Will SME, SEV, and hw SHA be CPU game-changers?

[superstition]

AMD x86 Zen Architecture Will Implement Game Changing Encryption Features Such as SME, SEV and HW Based SHA – Not Present In SkyLake or KabyLake

The first two are called SME and SEV, which stand for Secure memory Encryption and Secure Encrypted Virtualization. The third one is hardware based SHA (Secure Hash Algorithm). They are powered by a security co-processor. No competing Intel architecture has any known features to rival these.

http://wccftech.com/amd-zen-encryption-sme-sev-hw-based-sha/

At the time of release, Zen will primarily compete against Skylake and Kaby Lake based processors, both of which lack the aforementioned features. It is not until Cannonlake and Coffee Lake that any semblance of parity is expected to be present between the two platforms – and even then it won’t be complete. All of this magic will happen, courtesy a “Security Co-Processor” that AMD has included inside of the Zen chip.

Zen SEV – the holy grail of secure cloud computing?

With the advent of NVDIMM (non volatile memory) however, this is going to become a very big problem, very fast. Unlike inherently volatile DIMMs, non volatile memory does not lose all data and this lowers the difficulty bar for a cyber attack by several orders of magnitude.

Intel has something called Software Guard Extensions, but this particular instruction set cannot be virtualized since the silicon giant does not have any complete memory encryption standard.

Zen will also contain hardware SHA – which means it’s going to offer significant performance improvement over previous iterations of AMD architectures and even Intel offerings! As far as we know, hardware based SHA will not be present in Intel offerings till Cannonlake arrives and we have already listed the major disadvantage of SGX – it cannot be virtualized.

I guess AMD chose to put AVX-512 and such on the back burner in favor of this. A smart move?

Not even cloud providers (who have physical access to the servers) will be able to carry out any malicious actions against their clients, if they were so inclined. For all intents and purposes, the data of consumers would be well and truly safe.

So, we have government that gets upset when e-mail isn't private and controlled for it and enterprise (business and government) that gets upset when its data isn't private and controlled. As for the unwashed masses, we're told by Wired writers and others that we should never expect to have any privacy for our data. "All private citizen e-mail should be treated as public — with the expectation that anyone will be able to read it forever."

Wouldn't it be interesting if these security features were to start benefiting enthusiasts and regular people. But, if you run Tails and TOR you're labeled an "extremist" by you know who — that same you know who that got upset over where "its" e-mails were stored. Getting official confirmation that Yahoo was doing everything possible to assist the spying on its users, the same company that suggested, years back, that it was doing everything possible to oppose this — gets a collective sigh of "Yeah, so?"

Maybe it's time for data and information security to be important for all of us, not just "enterprise". The double standard for data and privacy in general doesn't impress me.

 

[ClockHound]

I guess AMD chose to put AVX-512 and such on the back burner in favor of this. A smart move?


So, we have government that gets upset when e-mail isn't private and controlled for it and enterprise (business and government) that gets upset when its data isn't private and controlled. As for the unwashed masses, we're told by Wired writers and others that we should never expect to have any privacy for our data. "All private citizen e-mail should be treated as public — with the expectation that anyone will be able to read it forever."

Wouldn't it be interesting if these security features were to start benefiting enthusiasts and regular people. But, if you run Tails and TOR you're labeled an "extremist" by you know who — that same you know who that got upset over where "its" e-mails were stored. Getting official confirmation that Yahoo was doing everything possible to assist the spying on its users, the same company that suggested, years back, that it was doing everything possible to oppose this — gets a collective sigh of "Yeah, so?"

Maybe it's time for data and information security to be important for all of us, not just "enterprise". The double standard for data and privacy in general doesn't impress me.

Agree. I enjoy double standards, probably twice as much as anyone, but perhaps the time has come for individual enthusiasts to incorporate. If a few millions of us become Unwashed Inc. perhaps we too can reap the benefits of corporate info security, lower taxes and better group buys.

 

[LTC8K6]

That's in the Wiki entry for Zen.

 

[lolfail9001]

Wait, i am reading it right, AMD literally has a built-in backdoor in CPU and put it on slide? Rofl.

 

[LTC8K6]

http://www.anandtech.com/show/9319/...leap-of-efficiency-and-architecture-updates/8

 

[LTC8K6]

http://electronicdesign.com/microprocessors/platform-security-processor-protects-low-power-apus

 

[superstition]

Wait, i am reading it right, AMD literally has a built-in backdoor in CPU and put it on slide? Rofl.

