Submitted by a_perfect_map in freeAsInFreedom (edited )
a_perfect_map OP wrote (edited )
Reply to comment by celebratedrecluse in Firmware And CPU Hardware Level Security- Blindspots In Many, Many People's Setups by a_perfect_map
Hi I've updated the original post, to expound on AMD; AMD is not safe, check out Platform Secure Processor (PSP). Links to source from Libreboot.
There is no safe x86 hardware without modification.
celebratedrecluse wrote
Ah, okay. Well, since the CPU is less abstract than the BIOS, wouldnt this risk be the same for virtually any device then? There aren't really any foss cpus, and libreboot would not resolve this. Unless i am mistaken?
a_perfect_map OP wrote (edited )
Check out RISC V as mentioned in OP.
Libreboot doesn't mean a FOSS processor but it is open BIOS, no more management engine, still a huge boost to security.
A related issue in processor hardware sec is Spectre/Meltdown and Rowhammer, which I'm thinking about making another post on if no one else has yet.
Additional info about making intel safer is best found from Joanna Rutkowska, leader of the amazing Qubes OS team and expert hardware hacker:
celebratedrecluse wrote
Well, if risc v is several years from being functional in a desktop, let alone portable device, there doesnt really seem to be anything relevant that the end user can do to address the fundamental problem.
Are any of you aware of mitigation strategies for AMD PSP?
a_perfect_map OP wrote
About RISC V you are right.
If you are made out of monies you can buy IBM POWER systems: https://www.crowdsupply.com/raptor-computing-systems/talos-secure-workstation which I kind of forgot about, OPEN POWER 8 is in fact totally free hardware.They are beastly powerful! But that price.
Look into Qubes, if you have IOMMU you might be able to mitigate some issues. Also check Libreboot for which AMD processors/systems are compatible.
Other than that this is a serious problem in computation that is kind of just starting to be addressed :(
celebratedrecluse wrote
It seems only the wealthy can buy their way out of this problem. Seems like a feature of capitalism, rather than an accident. :(
a_perfect_map OP wrote
Yeah unfortunately it seems that way. Working as designed huh. Sad. But hey, this field is taking off and that's pretty cool that more people are concerned and doing something.
celebratedrecluse wrote
Definitely, it will be a game changer when something cheap and basic hits the foss processor market
Viewing a single comment thread. View all comments