not all that interesting.  The great thing is
that doing SH3 and SH4, the next steps, is _not_ from-scratch work,
because the former Hitachi implementation is fully documented -- and now
also patent-free.  This is outside my field, so I don't really know the
extent of the work needing doing, but I gather that leveraging Hitachi's
prior art reduces the workload quite a lot.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] OT: most processors are insecure (was Re: Nvidia Drivers)

[Alessandro Selli]

On Thu, 17 Aug 2017 at 15:14:26 -0700
Rick Moen  wrote:

> Quoting Alessandro Selli (alessandrose...@linux.com):
>
>> Plus, it seems to target SoC and IoT devices rather than desktops:
>> 
>> http://j-core.org/roadmap.html  
>
> _Initially_, yes.  But not thereafter.
> 
>> "This is a NOMMU chip, implemented as Harvard architecture (separate
>> Instruction and Data busses) with a 5 stage pipeline, with 16k cache (8k
>> instruction, 8k data), supported by a memory controller interfacing with
>> up to 256 megabytes of lpddr memory (in one low cost memory chip)."
>> 
>>   So, it's a 32-bit chip with no MMU, no FPU, 2-way SMP and 256 MiB
>> maximum memory.  :-(  
> 
> When you say 'it', you refer to the SH2-compatible chip from 2015, which
> was merely the -start- of the Hitachi SuperH-revival project.

  No, 2-way SMP support was added in 2016.  Looks like that was the last
release.

>  Why did
> you ignore the rest of the roadmap?


  Because it's just a roadmap.  I wrote about what is available now.


Alessandro



___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] OT: most processors are insecure (was Re: Nvidia Drivers)

[Rick Moen]

Quoting Adam Borowski (kilob...@angband.pl):

[j-core:]

> Alas, they seem to be suspiciously quiet within the last year or so.

D. Jeff Dionne wrote on
http://lists.j-core.org/pipermail/j-core/2017-August/000645.html :

   We have not done a release in a while.  Not because we stopped,
   rather the opposite (customer deliverables).

My friend Rob Landley replied on 
http://lists.j-core.org/pipermail/j-core/2017-August/000646.html :

   We don't talk about it much here because we're keeping intentional
   distance between the projects, but it's no secret most of the engineers
   behind j-core work for https://se-instruments.com. (We're making sensor
   systems to allow renewable energy to displace fossil fuels in utility
   grids. At our last big conference the banner said "fault resolution to 3
   meters". Except in Japanese, because it was "Smart Energy Week" at
   "Tokyo Big Site".)

   For context why this is such an exciting area to be in right now, here's
   a Stanford professor named Tony Seba (no relation to us, never met him,
   he's just a business-side domain expert in this space) teaching a class
   in 2013, then giving a book talk last year, then having his book talk
   analyzed by a mutual fund in india earlier this year:

   https://www.youtube.com/watch?v=Pe1ouTfo2sY
   https://www.youtube.com/watch?v=Kxryv2XrnqM
   https://www.youtube.com/watch?v=gt_SHouAKKA#t=1m45s

   The j-core project is a separate fully open source entity, but there's
   some serious resource contention going on right now staffing-wise. Sorry
   about that.

Make of that what you will, but I tend to believe Rob.  He has a good
track record on deliverables.  (You might know Toybox, Rob & friends'
answer to BusyBox, https://en.wikipedia.org/wiki/Toybox .  Rob and Bruce
Perens used to work together on BusyBox, but had some sort of falling
out.  https://lwn.net/Articles/202120/   No offence whatsoever intended
to either of these good gentlemen.)


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] OT: most processors are insecure (was Re: Nvidia Drivers)

[Rick Moen]

Quoting Alessandro Selli (alessandrose...@linux.com):

> Plus, it seems to target SoC and IoT devices rather than desktops:
> 
> http://j-core.org/roadmap.html

_Initially_, yes.  But not thereafter.

> "This is a NOMMU chip, implemented as Harvard architecture (separate
> Instruction and Data busses) with a 5 stage pipeline, with 16k cache (8k
> instruction, 8k data), supported by a memory controller interfacing with up
> to 256 megabytes of lpddr memory (in one low cost memory chip)."
> 
>   So, it's a 32-bit chip with no MMU, no FPU, 2-way SMP and 256 MiB maximum
> memory.  :-(

When you say 'it', you refer to the SH2-compatible chip from 2015, which
was merely the -start- of the Hitachi SuperH-revival project.  Why did
you ignore the rest of the roadmap?

