-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
"amdflaws.com" - What is this?
Page 8 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
PeterScott
Platinum Member
Exactly.
This isn't the kind of thing that will have any lasting impact on AMD, needed to benefit Intel. People shouldn't let Intel hate confound their reasoning.
Just look at the actual actions and outcomes, to figure out the real beneficiaries, and their motives.
This is a completely calculated move to have the biggest negative news impact possible, to create a temporary (predictable) depression in stock price for the Short sellers at CT/Viceroy to cash in on.
This is pure Stock Shorting FUD play by CT/Viceroy.
It's the kind of thing that should be illegal, but Viceroy profited in the past from this kind of thing, so they are going to keep doing it, until someone stops them.
LTC8K6
Lifer
Atari2600
Golden Member
This is not OT.
Do not post general pics
that having nothing to do
with the thread discussion.
AT Mod Usandthem
Last edited by a moderator:
piesquared
Golden Member
Even if the US has jurisdiction, there isn't a chance in hell they would bring a hammer down on anything associated with their cohorts over there in Isreal.
Mockingbird
Senior member
Viceroy Research is apparent a firm of only three people
https://www.moneyweb.co.za/in-depth/investigations/viceroy-unmasked/
https://www.moneyweb.co.za/in-depth/investigations/viceroy-unmasked/
NTMBK
Lifer
yulgrhet
Member
WHAT IF time ...
What if ... Intel's CPU design lab was moved to Israel for security lockdown purposes?
What if ... ALL Israel CPU designs included hardware backdoors?
What if ... Zen has no hardware backdoors
What if ... AMD's 2018 substantial market share gains go into ludicrous mode in 2019 with it's 7nm Zen 2 going up against Intel's 14nm 10th generation CPUs.
What if ... The U.S. and Israeli Security State are looking at a rapid erosion of backdoor accessible CPUs over the next several years.
Occam's razor suggests a profit motivation.
That said, a former Unit 8200 member being involved does raise questions about the FUD being spread.
Although very low probability, it is not zero. It's possible that Israel has exploits against non-Zen CPUs which they'd rather continue using. If that's the case however, it is poor messaging to use such an obvious hatchet job. If anything, reading between the lines would suggest AMD processors are more secure and that physical access is required to breach them. Which would make Unit 8200's work more difficult if they can't remotely pwn it.
That said, a former Unit 8200 member being involved does raise questions about the FUD being spread.
Although very low probability, it is not zero. It's possible that Israel has exploits against non-Zen CPUs which they'd rather continue using. If that's the case however, it is poor messaging to use such an obvious hatchet job. If anything, reading between the lines would suggest AMD processors are more secure and that physical access is required to breach them. Which would make Unit 8200's work more difficult if they can't remotely pwn it.
Tell that to the Brits ...
Politics and News
Is down the hall,
to the left.
AT mod Usandthem
Last edited by a moderator:
LTC8K6
Lifer
To paraphrase The Three Stooges: If I had some whipped cream, I'd have some salami and whipped cream. If I had some salami.
I wouldn't be so sure. AMD was starting to be seen as more secure then Intel, now more issues have been reported people will say AMD are just the same as Intel. The seeds of doubt have been sown. Additionally these are real bugs as far as we can see, AMD will have to fix them - just because they aren't easy to set off doesn't mean they don't matter, until they are fixed then that's a black mark against AMD cpu's. That might stall AMD sales long enough for Intel to fully patch meltdown/spectre with new HW which they will probably manage faster then AMD, then AMD are really on the back foot as Intel will have safe cpu's and AMD won't.
Lets not mix things here.
""Intel had no involvement in the CTS Labs security advisory." - Intel statement to GamersNexus"
There is no way they will touch this shortselling crap. No reason. No gain. No motivation.
Ok. If its what if time...🙂
I simply cant see the really big money behind. Where do you see it?
But viceroy have done these scams before and aparently they earned good on it. But not money like legal wallstreet gansters.
That said its difficult to look at these 3 dudes and think there is not some more to it. lol. But hey still you still need admin privileges and hardware access. I mean how deep can the impact be after 12 hrs?
dullard
Elite Member
I nearly avoided this thread due to messenger bashing instead of talking about substance. But I have a burning question. Isn't the biggest potential worry the possibility that the computers are compromised before you even get them? This has happened in the past with the NSA:
https://www.theatlantic.com/technol...tops-purchased-online-install-malware/356548/
In that case, it would be a security risk for any country/entity that isn't in full control of the entire supply chain? It isn't a someone changed the door locks and later robbed the place issue. It is an issue that the original door locks were compromised before you even had a house to lock them with.