Not according to the wccftech article.

It says this mechanism offers improved security, especially for the cloud. For instance:

Not even cloud providers (who have physical access to the servers) will be able to carry out any malicious actions against their clients, if they were so inclined. For all intents and purposes, the data of consumers would be well and truly safe.

I'll buy that for a dollar.

 

[itsmydamnation]

Wait, i am reading it right, AMD literally has a built-in backdoor in CPU and put it on slide? Rofl.

intel has one too, you need it if you want to compete in the corporate environments. If you cant trust your CPU manufacture then what exactly are you doing using there products......

The one last piece of the puzzle is does AMD have the crypto co processors like early leaks said. If they do then the in memory crytpo + CCP + dedicated AES pipes in the core all add up to make a package i think anyone running almost anything public facing, PCI or ISO20001 compliant would be very interested in.

 

[thecoolnessrune]

In the Virtualization field, this is a really big deal, and has been necessary for a while (especially in an era of Multi-Tenant Virtualized Clouds).

*HOWEVER*, while I expect to see it in KVM, Xen, and possibly some other projects, I don't expect to see it in the heavy hitter (VMware) until Intel has an equivalent technology.

The vast majority of the commodity server world runs on Intel, and even when the market share was much closer, AMD proposed standards were rarely implemented over Intel's (or until Intel adopted the same standard). Apps teams are going to be working on the features that make the most sense for their client base first, and there will be another 8 years of Intel servers out there needing updates.

I have a lot of interest from a technology perspective in these new features, but if history is any indicator I have fairly strong doubts that the industry will invest in them until Intel either joins the standard or implements their own.

 

[superstition]

if history is any indicator I have fairly strong doubts that the industry will invest in them until Intel either joins the standard or implements their own.

There is AMD64, though.

intel has one too, you need it if you want to compete in the corporate environments.

You mean, if you want the government to allow you to produce your processor, right?

If you cant trust your CPU manufacture then what exactly are you doing using there products......

I trust them to have backdoors mandated by the government and its secret "courts".

 

[Rifter]

Wait, i am reading it right, AMD literally has a built-in backdoor in CPU and put it on slide? Rofl.

Intel has had wireless 3g radios in their CPU's as a built in backdoor for years, go troll elsewhere.

 

[Arachnotronic]

Intel has had wireless 3g radios in their CPU's as a built in backdoor for years, go troll elsewhere.

That...is entirely false. Do you think if Intel could integrate 3G radios into its CPUs as a "backdoor" that it would have had such a hard time bringing mobile APs with integrated modems on its own process to market?

Come on.

 

[Rifter]

That...is entirely false. Do you think if Intel could integrate 3G radios into its CPUs as a "backdoor" that it would have had such a hard time bringing mobile APs with integrated modems on its own process to market?

Come on.

http://news.softpedia.com/news/Secr...uld-Steal-Your-Ideas-at-Any-Time-385194.shtml

https://www.popularresistance.org/new-intel-based-pcs-permanently-hackable/

http://www.infowars.com/91497/

 

[Arachnotronic]

http://news.softpedia.com/news/Secr...uld-Steal-Your-Ideas-at-Any-Time-385194.shtml

https://www.popularresistance.org/new-intel-based-pcs-permanently-hackable/

http://www.infowars.com/91497/

Freelancer Jim Stone has just discovered the secret (or so he says), and according to him, the 3G is part of a second physical processor embedded within the main one. Said second CPU has its own embedded operating system and can be woken up at any time because the “phantom” power of the system is always there to draw upon.

Sadly, Jim Stone doesn't actually provide any evidence for this, so we can either take him at his word or not think about any of this, seeing as how we can't really do anything about it even if it's true. On the one hand, it might all be fake.

No sources, no proof. Just a claim from some nobody with no track record. This is likely just made up tin-foil hat conspiracy theory nonsense.

 

[Rifter]

No sources, no proof. Just a claim from some nobody with no track record. This is likely just made up tin-foil hat conspiracy theory nonsense.

maybe you will believe intel themselves

http://www.intel.com/content/www/us...ology/intel-active-management-technology.html

especially this:

"
Out-of-band system access
With built-in manageability, Intel AMT allows IT to discover assets even while platforms are powered off."

That would be really hard to pull off while the system is powered down unless they had a built in radio and OS as the article describes.