By the time one gets to SH4-compatible (slated for next year, in the
roadmap), one has a very respectible 32-bit RISC CPU (with, of course,
MMU, FPU, etc.), and the next unit after that would (if this pans out)
be the first 64-bit ones.

  J64: 2019-ish, new 64-bit mode

  Instead of shmedia's Itanium-like approach, we plan a more x86-64
  approach for j4, with 32 bit compatibility mode running stock sh4 code
  (at least in userspace), and a mode bit that switches to 64 bit register
  size and reinterprets a small subset of the existing instructions and
  leaves the rest alone.

That is no longer a little bitty embedded SoC.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] OT: most processors are insecure (was Re: Nvidia Drivers)

[Alessandro Selli]

On Wed, 16 Aug 2017 at 23:11:32 +0200
Adam Borowski  wrote:

> On Wed, Aug 16, 2017 at 01:26:15PM -0700, Rick Moen wrote:
> > I'm watching the J-Core project, which has resurrected the Hitachi
> > SuperH SH3/SH4 architecture as the patents expire, and should have a
> > fully fleshed 64-bit RISC system out in a couple of years.  At that
> > point, you'll have reasonably modern, general-purpose computing with no
> > blackbox hardware/firmware/software subsystems whatsoever.
> > http://j-core.org/  
> 
> Alas, they seem to be suspiciously quiet within the last year or so.

   Plus, it seems to target SoC and IoT devices rather than desktops:

http://j-core.org/roadmap.html

"This is a NOMMU chip, implemented as Harvard architecture (separate
Instruction and Data busses) with a 5 stage pipeline, with 16k cache (8k
instruction, 8k data), supported by a memory controller interfacing with up
to 256 megabytes of lpddr memory (in one low cost memory chip)."

  So, it's a 32-bit chip with no MMU, no FPU, 2-way SMP and 256 MiB maximum
memory.  :-(


  Alessandro
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] OT: most processors are insecure (was Re: Nvidia Drivers)

[Adam Borowski]

On Wed, Aug 16, 2017 at 01:26:15PM -0700, Rick Moen wrote:
> I'm watching the J-Core project, which has resurrected the Hitachi
> SuperH SH3/SH4 architecture as the patents expire, and should have a
> fully fleshed 64-bit RISC system out in a couple of years.  At that
> point, you'll have reasonably modern, general-purpose computing with no
> blackbox hardware/firmware/software subsystems whatsoever.
> http://j-core.org/

Alas, they seem to be suspiciously quiet within the last year or so.

I wish them well, I even have a sh4 qemu-user chroot I sometimes test stuff
in, but I quite don't see any visible progress.


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢰⠒⠀⣿⡁ James Damore is a hero.  Even mild criticism of bigots these days
⢿⡄⠘⠷⠚⠋⠀ comes at great personal risk.
⠈⠳⣄ 
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] OT: most processors are insecure (was Re: Nvidia Drivers)

[Rick Moen]

Quoting Haines Brown (hai...@histomat.net):

> It would be naive to think that CPU producers don't build in a
> backdoor. This is why I take an interest in Chinese CPUs. At this point
> they are only RISC processors, but before long they should produce a
> product competitive with Intel. I suppose it will also have a back door,
> door, but China seems less threatening than the U.S.

I'm watching the J-Core project, which has resurrected the Hitachi
SuperH SH3/SH4 architecture as the patents expire, and should have a
fully fleshed 64-bit RISC system out in a couple of years.  At that
point, you'll have reasonably modern, general-purpose computing with no
blackbox hardware/firmware/software subsystems whatsoever.
http://j-core.org/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] OT: most processors are insecure (was Re: Nvidia Drivers)

[Alessandro Selli]

On Tue, 15 Aug 2017 at 13:48:37 -0400
Haines Brown  wrote:

> It would be naive to think that CPU producers don't build in a
> backdoor. This is why I take an interest in Chinese CPUs.

  There are also processors produced from Russian firms:

https://en.wikipedia.org/wiki/List_of_Russian_microprocessors

> At this point they are only RISC processors,

  Looks like all Russian CPUs are SPARC or MIPS-based.  I think they're
avoiding Intel-like stuff on purpose, they probably want to avoid any
copyright infringment claim and also having to get a licence to be able to
produce their own processors.