This isn't an AMD vs. Intel thing either. Both companies have chips that can be compromised. We should be treating this as a potential threat that can affect us all regardless of which company we root for or against. Ryzen is a great chip. But it isn't perfect. No chip is. Why can't we take any possibility, even if remote, seriously? The issue isn't can a chip from Intel or AMD be compromised. The answer is yes to both. Shouldn't the real issue be "can we detect that a specific chip was compromised?"
https://www.theatlantic.com/technol...tops-purchased-online-install-malware/356548/
In that case, it would be a security risk for any country/entity that isn't in full control of the entire supply chain? It isn't a someone changed the door locks and later robbed the place issue. It is an issue that the original door locks were compromised before you even had a house to lock them with.
This isn't an AMD vs. Intel thing either. Both companies have chips that can be compromised. We should be treating this as a potential threat that can affect us all regardless of which company we root for or against. Ryzen is a great chip. But it isn't perfect. No chip is. Why can't we take any possibility, even if remote, seriously? The issue isn't can a chip from Intel or AMD be compromised. The answer is yes to both. Shouldn't the real issue be "can we detect that a specific chip was compromised?"
Last edited:
DaveSimmons
Elite Member
Yes, for both intel and AMD, if the CIA, FBI, NSA, etc. intercepts the shipment of your new laptop, they could possibly flash the BIOS with a customized version that is more or less undetectable without de-soldering the BIOS chip and placing it in a reader.
That's harder to detect than them replacing Windows system files with compromised versions, though the end results will be the same: they spy on you.
For Joe User who is not a target of a nation's security services, this "exploit" looks completely harmless to me.
"If someone breaks into your home and BIOS flashes your computer, here's one more bad thing they might be able to do . . . after they steal your TV and shoot your dog."
William Gaatjes
Lifer
I am interested in the ASMEDIA claim.
If i am not mistaken, the Intel IME can be accessed through a usb port. Making use of JTAG communication over a proprietary protocol that physically uses one of the usb ports, but it is not the usb protocol that is used. So knowledge of the proprietary protocol is needed.
https://www.theregister.co.uk/2017/11/09/chipzilla_come_closer_closer_listen_dump_ime/
If ASMEDIA has a similar system in the chipset that it provides for AMD, i wonder what is really the case.
And is this claim true ? Does ASMEDIA provide the X370/B350/A320 chipsets ?
But the strange thing is... The trustzone cpu is embedded into the apu/cpu.
And that is manufactured by AMD /GF.
https://www.anandtech.com/show/6007...cortexa5-processor-for-trustzone-capabilities
edit :link about trustzone and ryzen.
https://www.anandtech.com/show/1159...anced-security-longer-warranty-better-quality
If i am not mistaken, the Intel IME can be accessed through a usb port. Making use of JTAG communication over a proprietary protocol that physically uses one of the usb ports, but it is not the usb protocol that is used. So knowledge of the proprietary protocol is needed.
https://www.theregister.co.uk/2017/11/09/chipzilla_come_closer_closer_listen_dump_ime/
If ASMEDIA has a similar system in the chipset that it provides for AMD, i wonder what is really the case.
And is this claim true ? Does ASMEDIA provide the X370/B350/A320 chipsets ?
But the strange thing is... The trustzone cpu is embedded into the apu/cpu.
And that is manufactured by AMD /GF.
https://www.anandtech.com/show/6007...cortexa5-processor-for-trustzone-capabilities
For various reasons we’ll get to in a moment, AMD believes they need some kind of hardware security platform technology to continue to compete in the market in the future. Intel’s Trusted Execution Technology is not part of the x86 specification and is therefore not shared, so AMD would need to come up with their own technology. Designing and implementing such a technology is not only resource intensive but by its very nature it fragments the market, which is something AMD doesn’t necessarily have the clout to get away with all the time. So rather than design their own technology they’ve chosen to license an existing technology, and this brings us to ARM.