 

[lolfail9001]

intel has one too, you need it if you want to compete in the corporate environments. If you cant trust your CPU manufacture then what exactly are you doing using there products......

The one last piece of the puzzle is does AMD have the crypto co processors like early leaks said. If they do then the in memory crytpo + CCP + dedicated AES pipes in the core all add up to make a package i think anyone running almost anything public facing, PCI or ISO20001 compliant would be very interested in.

I mean, i know Intel has it as well. The point is that slide looks like an open brag about it. And that's... weird?

Intel has had wireless 3g radios in their CPU's as a built in backdoor for years, go troll elsewhere.

Weak counter-troll, that is based on top of your own conclusions without facts to top it off. And yes, i am aware of ME.

Not according to the wccftech article.

It says this mechanism offers improved security, especially for the cloud. For instance:

Listen, there are 2 things you should not ever do

1) Argue with me, you will severely damage your nerves and will most likely lose anyways.

2) Trust anything wccftech writes. They are hypemen, not techies.

 

[superstition]

Listen, there are 2 things you should not ever do

1) Argue with me, you will severely damage your nerves and will most likely lose anyways.

Good luck trying to censor me, bud.

 

[lolfail9001]

maybe you will believe intel themselves

http://www.intel.com/content/www/us...ology/intel-active-management-technology.html

especially this:

"
Out-of-band system access
With built-in manageability, Intel AMT allows IT to discover assets even while platforms are powered off."

That would be really hard to pull off while the system is powered down unless they had a built in radio and OS as the article describes.

How about reading footnotes for once?

Requires activation and a system with a corporate network connection, an Intel® AMT-enabled chipset, network hardware, and software. For notebooks, Intel AMT may be unavailable or limited over a host OS-based VPN, when connecting wirelessly, on battery power, sleeping, hibernating, or powered off. Results dependent upon hardware, setup, and configuration. For more information, visit www.intel.com/technology/vpro/index.htm.

Good luck trying to censor me, bud.

I was referencing my own stubborness first, bud.

 

[superstition]

I was referencing my own stubborness first, bud.

That's irrelevant. Facts exist, regardless of your personality. I do my best to not be distracted by antics.

 

[frowertr]

It's an interesting theory but no where can I find any information on 3G access on Intel chips from any sites other than those purporting Myan end-of-times nonsense.

Sure they have out of band management, but that requires a network connection as footnote 2 states.

Where in the heck would they even fit a 3G radio on the thing and where is its antenna? The inside of a computer case is an EMI/RFI minefield. Not much connectivity going to happen without an external antenna.

 

[superstition]

It's an interesting theory but no where can I find any information on 3G access on Intel chips from any sites other than those purporting Myan end-of-times nonsense.

Personally, I would have thought intercepting shipments of mass-market computers to graft hardware spying bits onto them was rather hard to believe until it was leaked. It seems much more efficient to just undermine hardware encryption at the chip level and such rather than send people into the field to do manual labor. But...

It seems safe to just assume that there are multiple vectors at all times for spying on us and focus more on what AMD's tech means for enterprise. I just complained because I think it's a bit sad that the wccftech author, and most people, passively accept the double standard — as if this dichotomy between secure data for "enterprise" and insecure date for the masses is automatic.

 

[lolfail9001]

Personally, I would have thought intercepting shipments of mass-market computers to graft hardware spying bits onto them was rather hard to believe until it was leaked. It seems much more efficient to just undermine hardware encryption at the chip level and such rather than send people into the field to do manual labor. But...

It seems safe to just assume that there are multiple vectors at all times for spying on us and focus more on what AMD's tech means for enterprise. I just complained because I think it's a bit sad that the wccftech author, and most people, passively accept the double standard — as if this dichotomy between secure data for "enterprise" and insecure date for the masses is automatic.

There's no actual double standard here. Masses sincerely don't care about security.

 

[superstition]

There's no actual double standard here. Masses sincerely don't care about security.

A swing and miss.

Draw a Venn diagram. You'll find that since I am not an elite or a spook and I care about security your assertion is immediately disproved.

 

[lolfail9001]

A swing and miss.

Draw a Venn diagram. You'll find that since I am not an elite or a spook and I care about security your assertion is immediately disproved.

By your thesis masses care about FOSS. Your assertion that you belong in "Masses" is disproved.

 

[superstition]

By your thesis masses care about FOSS. Your assertion that you belong in "Masses" is disproved.

Shifting goal posts, the expected tactic.