> but before long they should produce a product competitive with Intel.

  Two years ago I read Russian CPUs are about as powerful and efficient as
five-years old Intel CPUs.  I don't know how Chinese CPUs compare, but keep
in mind the world's most powerful computer, the Chinese Sunway TaihuLight, is
running on native CPUs, the SW26010:

https://en.wikipedia.org/wiki/Sunway_TaihuLight
https://en.wikipedia.org/wiki/SW26010

  The same supercomputer is rated #4 worldwide as far as power-efficiency is
concerned.

> I suppose it will also have a back door, door, but China seems less
> threatening than the U.S.

  To non-Chinese it is, sure!  ;-)


Alessandro
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] OT: most processors are insecure (was Re: Nvidia Drivers)

[Alessandro Selli]

On Wed, 16 Aug 2017 at 07:59:34 +0200
Narcis Garcia  wrote:

> El 15/08/17 a les 21:33, Simon Hobson ha escrit:
>> Narcis Garcia  wrote:
>>   
>>> As Far As I Know, CPU makes what software asks to do.
>>> If software doesn't call some CPU functions, those functions will not
>>> work.  
>> 
>> Well, maybe, but these days you can't take that on trust. Your OS no
>> longer runs native on the processor - there's EFI as a shim between your
>> code and the processor, hence no guarantees that *ONLY* your code is
>> running. As a side effect, the EFI can permit or deny access to processor
>> functions as well - eg by disabling the virtualisation support features
>> for "entry level" machines. So these days, you can't assume that there
>> isn't any form of backdoor - with hidden code in the EFI, using hidden
>> functions in the CPU, and making backdoor use of the onboard NIC to call
>> out to someone. OK, that's perhaps into "tinfoil hat" territory - but the
>> point is that we can no longer completely trust the hardware we
>> supposedly buy (sometimes feels like rental !)
> 
> Isn't EFI a software installed by person who formats disk?

  No, it's the "new" (designed in the second half of the '90s and succeded by
UEFI in 2005) motherboard firmware that replaced the kegacy BIOS:
https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface

  If you also take in consideration the several proprietrary, closed-source
firmwares that routinely run inside "your" box (disk controller, HD/SSD,
network controller, WiFi controller and so forth), turns out it's pretty
difficult knowing what "your" CPU is actually running and what it's not
running.  And this does not even take into consideration such aberrations
like IME (Intel Management Engine) and friends:
https://en.wikipedia.org/wiki/Intel_Active_Management_Technology

Intel Active Management Technology (AMT) is hardware and firmware
technology for remote out-of-band management of personal computers

  In fact I thing the list of Intel primary customers omits a list of
several government agencies...


Alessandro
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] OT: most processors are insecure (was Re: Nvidia Drivers)

[Narcis Garcia]

El 15/08/17 a les 21:33, Simon Hobson ha escrit:
> Narcis Garcia  wrote:
> 
>> As Far As I Know, CPU makes what software asks to do.
>> If software doesn't call some CPU functions, those functions will not work.
> 
> Well, maybe, but these days you can't take that on trust. Your OS no longer 
> runs native on the processor - there's EFI as a shim between your code and 
> the processor, hence no guarantees that *ONLY* your code is running. As a 
> side effect, the EFI can permit or deny access to processor functions as well 
> - eg by disabling the virtualisation support features for "entry level" 
> machines.
> So these days, you can't assume that there isn't any form of backdoor - with 
> hidden code in the EFI, using hidden functions in the CPU, and making 
> backdoor use of the onboard NIC to call out to someone. OK, that's perhaps 
> into "tinfoil hat" territory - but the point is that we can no longer 
> completely trust the hardware we supposedly buy (sometimes feels like rental 
> !)
> 

Isn't EFI a software installed by person who formats disk?
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] OT: most processors are insecure (was Re: Nvidia Drivers)

[Arnt Karlsen]

On Tue, 15 Aug 2017 13:48:37 -0400, Haines wrote in message 
<20170815174837.gf32...@engels.historicalmaterialism.info>:

> It would be naive to think that CPU producers don't build in a
> backdoor. This is why I take an interest in Chinese CPUs. At this
> point they are only RISC processors, but before long they should
> produce a product competitive with Intel. I suppose it will also have
> a back door, door, but China seems less threatening than the U.S.

..looks like Norway forcing me to hang on to old junk, gave me an
upside, even if it was an expensive upside.