In order to implement a hardware security platform on their future APUs, AMD has chosen to enter into a strategic partnership with ARM for the purpose of gaining access to ARM’s TrustZone technology. By licensing TrustZone, AMD gains a hardware security platform that’s already in active use, which means they avoid fragmenting the market and the risks that would bring. Furthermore AMD saves on the years of work – both technical and evangelical – that they would have needed had they rolled their own solution. Or more simply put, given their new willingness to integrate 3rd party IP, licensing was the easy solution to getting a hardware security platform quickly.
But because TrustZone is an ARM technology (both in name and ISA) AMD needs an ARM CPU to execute it. So the key to all of this will be the integration of an ARM processor into an AMD APU, specifically ARM’s Cortex-A5 CPU. The Cortex-A5 is ARM’s simplest ARMv7 application processor, and while it’s primarily designed for entry-level and other lower-performance devices, as it turns out it fits AMD’s needs quite nicely since it won’t be used as a primary application processor.
ARM TrustZone Hardware Model; Normal World Would Be On x86
This also means that the ARM and x86 CPU cores will fit together in an interesting manner unlike any existing ARM or Intel x86 CPU. By integrating a low-power/low-performance ARM CPU in this manner an application will be split up over multiple CPUs, with the TrustZone secure backend executing on the Cortex-A5 while the frontend logic will be executing as normal on AMD’s x86 CPU and GPU cores. This gives AMD a dedicated security co-processor with all the benefits and drawbacks thereof, while on full ARM processors and on Intel’s x86 processors TrustZone and TXT respectively are hardware features of a single CPU.
By implementing a hardware security platform in this manner AMD not only gains a relatively quick turnaround time on the hardware, but on the software side too. AMD is specifically looking to leverage existing ARM applications for their tablet ambitions by taking advantage of the fact that existing TrustZone application cores can easily (if not directly) be ported over to AMD’s APUs. Developers would still need to put in some effort to write the necessary x86 frontends (in all likelihood written in scratch for Win8 as opposed to any kind of Android), but the hard part of implementing and validating the TrustZone functionality would simply carry over, leaving the new x86 frontend to talk to the existing ARM TrustZone application core. AMD isn’t in any position to talk about specific software yet, but we’re told that they’ve been working with select software partners even before this announcement in order to get a jump on developing applications.
As for the hardware details AMD hasn’t named any specific APUs that will be receiving the Cortex-A5, but they have told us that they intend to start with the low-power APUs in order to go after the tablet market. That means we’re almost certainly looking at the 2013 successor to the Zacate APU found at the heart of AMD’s Brazos platform. However AMD won’t be stopping there, and in 2014 and beyond AMD will continue to add it to further APUs until AMD’s entire APU lineup from mobile to desktop to server contains the Cortex-A5 and TrustZone functionality.
edit :link about trustzone and ryzen.
https://www.anandtech.com/show/1159...anced-security-longer-warranty-better-quality
Last edited:
Phynaz
Lifer
If these exploits are true, then anyone that has ever touched your recent AMD PC potentially has had the ability to install unsigned code into the TEE. That is a major hole that makes every single Zen based system untrustable by default. If the further allegations are true then physical access isn't even required (chained attacks - which is how most exploits are weaponized).
Essentially the alleged vulnerability makes the Trusted Execution Environment - untrusted.
Yes, you did pick up on the knee jerk reaction of the usual people needing to come to AMD's defense without understanding what the vulnerabilities are.
Those threats seems to be real. There have to be at least some talent and research to find them. And there is some money in big data(banks etc.) where x86 security capabilities aren't usually considered to be enough, and seems that someone tries to keep it that way. If someone has used x86 systems they might want to switch platform as there seems to be pretty big security problems with x86 server hardware.
Just a guess, but for Intel that AMD problem won't do much(as they have nothing to offer at the moment x86 wise), though they still have Itanium line.....
sandorski
No Lifer
Any Computing device being touched by someone is at risk. Especially if they have Admin privileges.
PeterScott
Platinum Member
A couple of hackers backed by Viceroy. Who knows how much money Viceroy have made from their previous Short selling FUD schemes.
Phynaz
Lifer
Define Admin privileges. My employers' Deskside technicians have administrative rights to the hardware, not the OS. That doesn't mean they have the ability to install unsigned code into the IME.
That's the key thing, the trusted environment allows the execution of untrusted code. Therefore the trusted environment cannot be trusted.
DaveSimmons
Elite Member
Maybe. So far we just have the word of the short-sellers and the researcher they paid to confirm their FUD.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
