Viewing a single comment thread. View all comments

celebratedrecluse wrote

Ah, okay. Well, since the CPU is less abstract than the BIOS, wouldnt this risk be the same for virtually any device then? There aren't really any foss cpus, and libreboot would not resolve this. Unless i am mistaken?

1

a_perfect_map OP wrote (edited )

Check out RISC V as mentioned in OP.

Libreboot doesn't mean a FOSS processor but it is open BIOS, no more management engine, still a huge boost to security.

A related issue in processor hardware sec is Spectre/Meltdown and Rowhammer, which I'm thinking about making another post on if no one else has yet.

Additional info about making intel safer is best found from Joanna Rutkowska, leader of the amazing Qubes OS team and expert hardware hacker:

https://www.youtube.com/watch?v=S0TVw7U3MkE

2

celebratedrecluse wrote

Well, if risc v is several years from being functional in a desktop, let alone portable device, there doesnt really seem to be anything relevant that the end user can do to address the fundamental problem.

Are any of you aware of mitigation strategies for AMD PSP?

1

a_perfect_map OP wrote

About RISC V you are right.

If you are made out of monies you can buy IBM POWER systems: https://www.crowdsupply.com/raptor-computing-systems/talos-secure-workstation which I kind of forgot about, OPEN POWER 8 is in fact totally free hardware.They are beastly powerful! But that price.

Look into Qubes, if you have IOMMU you might be able to mitigate some issues. Also check Libreboot for which AMD processors/systems are compatible.

Other than that this is a serious problem in computation that is kind of just starting to be addressed :(

2

celebratedrecluse wrote

It seems only the wealthy can buy their way out of this problem. Seems like a feature of capitalism, rather than an accident. :(

1

a_perfect_map OP wrote

Yeah unfortunately it seems that way. Working as designed huh. Sad. But hey, this field is taking off and that's pretty cool that more people are concerned and doing something.

1

celebratedrecluse wrote

Definitely, it will be a game changer when something cheap and basic hits the foss processor market

1