-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] OT: most processors are insecure (was Re: Nvidia Drivers)

[Arnt Karlsen]

On Tue, 15 Aug 2017 16:29:50 +0200, Alessandro wrote in message 
<33ad4565-eb5d-f434-cb8d-0bbd8a8a3...@linux.com>:

> On 15/08/2017 at 05:13, taii...@gmx.com wrote:
> > FYI Many big companies get intel to include classified instruction
> > sets to give them some kind of competitive edge.
> >
> > I can't find the link but it was in a bloomberg article about xeon
> > CPU's. 
> 
>   Maybe it's this piece:
> 
> https://www.bloomberg.com/news/articles/2016-06-09/how-intel-makes-a-chip
> 
> Another way to make a chip faster is to add special circuits that only
> do one thing, but do it extremely quickly. Roughly 25 percent of the
> E5’s circuits are specialized for, among other tasks, compressing
> video and encrypting data. There are other special circuits on the
> E5, but Intel can’t talk about those because they’re created for its
> largest customers, the so-called Super 7: Google
> ,
> Amazon, Facebook, Microsoft, Baidu, Alibaba, and Tencent. Those
> companies buy—and often assemble for themselves—Xeon-powered servers
> by the hundreds of thousands. If you buy an off-the-shelf Xeon server
> from Dell or HP, the Xeon inside will contain technology that’s
> off-limits to you. “We’ll integrate [a cloud customer’s] unique
> feature into the product, as long as it doesn’t make the die so much
> bigger that it becomes a cost burden for everyone else,” says Bryant.
> “When we ship it to Customer A, he’ll see it. Customer B has no idea
> that feature is there.”
> 

..does "FSB" qualify as a "3-letter agency" in this context and at this
time? ;o)

..the "OT: most processors are insecure" is clearly worth a mention at
the Chemnitzer Linux-Tage.

..and somebody at the Chemnitzer Linux-Tage might know when and how etc
the systemd deveopers learned what we learned in that thread here.


-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] OT: most processors are insecure (was Re: Nvidia Drivers)

[Simon Hobson]

Narcis Garcia  wrote:

> As Far As I Know, CPU makes what software asks to do.
> If software doesn't call some CPU functions, those functions will not work.

Well, maybe, but these days you can't take that on trust. Your OS no longer 
runs native on the processor - there's EFI as a shim between your code and the 
processor, hence no guarantees that *ONLY* your code is running. As a side 
effect, the EFI can permit or deny access to processor functions as well - eg 
by disabling the virtualisation support features for "entry level" machines.
So these days, you can't assume that there isn't any form of backdoor - with 
hidden code in the EFI, using hidden functions in the CPU, and making backdoor 
use of the onboard NIC to call out to someone. OK, that's perhaps into "tinfoil 
hat" territory - but the point is that we can no longer completely trust the 
hardware we supposedly buy (sometimes feels like rental !)

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] OT: most processors are insecure (was Re: Nvidia Drivers)

[Don Wright]

Narcis Garcia wrote:

>El 15/08/17 a les 17:04, Hendrik Boom ha escrit:
>> What implications does this have for security?  Allow me to shudder.


>As Far As I Know, CPU makes what software asks to do.
>If software doesn't call some CPU functions, those functions will not work.


The counter-argument is that hidden instructions may hide additional bugs
because they are not being used as much as published instructions. Even
without flaws, "private" instructions may do dangerous things such as
bypassing inconvenient security restrictions. And just like cheat codes in
games, the existence of such hidden functions is likely to leak to those
interested in exploiting them. [Everyone chant the Konami Code.]

Even if they stay in the "proper hands", how many flawless programs do you
know of from the big vendors listed in the Bloomberg quote? If these
instructions aren't being used, as Narcis Garcia suggests, why did the
vendor ask for the instruction in the first place? 

