Fluxoid

Welcome to Fluxoid. Wanting to join the rest of our members? Feel free to sign up today!

Why you should run processors that are older.

Davidc

Caulk Sucker
Members
The AMD Platform Security Processor (PSP), officially known as AMD Secure Technology, is a trusted execution environment subsystem incorporated since about 2013 into AMD microprocessors.[1] According to an AMD developer's guide, the subsystem is "responsible for creating, monitoring and maintaining the security environment" and "its functions include managing the boot process, initializing various security related mechanisms, and monitoring the system for any suspicious activity or events and implementing an appropriate response."[2] Critics worry it can be used as a backdoor and is a security concern.[3][4][5] AMD has denied requests to open source the code that runs on the PSP.[1]
The PSP is similar to the Intel Management Engine for Intel processors.[1]

So, what's it doing in Intel chips? A lot. These processors are running a closed-source variation of the open-source MINIX 3. We don't know exactly what version or how it's been modified since we don't have the source code. We do know that with it there:
In addition, thanks to Minnich and his fellow researchers' work, MINIX is running on three separate x86 cores on modern chips. There, it's running:
  • TCP/IP networking stacks (4 and 6)
  • File systems
  • Drivers (disk, net, USB, mouse)
  • Web servers
MINIX also has access to your passwords. It can also reimage your computer's firmware even if it's powered off. Let me repeat that. If your computer is "off" but still plugged in, MINIX can still potentially change your computer's fundamental settings.
And, for even more fun, it "can implement self-modifying code that can persist across power cycles". So, if an exploit happens here, even if you unplug your server in one last desperate attempt to save it, the attack will still be there waiting for you when you plug it back in.

https://www.zdnet.com/article/minix-intels-hidden-in-chip-operating-system/
 

Davidc

Caulk Sucker
Members

Davidc

Caulk Sucker
Members
"Both the free-software and security communities have recently been focusing on the elements of our computers that run below the operating system. These proprietary firmware components are usually difficult or impossible to extend and it has long been suspected (and proven in several cases) that there are significant security concerns with them. The LinuxBoot Project is working to replace this complex, proprietary, and largely unknown firmware with a Linux kernel. That has the added benefit of replacing the existing drivers in the firmware with well-tested drivers from Linux.

To understand LinuxBoot and the problem it's working to solve, we first have to discuss how computers actually boot. We usually think of a running system as including the hardware, operating system (OS), and applications. However, for a number of reasons, there are several layers that run between the hardware and the OS. Most users are aware of UEFI (which replaced the older BIOS); for many systems, it prepares the system to run and loads the bootloader. These necessary functions are just the tip of the iceberg, though. Even after the computer finishes loading the OS, there are multiple embedded systems also running on the system entirely separate from the OS. Most notably, the Intel Management Engine (ME) runs a complete Minix operating system, while System Management Mode (SMM) is used to run code for certain events (e.g. laptop lid gets closed) in a way that is completely invisible to the running OS.

All of these add up to the LinuxBoot project's statement that there are "at least 2.5 kernels between the hardware and Linux,"; those kernels collectively make up the firmware. Many of these firmware components are surprisingly complex and capable, with full network stacks and extensive hardware drivers. The firmware is a major concern to the free-software community, as it leaves all computers running on a large foundation of code that is proprietary and unaudited. It is also a major risk to large tech companies and cloud providers since the firmware presents many opportunities for powerful, persistent exploits and rootkits. Besides these substantial security concerns, improvements in performance and flexibility of the early stages of boot is also a major motivation for this simplification and move to open source.

To work towards a more elegant and open solution, Google launched a project called NERF, or the Non-Extensible Reduced Firmware, which LWN covered back in November. The primary goal of NERF was to reduce the firmware attack surface by removing almost all functionality that was not necessary to start the operating system (although there are limits on the extent to which this is possible). NERF consisted of a "full stack" solution of stripped-down EFI firmware, a Linux kernel, and an initramfs with tools written in Go. Although these components all make up one bundle stored in ROM, they have since been split into separate projects: LinuxBoot is the firmware and kernel while the user-space initramfs image with Go tools for system booting is available as u-root. Due to this modularity, LinuxBoot can be used with a variety of initramfs images."

https://lwn.net/Articles/748586/
 

Davidc

Caulk Sucker
Members
"Why Are There No Huge Leaps Forward In CPU/GPU Power?"

"Most likely, there is no major competition in the market, and PC sales on the whole have slowed considerably. A modern 6800K processor is as close as you'll come to a leap forward, but it's $1100 Canadian and requires a similarly expensive motherboard + memory. Same with similar chips.

Meanwhile the cheapest system on the market is as fast as a moderately high-grade enthusiast computer from 2010 and probably has reasonable 3D graphics onboard, with a SSD drive it will feel quite snappy.

So, a) not a lot of market demand for faster systems, b) lots of tablets and game consoles for entertainment out there, c) moderately faster systems exist but cost keeps them low-volume, d) very low-percentage demand for faster computers - definitely less than 1% that will pay a premium for it, e) the majority of gamers are young-ish and they play largely twitch games even on PCs which are more GPU limited than CPU limited."

https://hardware.slashdot.org/story/17/03/03/2222205/ask-slashdot-why-are-there-no-huge-leaps-forward-in-cpugpu-power
 
Top