I know about ME and don’t know if there’s anything like that in ME.
Should I be concerned and how much can I trust my own system?
1 Like
In the 21st century, it is reasonable to consider absolutely everything as potentially having a backdoor and/or RCE vulnerabilities. But at the moment there is no information about the presence of a backdoor in AMD/Intel processors. Given their widespread distribution, I would estimate the probability of having a backdoor in your processor as approximately the same as the probability of having a backdoor in TLS, AES, Tor. It is not zero, but close to it. For normal existence, you need to have at least something as a TPM. In this case, your device should be considered as such.
And to reduce risks, you should not forget to update AMD microcode. Whatever the authors of Linux-libre write, but updating closed proprietary CPU microcode is a lower risk than leaving the old vulnerable version.
You can only fully trust the processor and software that you wrote yourself, and the processor from a piece of silicon you personally received. Unfortunately, at this stage of technology, this is impossible
1 Like
It depends on your threat model.
One should not trust TPMs. They are full of design flaws.
1 Like
In this case, TPM is not the chip on the motherboard or wherever it is, but the user’s PC itself.
Simply put, since everything is done on the device, you need to trust the device. I don’t know of any OS that could provide security in conditions where the hardware itself is compromised and contains bugs and backdoors.
it is a completely opaque construction. We absolutely no way to examine what’s inside.
© Joanna Rutkowska, security researcher and founder of Qubes OS
1 Like
Generally, I concur.
This is what I partially disagree with.
This statement is more accurate.
That everyone is forced to use the device, does not mean one should trust it.
Hypothetical question: if a computer existed that did not have these known provable flaws in its hardware, you would purchase it, would you not?
I don’t think it’s sensible to advocate for trusting computing devices that are provably insecure, simply because it’s the only option available to the general public right now.
It encourages status quo, and diminishes any desire and effort to change the status quo.
But I am pragmatic about the situation too (as I’m sure you are). The situation cannot be resolved right now, either.
Despite this I think it’s better to point out the flaws in the current hardware, without advocating anyone should trust provably insecure hardware, simply because no one has a solution right now.
You never know - one day there might be a solution to this mess. In which case, no one should have trusted any of the current era of hardware, for the sole reason it was the only option available at that time.
2 Likes
You are certainly right. The hardware situation (especially CPU/GPU) is terrible in the modern world. But unfortunately, I do not see any progress in this situation, I recently read that TSMC purchased expensive equipment for the production of chips using 2nm technology. As Rutkowska correctly wrote, even if some manufacturer starts producing libre processors, due to the peculiarities of the architecture of any processor, we cannot trust it until we conduct a full audit of the hardware, all these millions or billions of transistors under a microscope. At the moment, there is no technology that would allow such an audit without destroying the CPU. Purely hypothetically, even if the audit is conducted and shows that everything is fine, where is the guarantee that the next day they will not change the architecture a little and add a backdoor? With software, this is solved because you can use the old version that has passed the audit, but with the processor, such a trick will not work. And unfortunately, Rutkowska wrote all this in 2009. The situation has not improved since then (or I haven’t heard about it). The Invisible Things Lab's blog: Trusting Hardware
2 Likes
Nor do I. The problem is not well known enough, such that consumers demand for better.
We can still advocate for better though.
If I had to put a timeline on it - I’d say it might be possible in one to two decades (possibly).
CPU/GPUs are becoming more and more comoditized.
Custom silicon is now being designed and made by several of the biggest tech companies.
Its possible (but not assured) that even smaller tech companies will be able to order custom silicon in the next few decades.
Until then, I continue to advocate.
2 Likes
I know that Corna or Corma (one of those is right) can leave ME powerless. I don’t know of anything like that for AMD. I heard on the Internet AMD has PSP. Is this just as bad? Should I assume it’s compromised?
My thread model is very low.
1 Like
What you are referring to is the me_cleaner GitHub repository from @corna:
- corna/me_cleaner - GotHub (on my GotHub instance)
You have not clearly defined your threat model.
if my threat model weren’t low, would i announce it in a forum?
but really, it’s low
1 Like
AMD uses PSP (Platform Security Processor); it’s AMD’s equivalent of Intel ME.
1 Like
How much of a threat vector is PSP? Is it something that a sophisticated attacker could access?
If someone has a high threat model, are they being stupid to use a computer with PSP built in?
Also, does anyone know is PSP goes through the onboard router or does it enable access through any internet access point, even ethernet or attached USB wifi?
1 Like
It depends on your threat model.