And finally, when a program does something "impossible" that costs you
money, which of the dozens of vendors of code running simultaneously accepts
the blame?  --Don

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] OT: most processors are insecure (was Re: Nvidia Drivers)

[Narcis Garcia]

El 15/08/17 a les 17:04, Hendrik Boom ha escrit:
> On Tue, Aug 15, 2017 at 04:29:50PM +0200, Alessandro Selli wrote:
>> On 15/08/2017 at 05:13, taii...@gmx.com wrote:
>>> FYI Many big companies get intel to include classified instruction
>>> sets to give them some kind of competitive edge.
>>>
>>> I can't find the link but it was in a bloomberg article about xeon CPU's. 
>>
>>   Maybe it's this piece:
>>
>> https://www.bloomberg.com/news/articles/2016-06-09/how-intel-makes-a-chip
> 
> It lets me read the first paragraph.  Then it spnds minutes changing the 
> layout and adding new articles to the page, rearranging the ads, placing 
> the "Inside Intel's Chip Factory" video in different places on the page, 
> and moving it multiple times, and finally tells me the rest of the 
> article is available to subscribers only.
> 
> After that kind of onscreen runaround, I wouldn't subscribe even if I 
> originally had wanteed to.
> 
>> Customer B has no idea that feature is there.”
> 
> What implications does this have for security?  Allow me to shudder.
> 
> -- hendrik
As Far As I Know, CPU makes what software asks to do.
If software doesn't call some CPU functions, those functions will not work.
It's like a 1990 software compiled for i386, running now on x86-64 CPU:
The software will not use MMX registers, RIP, SSE instructions, etc.
because them are unknown for the software and developer in 1990.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] OT: most processors are insecure (was Re: Nvidia Drivers)

[Haines Brown]

It would be naive to think that CPU producers don't build in a
backdoor. This is why I take an interest in Chinese CPUs. At this point
they are only RISC processors, but before long they should produce a
product competitive with Intel. I suppose it will also have a back door,
door, but China seems less threatening than the U.S.

Haines 
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] OT: most processors are insecure (was Re: Nvidia Drivers)

[Hendrik Boom]

On Tue, Aug 15, 2017 at 04:29:50PM +0200, Alessandro Selli wrote:
> On 15/08/2017 at 05:13, taii...@gmx.com wrote:
> > FYI Many big companies get intel to include classified instruction
> > sets to give them some kind of competitive edge.
> >
> > I can't find the link but it was in a bloomberg article about xeon CPU's. 
> 
>   Maybe it's this piece:
> 
> https://www.bloomberg.com/news/articles/2016-06-09/how-intel-makes-a-chip

It lets me read the first paragraph.  Then it spnds minutes changing the 
layout and adding new articles to the page, rearranging the ads, placing 
the "Inside Intel's Chip Factory" video in different places on the page, 
and moving it multiple times, and finally tells me the rest of the 
article is available to subscribers only.

After that kind of onscreen runaround, I wouldn't subscribe even if I 
originally had wanteed to.

> Customer B has no idea that feature is there.”

What implications does this have for security?  Allow me to shudder.

-- hendrik
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] OT: most processors are insecure (was Re: Nvidia Drivers)

[Alessandro Selli]

On 15/08/2017 at 05:13, taii...@gmx.com wrote:
> FYI Many big companies get intel to include classified instruction
> sets to give them some kind of competitive edge.
>
> I can't find the link but it was in a bloomberg article about xeon CPU's. 

  Maybe it's this piece:

https://www.bloomberg.com/news/articles/2016-06-09/how-intel-makes-a-chip

Another way to make a chip faster is to add special circuits that only
do one thing, but do it extremely quickly. Roughly 25 percent of the
E5’s circuits are specialized for, among other tasks, compressing video
and encrypting data. There are other special circuits on the E5, but
Intel can’t talk about those because they’re created for its largest
customers, the so-called Super 7: Google
,
Amazon, Facebook, Microsoft, Baidu, Alibaba, and Tencent. Those
companies buy—and often assemble for themselves—Xeon-powered servers by
the hundreds of thousands. If you buy an off-the-shelf Xeon server from
Dell or HP, the Xeon inside will contain technology that’s off-limits to
you. “We’ll integrate [a cloud customer’s] unique feature into the
product, as long as it doesn’t make the die so much bigger that it
becomes a cost burden for everyone else,” says Bryant. “When we ship it
to Customer A, he’ll see it. Customer B has no idea that feature is there.”

-- 
Alessandro Selli 
Tel. 3701355486
VOIP SIP: dhatarat...@ekiga.net
Chiave PGP/GPG key: B7FD89FD

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] OT: most processors are insecure (was Re: Nvidia Drivers)

[taii...@gmx.com]

FYI Many big companies get intel to include classified instruction sets 
to give them some kind of competitive edge.


I can't find the link but it was in a bloomberg article about xeon CPU's.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng